Codebench's OMNICheck software approved by TSA

Software deployed on six different handheld readers

COCONUT CREEK, Fla. — (Sept. 20, 2010) Codebench, Inc., the leading provider of TWIC / HSPD-12 / FIPS-201 authentication software, announced today that its OMNICheck software, deployed on six different mobile biometric terminals, successfully completed testing by the Transportation Security Administration for use in the Transportation Worker Identification Credential program.

OMNICheck was successfully tested on:

- Cross Match Be.U Mobile
- Datastrip DSV2+Turbo
- Datastrip DSV3
- MaxID iDL500
- MorphoTrak MorphoCheck

"Having our software meet the ICE testing standards on six different mobile terminals is yet another example of Codebench software’s versatility by being easy to use, extremely flexible, and forward thinking," said Geri B. Castaldo, Codebench’s CEO. "For organizations concerned with changes that may be made to the TWIC program in the future, Codebench has always provided ongoing software support plans that guarantee that our software will comply with evolving TWIC standards. These plans have been available for the past several years, enabling our customers' deployments to keep pace with the TWIC program."

OMNICheck is a mobile validation software application that verifies PIV, TWIC, FRAC, and CAC credentials over the reader's contact or contactless interface. When configured in one of the four TWIC authentication modes, it functions as a TSA ICE-listed mobile TWIC reader. When operating in "Non-TWIC" mode, OMNICheck determines the card type and applies the strictest possible validation rules for that card type's data model and the interface mode (contact or contactless). For instance, if a legacy CAC is presented on the contact interface, the cardholder is prompted for a PIN which unlocks more data elements than if the same card were presented to the reader's contactless interface.

OMNICheck is designed to be hands-free and works with all types of FIPS 201 cards. The card's authenticity is verified by issuing a cryptographic challenge to the card. The CHUID signature and biometric signatures are verified, and the revocation status of the X.509 Certificate for PIV (or Card) Authentication and the CHUID signing certificates are checked using a flexible combination of Microsoft's Cryptographic API, OCSP, or SCVP. For TWICs, PIVCheck can be configured to verify that the cardholder's FASC-N is not on the current TSA hotlist. The hotlist can be imported, or can be accessed directly if the mobile reader has Internet connectivity.