ukba iafs next generation handheld biometric identifiction

UKBA IAFS NEXT GENERATION HANDHELD BIOMETRIC IDENTIFICTION STATEMENT OF REQUIREMENTS Version 1.21 (Redacted copy, for publication, 13 June 2012)

V2.0

IAFS Next Generation Handheld This version Biometric Identification Not Protectively Marked Statement of Requirements v1.21

Page 2 of 35

Document Information and Summary

Name

Business Title

Author(s) [Names redacted in this table]

BD3 Lead Biometrics Architect

Project Manager BD3 Project Manager

Document History

Version Date Version Author Reason for Change

0.1 21/02/2008 [Names redacted in this table]

Initial draft – non device specific version of the requirements for phase 2 of the RapID development

0.2 25/03/2008 Second draft, takes account of Sagem comment on the first draft, and includes requirements to enable the unit to search on systems other than IAFS, to future proof the units

0.3 06/02/2009 Major revision to reflect new business position and scope change following project approval for QuickCheck replacement

0.4 23/02/2009 Incorporating comments on version 0.3 from [Names redacted]

0.5 10/03/09 Incorporating initial comments from HOIT and [Name redacted]

0.6 23/04/09 Changes to reflect recent discussions and technical investigations by Sagem and comments on version 0.5

0.7 15/06/09 Final draft version, incorporating Sagem comments on version 0.6 and to reflect minor changes resulting from Technical Meeting on 2nd June

1.0 19/06/09 Final version for sign off

1.1 29/06/09 Final signed off version of SoR

1.2 09/11/09 Clarification of impact level. Minor updates to take account of revised commercial position on ordering of units. Inclusion of one extra optional requirement (NGH101).

1.21 10/11/09 Further update to clarify hardware provision

Related Documents

Document Name Version Date

“UKBA Mobile Access to Operational Systems”, authored by [Name redacted]

0.3 02/12/2008

NBIS (NIAS) Detailed Requirements schedule 2, part 2 10.0 16/01/2009

Distribution List

Name Business Title / Role

[Names redacted in this table]

UKBA BD3 Project Manager

UKBA Regional Director – Senior Business User

UKBA BD3 Deputy Director – Identity Management

UKBA BD3 Deputy Director – Head of IST S&A

UKBA Deputy Director – Special Projects Team

UKBA Head of Immigration Fingerprint Bureau (IFB)

UKBA Deputy Head of IFB


Page 3 of 35

UKBA BD3 IT Business Partner

UKBA BD3 Lead Biometrics Architect

UKBA BD3 Lead Biometrics Architect

UKBA BD3 Lead Systems Architect

UKBA BD3 Lead Project Manager

UKBA Home Office IT Infrastructure Architect

UKBA Home Office IT IAFS Support Manager

UKBA Home Office IT IAFS Support

UKBA Home Office IT IAFS Security Officer

UKBA Commercial Directorate

SAGEM

SAGEM

NIAS IPS Infrastructure Lead – for information)


Page 4 of 35

Table of Contents 1 Introduction and Management Summary ............................................................................... 6

1.1 Introduction ..................................................................................................................... 6 1.2 Scope of this Document ................................................................................................. 6

1.2.1 In scope of this document ....................................................................................... 6 1.2.2 Out of scope of this document ................................................................................. 7

1.3 Background .................................................................................................................... 7 1.3.1 Background to IAFS ................................................................................................ 7 1.3.2 Background to the Next Generation Handheld Biometric Identification Project ...... 8

1.4 Business Users ............................................................................................................... 9 1.4.1 IAFS users ............................................................................................................... 9 1.4.2 IAFS Next Generation Handheld Biometric Identification users .............................. 9

1.5 Project Timescales ......................................................................................................... 9 2 Design and Development Approach to Support Re-Use ..................................................... 11

2.1 Common Software Development .................................................................................. 11 2.1.1 Requirements for development that is non device specific ................................... 11

2.2 Re-use of RapID Pilot Developments ........................................................................... 11 2.3 Potential Re-use of UKBA Devices in NIAS ................................................................. 12

3 Phase 1 Functional Requirements ....................................................................................... 13 3.1 Data Protection ............................................................................................................. 13

3.1.1 Data protection – data at rest ................................................................................ 13 3.1.2 Data protection – data in transit ............................................................................ 13

3.2 Access / Security .......................................................................................................... 14 3.2.1 Device connections lock down .............................................................................. 14

3.3 Mobile Communications ............................................................................................... 14 3.3.1 Division of responsibility between Sagem and HOIT (IAFS Support) ................... 15

3.4 Recording Functionality ................................................................................................ 16 3.5 Search Functionality ..................................................................................................... 17

3.5.1 Remote 1:many unverified search against IAFS ................................................... 17 3.5.2 Search results from IAFS following a 1:many remote search ............................... 17

3.6 Record Management .................................................................................................... 18 3.7 Audit Functionality ........................................................................................................ 19 3.8 General Device Requirements ..................................................................................... 19

4 Phase 1 Non Functional Requirements ............................................................................... 21 4.1 Software and Hardware and to be Provided ................................................................. 21 4.2 Performance and Volumetrics ...................................................................................... 21 4.3 Availability ..................................................................................................................... 22 4.4 Project Management .................................................................................................... 22

4.4.1 Project implementation .......................................................................................... 22 4.5 Design and Test ........................................................................................................... 23

4.5.1 Technical design walk-through .............................................................................. 23 4.5.2 FAT testing ............................................................................................................ 24 4.5.3 User assurance testing .......................................................................................... 24

4.6 IAFS Test System ......................................................................................................... 24 4.7 Disaster Recovery System ........................................................................................... 24 4.8 Support ......................................................................................................................... 25

4.8.1 Installation ............................................................................................................. 25 4.8.2 Maintenance and User Support ............................................................................. 25

4.9 Training ......................................................................................................................... 25 4.10 Documentation ............................................................................................................. 25 4.11 Security / Information Assurance .................................................................................. 26

5 Phase 2 Functional Requirements ....................................................................................... 27 5.1.1 User profiles .......................................................................................................... 27

6 Phase 2 Non Functional Requirements ............................................................................... 28


Page 5 of 35

7 Future Requirements ........................................................................................................... 29 7.1 Search requests containing fingerprint images ............................................................ 29 7.2 Additional NIAS compatibility requirements .................................................................. 29

8 Supplier Response - Pricing ................................................................................................ 31 Appendix A – Abbreviations and Definitions ............................................................................... 32 Appendix B – NBIS (NIAS) Standards/Formats for Finger Images ............................................. 34 Appendix C – Scope of Hardware Order .................................................................................... 35


Page 6 of 35

1 Introduction and Management Summary

1.1 Introduction This document presents the requirements for the development of next generation handheld biometric identification capabilities to replace the current IAFS handheld fingerprint device known as the QuickCheck unit. The driver for this project is to build on the knowledge gained and lessons learned from the original QuickCheck units and the RapID Phase 1 pilot and to provide functionality which will allow the business to conduct fingerprint recording and searching in a secure manner from a modern handheld device. To ensure the potential for re-use of the units as IAFS is replaced by the strategic NIAS solution it will be wise to include requirements to, for example, ensure that units use standard protocols which do not constrict use to the current IAFS supplier alone. The need to take into account re-use on NIAS is supported by [Name redacted] recent UKBA mobile access paper (see Related Documents on page 2). It is intended that this Statement of Requirements be used by the IAFS Supplier (Sagem) to produce final costings, and to confirm the timescales for the development of the requirements and, once a signed off SoR and an order is confirmed, to provide design documentation for review and agreement with UKBA and to direct the provision and customisation of handheld biometric identification capabilities to meet UKBA requirements as detailed in the SoR. For UKBA BD3 and other UKBA Stakeholders, this document constitutes the agreed requirements which Sagem shall deliver for UKBA next generation handheld biometric identification. Note: With one exception (which is detailed in section 4.1 of this SoR), the hardware needed as part of the solution to meet the UKBA requirements will be ordered under a separate agreement with the NIAS supplier. The scope of the hardware order is detailed in Appendix C of this SoR.

1.2 Scope of this Document This section identifies the intended scope of this document. Note that the scope of the project will be wider than the scope of this document. For example, as noted below it is not in the scope of this SoR to cover all potential IAFS infrastructure changes and enhancements but this is certainly within the scope of the project and requires the support of the Home Office IT team.

1.2.1 In scope of this document

The following are in scope for this SoR:

Changes and enhancements to handheld biometric identification devices and related technical infrastructure, including the provision of required data protection (encryption) functionality, which are supplied by Sagem to meet UKBA business requirements;

Changes and enhancements to IAFS supplied by Sagem to support remote IAFS searches using the next generation handheld biometric identification devices;

The provision of software developed and/or integrated by Sagem to meet the UKBA requirements:

The limited provision of hardware as detailed in section 4.1 of this SoR.


Page 7 of 35

1.2.2 Out of scope of this document

The following are out of scope for this SoR:

Any changes and enhancements arising from the requirements in this document which are required for elements of the IAFS infrastructure which are supported by Home Office IT, including for example the IAFS network, are out of scope of this document. Any such changes will need to be agreed and documented separately by the Home Office IT IAFS Support team.

The provision of hardware, with the exception of that detailed in section 4.1 of this SoR.

1.3 Background

1.3.1 Background to IAFS

The IAFS system went live in December 2000 with the principal objective:

To enable fingerprints (taken under the various Immigration Acts) to be taken anywhere in the UK and for the result of that search against the database of existing fingerprint records to be available at the point of capture within one hour (in practice this is achieved within about 15 minutes for most searches under normal conditions).

The system has extended in the first few years to include:

Production of the Application Registration Card (ARC);

Interface to and automated exchange with the Police National Fingerprint System (the Police-Immigration Fingerprint Exchange, known as PIFE);

Interface to and automated exchange with the Eurodac System;

The Visa biometric application pilots and initial rollout;

Reporting with ARC (RepARC);

Data feeds to other Data Handling Systems;

The ISRP Project For 1951 Convention Document Holders;

The addition of the Latent Mark Search System (LMSS);

The VINE interface for automated transaction exchange between IAFS and UKBA Visa Services transaction management system.

IAFS was expanded by way of a major system expansion project (SEP) in November 2005, delivering improved throughput capability and enhanced functionality including the latest fingerprint matching technology (Sagem‟ MetaMatcher). The system further expanded in March 2007 under Phase 1 of the IAFS+ project, to deliver throughput capability and additional functionality to support the search and storage of fingerprints enrolled with visa applications for all UKvisas Posts. This expansion included capacity (but not functionality) to meet the anticipated future search and storage requirements for: A number of additional enhancements have been provided more recently, including:

IAFS+ Project Phase 1b, 1:one Enrolment Checks and Automated match upper threshold for Visas transactions;

WebAFIS and WebARC upgrades;

WebAFIS biometric authentication proof of concept;

Deployment of VINE-2 to provide a standard IAFS services interface for Visa Services, ICFN (and other users).


Page 8 of 35

IAFS will continue until such time as it is replaced by the strategic NIAS service (currently expected to be 2010).

1.3.2 Background to the Next Generation Handheld Biometric Identification Project

QuickCheck units are used in UKBA mainly by Immigration Officers, to help establish the identity of an individual. Units are used on Enforcement operations and also at ports and airports around the UK and at Juxtaposed controls in France & Belgium. The current configuration consists of the QuickCheck unit (with fingerprint recording device), mobile phone and data cable with a power supply and a bag to carry the unit. Although QuickChecks have proven beneficial to the business they are now antiquated and cumbersome by modern standards. The QuickCheck unit is no longer manufactured by Sagem and many of the parts are now obsolete, so as units fail they have to be withdrawn from service. In addition, the functionality provided by the QuickCheck falls short of current key business requirements, such as:

The QuickCheck does not have the capacity to provide a face image of a person who already has a record on our database. This enhancement on future devices would be a major improvement;

QuickChecks require an external mobile phone as an attachment along with a data cable to the QuickCheck unit for use by users in the field. The future devices should not have the need for a separate mobile phone and data cables;

[Redacted]

The operational battery life of the devices needs to be improved;

Replacement units need to be able to operate with more flexible modern mobile communication protocols;

Replacement units must be able to record and submit fingerprint images in addition to any proprietary fingerprint matching templates that may be used by the device;

Replacement devices need to be significantly less bulky than the original QuickCheck units.

A replacement for the QuickCheck has been under investigation for some time by UKBA and a pilot using Sagem “RapID” devices has been conducted to assess the suitability of these devices to meet UKBA business needs. Eight of the Sagem RapID model 100 devices were placed on trial as part of the RapID pilot. (These devices are similar to the police equivalent for checks against IDENT1 system.) Summary findings from the RapID pilot (using early model 100 devices):

Proved to be preferable to the old QuickCheck device. The device is lighter and more user friendly; it provides a Windows based application interface. It allows multiple searches to submitted (without having to wait for the return of a result first) and can display a face image with the result of a search;

Does not provide all required UKBA functionality (notably in terms of security/encryption) and further development required before a similar device is rolled out in substantial numbers. This will be addressed in this SoR;

It is important to ensure that software developed by Sagem for a UKBA QuickCheck replacement is capable of being re-used across the wider family of new generation handheld biometric identification devices available from Sagem. This is because there are likely to be future requirements to provide units that can carry out additional


Page 9 of 35

functions such as reading of MRZ data and reading of chips in travel and ID documents, etc. This will be addressed in this SoR.

1.4 Business Users

1.4.1 IAFS users

The current IAFS system is business critical to a number of key UKBA business areas including:

Visa Services

ICFN (ID Cards for Foreign Nationals)

Asylum Screening Units

Third Country Unit

Immigration Controls at Ports of Entry

Reporting centres

Enforcement and Removals

NASS

Immigration Fingerprint Bureau (IFB) IAFS also provides business critical interactions with a number of key external business systems including:

UK Police IDENT1 (national fingerprint system)

Eurodac (EU Asylum seekers fingerprint system)

1.4.2 IAFS Next Generation Handheld Biometric Identification users

The main UKBA business areas to require handheld biometric recording are:

Enforcement and Removals

Immigration Controls at some Ports of Entry

1.5 Project Timescales The mandate is to replace existing QuickCheck units as soon as possible. In order to meet the needs of the business within the timescales required, and for commercial reasons, an order will be placed with Sagem for development of the functionality detailed in this SoR and a small number of hardware units (as detailed in section 4.1 of this SoR) will also be supplied as part of this order. A separate, parallel order will be placed by UKBA under the NIAS contract for the supply of 180 new handheld units that will be configured with the software developed as required by this SoR in order to work with IAFS. In addition, the parallel order will provide other hardware required to enable the solution to meet the requirements of this SoR to be deployed. The scope of the hardware order is detailed in Appendix C of this SoR. The requirements in this SoR have been divided into two Phases. The majority of functionality is detailed in Phase 1 but a number of requirements that result in specific additional development by Sagem, and are not critical to meet business needs, are detailed in Phase 2.


Page 10 of 35

Sagem have stated that it will be advantageous to deliver all requirements from Phase 1 and 2 at the same time.


Page 11 of 35

2 Design and Development Approach to Support Re-Use

2.1 Common Software Development As stated in section 1.3, it is important to ensure that software developed by Sagem for a UKBA QuickCheck replacement is capable of being re-used across the wider family of new generation handheld biometric identification devices available from Sagem. The functional requirements in this document are not specific to a particular Sagem handheld biometric identification device – the emphasis of the requirements is to deliver capability that meets all the current business requirements. However, the current requirements documented in this SoR are likely to be expanded in the future according to business need and the extra functionality required at that time may mean an alternative device would be more suitable to meet them. Therefore, any software development carried out as part of this SoR work must be capable of being easily re-used on an alternative device within the Sagem family of new generation handheld biometric identification devices.

2.1.1 Requirements for development that is non device specific

It is understood that the Sagem family of handheld biometric identification devices share the same hardware and software development environment, and that it is possible to customise the software in such a way that it can be made available on more than one member of the device family, whilst recognising that different device models in the family do not support all of the hardware and software functionality. NGH001 The Supplier shall carry out one set of enhancements and

customisations in answer to this SoR which shall be compatible with more than one member of the family of handheld biometric identification devices, minimising and if possible eliminating the need to have different versions of the software for different device models.

2.2 Re-use of RapID Pilot Developments A pilot project has been carried out with the Sagem RapID device and developments made to IAFS and the device to support this pilot. The 8 units used for the pilot were deployed in the field on a longer-term basis. Although the RapID pilot developments do not meet all of the requirements in this SoR, it is required to exploit and re-use any previous development work completed by Sagem where this is possible. NGH002 The Supplier shall ensure that, where possible and in the interest of

reducing costs, they will use the enhancements and customisation for the RapID Phase 1 pilot project as a starting point for the enhancements and customisation arising out of the requirements contained in this SoR.

NGH003 For the existing serviceable RapID pilot units owned by UKBA (6 and 1

test unit) the Supplier shall ensure that either the units are re-used and modified appropriately to meet the requirements of this SoR or the


Page 12 of 35

Supplier shall provide UKBA with a costed option at a preferential rate to enable their replacement. [Context: It is an important principle for UKBA to reuse purchased assets where possible, to ensure value for money. However, since there are some potential disadvantages in operating and maintaining these pilot units (these older devices are no longer manufactured, have an older PDA version and are heavier than the new units) UKBA wish to be provided with an alternative replacement option to consider.]

Note: In answering this requirement (NGH003) Sagem will, as part of their commercial offer, exchange these units against the next version of the MorphoRapID at a preferred cost.

2.3 Potential Re-use of UKBA Devices in NIAS UKBA wish to ensure that any next generation handheld biometric identification devices purchased for use with IAFS have the potential to be re-used when IAFS is replaced by NIAS. NGH010 Sagem shall ensure that the design and functionality of the next

generation handheld biometric identification devices supplied to UKBA is sufficiently flexible to allow for the potential re-use of these devices with the future NIAS service. In particular, this requires Sagem to ensure that all units use standard protocols or have the ability to use standard protocols for communications and exchange of biometric data (such as using a standard NIST file) including fingerprint images and face images.

Note: Sagem are required to co-ordinate with IBM, their partner for delivery of NIAS, in order to ensure that this requirement is met. [Redacted] Note: Sagem states that the device is able to send standard NIST file over HTTP, with the fingerprint images, to an external system. A specific procedure allowing to send NIST file would need to be customised in the future and the detail format of the NIST file would need to be agreed between Sagem and UKBA. The customisation of this procedure is not part of Sagem’s pricing for this SoR. It can, however, be provided at a later stage when required for NIAS.

NGH011 The Supplier shall implement recording devices such that finger images

recorded meet NIAS Standards for finger images (see Appendix B).

Note: Sagem provides the following details: The MorphoSmart Optic is integrated in the MorphoRapID

- Sensor area: 21 x 21 mm (0.8 x 0.8 inches) - Resolution: 500 dpi - 256 gray level image


Page 13 of 35

3 Phase 1 Functional Requirements

3.1 Data Protection Background: In order to suitably protect data recorded from individuals as part of UKBA business processes and to achieve accreditation from the nominated Accreditor, the solution provided by Sagem must protect data to the agreed target impact level using appropriately approved measures. [Redacted] NGH 132 The Supplier shall agree jointly with UKBA and HOIT an appropriate

solution to achieve the required level of data protection. The tools and protocols used must provide protection to the data to the agreed target impact level and must be accreditable to a standard agreed by UKBA and HOIT. [Redacted]

NGH133 The Supplier shall ensure that next generation handheld biometric

identification device and operating system shall be compatible with the agreed data protection tools and protocols provided to meet NGH132.

[Redacted]

3.1.1 Data protection – data at rest


identification devices shall secure data that has been recorded from a subject (biometric and/or biographic/demographic). Protection (i.e. encryption) shall be applied to the data held on the handheld unit whilst stored at rest. [Redacted]

3.1.2 Data protection – data in transit


identification devices shall secure data [Redacted] between the handheld unit and the central system across a network. [Redacted] Sagem shall provide:

VPN connectivity, both at the handheld and at the boundary to IAFS

The specification for VPN equipment and/or firewall needed to secure IAFS from the 3G network. (The hardware will be provided under a separate order as detailed in Appendix C of this SoR.)

[Redacted]


Page 14 of 35

3.2 Access / Security

[Redacted]

3.2.1 Device connections lock down

NGH150 The Supplier shall ensure that ports (USB ports, SD slots and any

slots/ports where external devices can be plugged in) required for system administration use on the next generation handheld biometric identification devices shall be minimised and non-required ports shall be physically disabled. Where ports are left open for system administration use the Supplier shall ensure that they are appropriately locked down using an approved software tool, agreed with UKBA/HOIT.

[Redacted]

NGH151 The Supplier shall ensure that hardware/software measures used to

achieve the lockdown described in NGH150 are accreditable to a standard agreed by UKBA and HOIT.

[Redacted]

3.3 Mobile Communications This section details requirements for mobile data communication between the handheld unit and the central IAFS database. Background: Sagem will provide the software (and limited hardware) needed for their solution but HOIT (via the IAFS Support Team) will provide the 3G connectivity (i.e. SIM card) and a link, sized as specified by the Supplier, from the 3G cloud to the IAFS network. NGH040 The Supplier shall ensure that the handheld unit has the capability to

use mobile data communications to send and receive data between the unit and the central IAFS database.

NGH041 The Supplier shall ensure that the equipment shall support the following

connection capability: - LAN connection [for network connection to IAFS] - Mobile connection [for mobile connection to IAFS].

Note: Sagem states that LAN connection is available either via a PC, or using a dedicated LAN adaptor.

NGH042 The Supplier shall ensure that the mobile communications protocol

provided includes, at a minimum UMTS/3G and GPRS. In addition, the Supplier may offer support for alternative protocols such as EDGE and HSDPA. The Supplier shall ensure that the fastest mobile data connection is always available to units, automatically.


Page 15 of 35

NGH043 Requirement deleted

[Redacted] NGH045 The Supplier shall ensure that all hardware and software required for

mobile data communication is incorporated into the handheld unit itself and there shall be no external mobile phone or modem to enable mobile connection with the central IAFS database.

NGH046 Requirement deleted

3.3.1 Division of responsibility between Sagem and HOIT (IAFS Support)

In summary: HOIT (via the IAFS Support Team) will provide:

3G SIM cards on a separate 3G cloud by the supplier of choice for HOIT

A link to the „3G cloud‟ from whichever supplier is needed to link into the above cloud

[Redacted]

NGH400 Requirement deleted NGH401 The Supplier shall ensure that next generation handheld biometric

identity devices provided in its solution can accept SIM (subscriber identity module) cards from any UK mobile network supplier.


identity devices provided in its solution are able to connect to differing networks within the 3G cloud. [Context: This is in order to provide a „private‟ 3G network on common infrastructure if this is the preference of HOIT.]

[Redacted]


Page 16 of 35

3.4 Recording Functionality NGH050 The Supplier shall ensure that the handheld biometric identification

device shall incorporate a fingerprint reader which is capable of capturing fingerprint images to the quality required for search against IAFS.

NGH051 The Supplier shall ensure that, as a minimum, the fingerprint reader

shall be able to capture fingerprint images to 500dpi with 256 grey levels, with a minimum sensor area of 21 x 21 mm (0.8 x 0.8 inches).

NGH052 The Supplier shall ensure that the handheld unit (in normal operational

use) allows the User to record up to two index fingers for submission to IAFS for search against the central IAFS database. [Context: The current central IAFS infrastructure supports submission of index fingers only from handheld biometric devices.]

NGH053 The Supplier shall provide recording devices with alphanumeric data

entry functionality. NGH054 The Supplier shall ensure that the handheld unit allows the following

data items to be recorded with each fingerprint recording event:

Gender (male, female, unknown. Default is unknown)

Free format note field for optional User notes (such as to add a surname or local reference numbers, for example.) This field shall be displayable to the User when search results are returned to the unit.

NGH056 The Supplier shall ensure that the handheld unit shall automatically

allocate a unique reference number to each fingerprint recording event. NGH057 The Supplier shall ensure that, through configuration, devices shall have

the ability to transmit fingerprint images or fingerprint templates to IAFS for processing. The configuration change shall be capable of being actioned in the UK by either the Sagem IAFS on site team or the HOIT IAFS S&D team.

Note: The scope of this requirement (NGH057) is to ensure that units

provided by Sagem are able to transmit finger images in order to future proof the solution. It is recognised that workflow and other changes would be required to IAFS in order to be able to receive and process finger images (rather than templates) from handheld devices. Any such change required to central IAFS will be the subject of a future SoR. For the foreseeable future (ahead of NIAS) it is expected that IAFS will continue to require templates to be submitted for search processing from handheld biometric identification units.


Page 17 of 35

Note: Sagem states that the device has the ability to send fingerprint images through NIST files.

NGH058 The Supplier shall implement a recording application which provides

feedback to the User to enable him to ensure the Optimum Quality of a recorded fingerprint image. [Note “Optimum Quality” is defined in the Glossary of this document.]

NGH059 The Supplier shall ensure that fingerprint recording equipment provided

by the Supplier shall provide measures that minimise negative effects on Optimum Quality recording [including image quality and recording time / user intervention] from:

- Dry or moist skin conditions - Poor Friction Ridge detail - Ghost images from previous fingerprint recording attempts (where relevant to equipment type) - Halo effects arising from condensation and / or excessively moist fingers (where relevant to equipment type).

[Redacted]

3.5 Search Functionality NGH070 The Supplier shall ensure that search request data shall be retained on

the unit, pending return of search results, and shall be automatically linked with returned search result data.

3.5.1 Remote 1:many unverified search against IAFS

The current QuickCheck allows fingerprint capture for an unverified search against the central IAFS database, with the return to the unit of biographic/demographic data in the event of a possible match. The user has to wait for the return of the first search request before a subsequent capture and search request event can take place. In next generation handheld biometric identification devices it is required for users to have the ability to record multiple sets of fingerprints on the unit, and send them to IAFS (singly or all recorded sets) at a point in time after the capture events. This functionality would support recording in an “offline” mode when mobile data communications are not available. For example, Enforcement users operating the units whilst in the Channel Tunnel. NGH080 The Supplier shall provide the functionality to allow multiple sets of

fingerprints to be recorded on the unit and subsequently sent to IAFS, singly or all recorded sets, at a point in time after the capture events determined by the User.

3.5.2 Search results from IAFS following a 1:many remote search


Page 18 of 35

NGH090 The Supplier shall ensure that when IAFS has completed a central search received from a handheld unit, the results of the search shall be returned to the handheld unit which initiated the search.

NGH091 The Supplier shall ensure that the search result shall be one of the

following:

No hit – IAFS finds no candidate with a matcher score above the possible match threshold;

Possible match – IAFS finds one or more candidates with a matcher score above the possible match threshold.

Error – a suitable message provided to inform the user of the reason for the error

NGH092 The Supplier shall ensure that, in the event of a possible match, IAFS

shall return to the handheld unit for display to the User relevant biographic/demographic data available from the IAFS database (default to be the same as the currently used QuickCheck dataset) and a face image (where the face image is available on IAFS) of a single candidate with a matcher score above the possible match threshold or the candidate with the highest matcher score if there is more than one possible.

Note: The IAFS search from handheld units is unverified and there is no requirement for manual comparison by IFB. In the future, and when finger images rather than templates are submitted, a search type may be added to support the ability for a User to request a confirmed match via IFB.

NGH093 The Supplier shall ensure that the handheld unit shall link each search

result and associated data with the search request data retained on the unit, and shall make the data available to the User of the unit.

3.6 Record Management NGH100 The Supplier shall ensure functionality for the management of fingerprint

records on the next generation handheld biometric identification units. This shall include:

Provision of a manual record deletion facility for authorised users;

Provision, through configuration, of an alternative option to delete records automatically on logout when relevant search results are successfully received by the unit and have been viewed by a User.

NGH101 The Supplier shall provide, as a separately priced option, additional

functionality for the management of fingerprint records on the next generation handheld biometric identification units to enable an automated deletion of fingerprint samples (templates or images and templates where applicable) from a record immediately when a relevant search result is received from IAFS. This capability will cause a partial delete of the record – only the fingerprint samples are removed and any face image or demographic/biographic data remains (until the entire record is deleted as per the requirements in NGH100).


Page 19 of 35

3.7 Audit Functionality NGH160 The Supplier shall ensure that all searches requested against the central

IAFS database from a handheld unit must be logged on the central IAFS system. Data to be logged shall include:

All data items which are logged for a search

Date and time of search

Time taken for the search

Local User who requested the search

Handheld unit from which the request was made

Search result, including event/person identifier in the event of a possible match

[Redacted]

3.8 General Device Requirements NGH020 The Supplier shall provide a suitably rugged handheld unit, able to

withstand operational usage in internal and external environments, including a wide range of temperature, humidity and rough handling conditions. The unit must be able to transition between these environments quickly.

NGH021 The Supplier shall ensure that, in the event of loss of connectivity to

IAFS, the User shall be able to continue to record fingerprint images, securely store them and queue them for search processing. The Supplier shall provide functionality, through EUI, for the User to forward queued and interrupted records for IAFS processing once connectivity is restored.

NGH022 The Supplier shall implement recording devices so that the quality of the

biometric image recorded shall be independent of the operational environment (including ambient pressure, temperature, lighting and relative humidity).

NGH023 The Supplier shall ensure that fingerprint recording hardware provided

by the Supplier shall maintain image output to the original manufacturer specification. The Supplier shall be responsible for checking that image output is maintained (including by a calibration check) at least at intervals recommended by the manufacturer or as otherwise agreed in writing with UKBA. Note: Sagem states that calibration is not required for the MSO fingerprint recording unit which is integrated into the device..


Page 20 of 35

NGH024 The Supplier shall ensure that any measures taken to prolong the life of operational fingerprint recording hardware (such as the addition of protective films of coatings) does not denigrate the Optimum Quality of recorded fingerprint images.

Note: Sagem states that such measures are not provided in their design.

NGH026 The Supplier shall ensure that supplied equipment complies with the

following: - British Standards Institution requirements for Electrical Installations (BS 7671) - Legitimately carries the CE marking - The Health and Safety at Work Act - RoHS - All equipment shall be suitable and tested for the environment in which it is intended to operate, and shall conform to BS2011, BSEN60529:1992 and IP 66 - Other applicable local regulations - All relevant EU legislation and regulations

- All relevant national and local legislation and regulations for locations outside the United Kingdom where equipment is being operated (e.g. Juxtaposed Controls)

Note: Sagem states that MorphoRapID complies with the following standards :

- Certifications : CE, CB, FCC15, WEEE, RoHS - Dust and water protection : IP65

NGH027 The Supplier shall ensure that equipment shall be usable independent of

a fixed power supply and provide battery power for operational use and in standby mode to meet UKBA operational demands. (The operational demands will be subject to UKBA approval but are currently at least 8 hours of operational usage and at least 12 hours on standby before requiring recharging.)

NGH028 The Supplier shall ensure that equipment shall be chargeable from a

range of power supplies to suit operational needs, including: standard UK 13amp supply and vehicle cigarette lighter 12v supply.


Page 21 of 35

4 Phase 1 Non Functional Requirements

4.1 Software and Hardware and to be Provided NGH170 The Supplier shall ensure that all software, licensing and functionality for

Supplier-supported components of IAFS shall be supplied by the Supplier to meet the requirements as specified in this SoR.

NGH171 The Supplier shall provide hardware as follows: 10 (ten) handheld

biometric identification units to meet the requirements specified in this document, complete with appropriate software licences. The Supplier shall specify the device to be provided (e.g. MorphoRapID 1100) in its solution.

[Redacted]

Note: The units in this requirement (NGH171) are a replacement for the original pilot units as described in requirement NBH003 and are intended to be used by UKBA for test and acceptance purposes. Note: The full order for 180 handheld units will be placed by UKBA as a parallel order via the NIAS contract, along with the addition hardware items to support the solution to UKBA’s requirements. The scope of hardware ordering is detailed in Appendix C of this SoR.

4.2 Performance and Volumetrics NGH180 The Supplier shall ensure that search results (no hit results and possible

match results) from a remote search against IAFS shall be available on the handheld biometric identification unit within 5 minutes of initiation of the search request on the handheld unit by the User (subject to mobile network availability).

NGH181 The Supplier shall ensure that the volumes for searches from UKBA

IAFS handheld biometric identification devices to IAFS (whether the next generation units or the outgoing QuickCheck units or a combination) as detailed in the following table are supported:

UKBA IAFS handheld biometric identification unit Search Volumes (average searches per day from all units) 2009

Total 400

Note: Capacity on IAFS for “QuickCheck” searches for 2009 in the table

above comes from Table 3 of Schedule 4 (IAFS Supply and Support Agreement).

UKBA IAFS handheld biometric identification unit Search Volumes (average searches per day from all units)

2010 and


Page 22 of 35

beyond

Total 850

Note: Capacity for “QuickCheck” searches from 2010 onwards is

detailed in the table above and is based upon anticipated usage of 180 units on IAFS for “QuickCheck” searches for 2009 is detailed in Table 3 of Schedule 4 (IAFS Supply and Support Agreement). Should this figure prove to be insufficient in the future, extra capacity will be requested as part of a change request.

4.3 Availability [Redacted] NGH182 The Supplier shall ensure that the same levels of availability provided for

the current Quick Check and RapID units is maintained for the next generation handheld biometric identification devices.

4.4 Project Management

4.4.1 Project implementation

NGH190 The Supplier shall establish a project team lead by a suitably qualified

Project Manager and a Deputy. UKBA BD3 shall establish a similar team.

NGH191 The Supplier shall develop a detailed project plan for design,

development, testing and implementation of the new functionality which shall take into account working with the NIAS supplier to co-ordinate the delivery of hardware required to provide the solution to the UKBA requirements.

NGH192 The Supplier shall agree to and support the following:

The Project Status will be formally reviewed at regular meetings between the UKBA BD3 Project Team and the Supplier Project Team. Meetings will take place monthly in the design and development phase of the project, and weekly from the point at which the project approaches the testing phase. A review of the project plan will take place at this meeting.

NGH193 The Supplier shall agree to and support the following:

The design to meet the requirements detailed in this SoR will be developed by Sagem and reviewed, agreed and signed off by UKBA BD3 Project Team and BD3 Technical Assurance along with other appropriate UKBA representatives. Any proposed changes to the design shall be reviewed and agreed (or not) by the UKBA BD3 Project Team and BD3 Technical Assurance. Any changes to the existing IAFS/ARC processes and configuration must be explicitly stated in the design document.


Page 23 of 35

NGH194 The Supplier shall agree to and support the following: Project management will be compatible with PRINCE 2 standards with quality management to the relevant ISO 9001 standards.

4.5 Design and Test NGH200 The Supplier shall be responsible for demonstrating that the solution

complies with the requirements in this document. NGH201 The Supplier shall be responsible for demonstrating that

implementations comply with requirements, against a Test Plan drawn up by the Supplier and agreed by the UKBA BD3 Project Team. [Redacted]

NGH202 The Supplier shall, as early as possible, provide a mock up of the design

in order for a review to be conducted with appropriate UKBA staff. This will provide an early opportunity to assess that the Supplier has fully understood UKBA‟s requirements.

4.5.1 Technical design walk-through

Home Office IT IAFS Support team will be responsible for implementing any network, firewall or router changes required for the implementation of the handheld unit and its functionality. The Supplier project plan must include a technical design walk-through task/milestone where UKBA BD3 Project and Technical Assurance Team, Home Office IT IAFS Support team and Sagem staff shall take part in a technical design walk-through, to give the opportunity to jointly discuss, identify and agree any changes to infrastructure for which Home Office IT IAFS Support team have responsibility, which shall be required for the installation of the handheld unit and its functionality. The technical design walk-through shall take place prior to the start of Sagem testing in Eragny. NGH210 The Supplier shall ensure a technical design walk-through shall take

place with UKBA BD3 Project Team, UKBA BD3 Technical Assurance, HOIT IAFS Support Team, IFB and Sagem Technical staff in presence, to confirm and identify any changes which may be required to elements of the system infrastructure which are maintained by HOIT IAFS Support Team.


Page 24 of 35

4.5.2 FAT testing

NGH220 The Supplier shall carry out a FAT with appropriate UKBA staff in

attendance. It shall include testing of new handheld unit functionality and existing functionality which may be impacted by the system upgrade.

4.5.3 User assurance testing

NGH230 The Supplier shall ensure that On Site assurance testing shall include

regression testing of existing processes and testing of all new functionality and interfaces. This will be carried out by the Home Office IT UAT team against a Test Strategy and Plan developed up by the Home Office IT UAT team in consultation with UKBA BD3.

4.6 IAFS Test System NGH240 The Supplier shall ensure that the IAFS Test System is upgraded to

include the next generation handheld biometric identification functionality specified in this SoR. As the test system services are distributed on a smaller number of servers, impact analysis shall be carried out by Sagem to assess where to locate the handheld unit services, and to establish if new servers are required.

NGH241 The Supplier shall provide facilities to support UAT testing of the next

generation handheld biometric identification devices and functionality that shall take place on the Test System prior to implementation of the next generation handheld biometric identification devices and functionality on the live system.

4.7 Disaster Recovery System NGH250 The Supplier shall ensure that the IAFS DR System shall be upgraded

to include the next generation handheld biometric identification functionality as specified in this SoR.


Page 25 of 35

4.8 Support

4.8.1 Installation

NGH260 The Supplier shall be responsible for installation of any Sagem

supported hardware and software in UK in respect of IAFS and the IAFS Test and DR Systems.

Note: Home Office IT IAFS Support team will be responsible for procuring and commissioning any additional Windows servers to support the installation of the handheld unit and its functionality.

4.8.2 Maintenance and User Support

NGH270 The Supplier shall ensure that maintenance and user support will be

provided under existing Sagem support arrangements and in accordance with the existing SLA between Home Office IT and Sagem.

4.9 Training NGH280 The Supplier shall provide suitable training members of the BD3 project

team, technical assurance staff, IAFS Support team, and other relevant IAFS personnel as appropriate in the use and operation of the handheld unit and its associated support tools.

4.10 Documentation NGH290 The Supplier shall provide the following system documentation:

Technical specification (design document), including full details of technical and procedural security controls

An update to the IAFS SyOps as necessary

for approval by UKBA BD3/HOIT prior to the start of development. NGH291 The Supplier shall ensure that full user documentation shall be provided

to UKBA BD3, as follows: one (1) electronic copy in Word and PDF format on CD-ROM, and two (2) printed hard copies.

Note: From previous discussions, Sagem does not anticipate a need to modify user documentation or to provide any training to non Sagem staff to meet these requirements.

NGH292 The Supplier shall ensure that, where training documentation is

necessary, a draft version of the training documentation shall be supplied to the UKBA BD3 Project Team for review prior to delivery of handheld units. The final version training documentation shall be supplied to the UKBA BD3 Project Manager as follows: one (1)


Page 26 of 35

electronic copy in Word and PDF format on CD-ROM, and two (2) printed hard copies.

NGH293 The Supplier shall grant UKBA editorial control of training material

supplied by Sagem and give UKBA ownership of the training materials. NGH294 The Supplier shall ensure that Systems Management and Administrator

documentation shall be provided and the relevant information added to the existing documents for the IAFS system.

4.11 Security / Information Assurance Note: The IAFS domain is a secure environment, subject to Accreditation. The UKBA BD3 Project Manager must ensure that the IAFS Security Officer carries out a security review of all changes to the IAFS system and its environment arising from the next generation handheld biometric identification functionality and device development and the IAFS security officer must sign off all such changes. Note: The UKBA BD3 Project Manager must ensure that the IAFS Security Officer puts in place any action required to test the security of IAFS and its environment after implementation of the handheld unit development, and shall ensure that the handheld unit and its functionality is incorporated in IAFS security documentation, and is included in the IAFS system accreditation. NGH300 The Supplier shall fully take account of the security requirements of the

environment during the development and testing of the handheld unit requirements.

NGH301 The Supplier shall provide all necessary assistance to UKBA BD3 to

complete necessary Security Accreditation work as required in a timely manner, as part of the overall design and implementation process.

[Redacted]


Page 27 of 35

5 Phase 2 Functional Requirements NGH500 The Supplier shall ensure that all Phase 1 Functional Requirements

shall be continued into Phase 2, with the addition of the requirements in this section of the SoR.

5.1.1 User profiles

NGH501 The Supplier shall ensure that the following user profiles are available

on the handheld biometric identification unit:

Profile Permitted activities

User Fingerprint and biographic/demographic recording

Remote search on IAFS

Management of search and results data (including deletion of data associated with an individual capture/search)

Password reset

Local User Administrator All activities associated with the User profile

Creation and management of accounts for Users with the User profile

System Administrator All activities associated with the User Profile and Local User Administrator profile

Creation and management of accounts for Users with the User profile

Creation and management of accounts for Users with the Local Administrator profile

Full access to the handheld biometric identification unit‟s functionality/configuration

[Redacted]


Page 28 of 35

6 Phase 2 Non Functional Requirements NGH550 The Supplier shall ensure that all Phase 1 Non Functional Requirements

shall be continued into Phase 2.


Page 29 of 35

7 Future Requirements The requirements in this section are not required to be delivered in Phase 1 or Phase 2. They may be needed at a time in the future and, at this time, they will be the subject of a future SoR. These requirements are included in this document as a useful placeholder but do not need to be priced as part of Sagem‟s response to this SoR. Note: Extended future functionality may raise the impact level of the devices and require re-accreditation at a higher impact level.

7.1 Search requests containing fingerprint images Context: As part of the move from IAFS to NIAS there will be a need to transition handheld biometric identification devices from submitting search requests containing fingerprint templates to search requests containing fingerprint images. In addition, there will be a need for the devices to support transmission of search requests to comply with internationally recognised biometric exchange standards. NGH700F The Supplier shall ensure that handheld biometric identification units

shall be able to submit fingerprint images (rather than proprietary encoded fingerprint template data) as part of a search request.

NGH701F The Supplier shall ensure that handheld biometric identification units

shall be able to exchange search and result messages using an internationally recognised standard for the exchange of fingerprint, face and related biographic/demographic data.

Note: Further discussion will be needed with Sagem to confirm how this requirement will be met. Exchange formats to consider for this will include ANSI/NIST-ITL 1-2000 or preferably ANSI/NIST-ITL 1-2007, which supports an XML approach. Whichever approach is adopted will need to take account of the balance between the best exchange format for the future use of the device, and the desire to minimise development costs by reusing existing Sagem handheld device functionality.

7.2 Additional NIAS compatibility requirements NGH710F The Supplier shall ensure that equipment shall be capable of recording

up to ten (single) plain fingerprints, as an exception process. [Context: This capability is intended to be used only where, for example, the recording of ten fingerprints for search and, exceptionally, for store, may be required for specific Enforcement purposes.]

NGH711F The Supplier shall ensure that, where one or two index fingers are not

available, the equipment shall be capable of recording alternative fingers and submitting them for search.


Page 30 of 35

NGH712F The Supplier shall enable the User to log missing or damaged digits and to enter the reasons why they are missing for fingers that cannot be recorded (normally relevant to the index fingers only when recording the standard two index fingers). The reasons shall include “amputee”, “injured”, "medical" or “other”.

NGH713F The Supplier shall provide the ability for handheld equipment to send a

GPS reference of its position as part of the NIST file when a search request is made.

[Redacted]


Page 31 of 35

8 Supplier Response - Pricing NGH320 The Supplier shall ensure that Pricing is broken down and presented

according to the following schedule:

Description: Pricing to clearly show, as separate line items:

Phase 1 Delivery of hardware and software, and enhancement and changes to IAFS to implement the next generation handheld biometric identification functionality and devices.

Hardware/software costs for required number of handheld units as detailed in NGH171

Software costs for other items

Development hours/cost – for additional functionality requested

Development hours/cost – for configuration to existing IAFS system

Project Management hours/cost

Testing hours/cost

Training (including documentation) hours/cost, broken out to show an initial training course included, with an optional price for additional training per course

Deployment and commissioning hours/cost

Maintenance

DR system upgrade

IAFS Test system upgrade

Phase 2 Delivery of hardware and software, and enhancement and changes to IAFS to implement the next generation handheld biometric identification functionality and devices.

Development hours/cost – for additional functionality requested

Development hours/cost – for configuration to existing IAFS system

Project Management hours/cost

Testing hours/cost

Training (including documentation) hours/cost, broken out to show an initial training course included, with an optional price for additional training per course

Deployment and commissioning hours/cost

Maintenance

DR system upgrade

IAFS Test system upgrade


Page 32 of 35

Appendix A – Abbreviations and Definitions

Concept of Operations (CONOPS)

A document that describes, at a top level how the system, delivers its business goals. The objective of a CONOPS is to capture the characteristics of the proposed system (from the user‟s perspective) and the operational environment in which it needs to function.

EUI End User Interface. In the context of IAFS, this term is used to describe the primary user data entry screens in Metamorpho, which is the Sagem fingerprint matching and storage software package, which is customised to provide the IAFS system.

Eurodac The European Fingerprint System for asylum applicants and certain categories of immigration offenders. Automated links exist between Eurodac and IAFS

GSI Government Secure Intranet

NBIS National Biometric Identification System, now replaced by the title “NIAS”

NIAS National Identity Assurance System (formerly known as NBIS). The replacement for the current IAFS system, expanded to take into account new requirements of UKBA and also the needs of IPS and FCO.

IAFS Immigration and Asylum Fingerprint System. Installed in 2000 this system stored and matched fingerprints for asylum applicants and other categories of immigration offenders It provided on line access at Ports and Asylum Screening Units as well as mobile access via handheld units used by Enforcement and Removals and more latterly by the Police

ICFN ID Cards for Foreign Nationals (formerly referred to as Biometric Residents Permits [BRP])

IDENT1 The Fingerprint System used by the police forces of Scotland, Wales and England

IPS Identity and Passport Service (the new Agency created 1st April 2006,

amalgamating UK Passport Service and ID Cards Unit)

NPIA The National Policing Improvement Agency. The body now responsible for the provision and management of the IDENT1 system. Formerly this was undertaken by PITO (Police Information and Technology Organisation), which no longer exists as an agency.

Optimum Quality

Quality measurement in relation to biometric recording can, as explained in the Notes below, lead to difficulties when trying to articulate measurable detailed requirements. The term “Optimum Quality” has been used where relevant in the NBIS (NIAS) Detailed Requirements to try to overcome this difficulty and the term is explained as follows: For NBIS (NIAS) Recording Stations and relevant biometric recording requirements the term “Optimum Quality” is used to mean: Biometric samples are to be recorded to meet NBIS (NIAS) Standards where these apply and in a manner where both the recording equipment and process do not negatively affect the quality inherently available from the subject‟s


Page 33 of 35

biometric sample. Notes: There can be a number of factors that affect the inherent quality of a person‟s fingerprints, quite independent of a recording equipment and process. It is therefore not practical to set a simple fingerprint recording quality level across all subjects in order to determine that a Supplier has met such a requirement.

PIFE Police and Immigration Fingerprint Exchange. The operational links allowing automated cross searching of fingerprint records between IDENT1 and IAFS

SoR Statement of Requirements – The definition of requirements against which the supplier provides a solution.

UMTS Universal Mobile Telecommunications System

VINE-2 The next generation of the VINE interface. VINE is being enhanced to allow more than one external system to use the VINE interface with IAFS Specifically it is being enhanced to meet the IAFS interface requirements for the Biometric Residence Permits project.


Page 34 of 35

Appendix B – NBIS (NIAS) Standards/Formats for Finger Images No applicable standards and formats for finger images for NIAS are in conflict with current IAFS standards for finger images. As a reference, the following table provides guide standards for NBIS (NIAS) for single plain finger images.

Type Fingerprint: Plain (single image)

Format WSQ

Compression The compression ratio of electronically transmitted fingerprint images and stored fingerprint images normally 12:1 and may not exceed 15:1

Typical Compressed File Size

TBD (see current IAFS as a guide)

Image Resolution / Size info

Minimum resolution shall be at a nominal pixel density of 500 pixels per inch Specific sizes TBD, but working assumption is to follow IAFS sizing: The maximum Image (area mm²) for single plain finger: 1640 (The maximum Image (area mm²) for single plain thumb: 1745*) Example line length (VINE-2 ICD):416 horizontal and vertical pixels for the segmented fingers and plain thumbs*


Page 35 of 35

Appendix C – Scope of Hardware Order Within the Scope of this SoR As detailed in requirement NGH171, the following hardware will be ordered directly from Sagem as part of the order related to this SoR: A) 10 (ten) handheld biometric identification units to meet the requirements specified in this document, complete with appropriate software licences. [Redacted] Outside the Scope of this SoR For reference, the following will be ordered as a separate order under the NIAS contract: A) 180 Sagem handhelds (MorphoRapID 1100G- 300) delivered in 3 batches of 60, timeline stated below:- 1. Ist delivery 3 months from Purchase Order issued date 2. 2nd delivery 4 months from Purchase Order issued date 3. 3rd delivery 4.5 months from Purchase Order issued date

[Redacted]

Note: In addition to these items, it is possible that a radius server will be required to complete the communications solution. This has not been specified by Sagem but suggested by Vodafone (the HOIT network provider). Should a radius server be required it is likely that the order for this will be placed directly with Vodafone as part of the HOIT order with that supplier. This will be confirmed as soon as possible by HOIT.