Building and Deploying

1
Building and Deploying Biometrically Enabled
Prison Management Systems Anthony Iasso Oberon
Associates 2009 National Association for
Justice Information Systems (NAJIS)
Conference September 16, 2009
2
Topic
The topic of this working group is to describe
the system architecture, system capabilities, and
overall functionality of the end-to-end
biometrically enabled identity management and
prison management systems employed by the
Department of Defense as a complete
enterprise-class information technology
solution.  The discussions will range from
technical to practical, and cover lessons learned
and real-world insight into how these
technologies operate and how they can be
leveraged to operate in US national, state and
local corrections operations, to include bridging
to key Department of Justice systems such as the
Integrated Automated Fingerprint Identification
System (IAFIS).
3
Technologies

• The Biometrics Automated Toolset (BAT)
• Fingerprint, Face and Iris Enrollment and
  Identification
• Digital Dossier for data entry and data
  management
• A full information management platform
• Scalable, flexible client-server architecture
• Advanced discovery and data replication
  architecture (Discovery and Synchronization
  Services)
• FBI- and DoD-compliant biometric enrollment
• More than 3,000 systems deployed to Iraq,
  Afghanistan and other locations. It is the core
  biometric enrollment platform for the detention
  management solutions in Iraq and Afghanistan.
• The Detention Management System (DMS)
• Web-based detention and prison management system
• Exchanges information with the primary
  enrollment system (BAT)
• Manages all aspects of detainee operations and
  prison management
• Installed in Guantanamo Bay, Camp Cropper, Camp
  Bucca and Taji. Formerly used at now closed
  facilities Abu Ghraib and Fort Suse, Iraq.
• The Detention Management System Portal
  (DMS-Portal)
• Web-based portal
• Provides enterprise-level detention and prison
  oversight

4
History
Continued BAT Deployment to Iraq, Afghanistan,
ISAF

• BAT 1.0Developed(DetentionOps isa
  coremission)

• BAT intoIraq (Counter-Proliferation,NAVCENT,M
  ARCENT,
• 1-MEF
• Detention Ops(Ad DiwaniyaJuly 2003, AbuGhraib
  September2003)

• BAT intoAfghanistan(OEF 1,SOF Use)

Continued DMS and DMS Portal Deploymentin Iraq
Camp Bucca, Ft. Suse, Camp Cropper,numerous
CONUS DMS Training Sites

• DMS-FtoTF-134

• DMSinto AbuGhraibOct 2004

• DMSinto GTMO
• July 2005

• MARStoTF-134(ICIS-B)

• BAT toKosovofor LEPScreeningUse

5
MARS Success in Iraq, Capabilities and Mission
MARS 1.0, Iraqi Operators, Rustapha Prison,
Baghdad, March 2009
6
Key Lessons Learned

• Biometric Enrollment and Identification are an
  essential enabler. Yet they are not the end
  objective of the overall architecture
• Local biometric matching is a key capability for
  operations at every echelon
• Building a Detention Management System that is
  easy to customize, easy to redeploy, and easy to
  modify and update, and easy to train and use
  ensures seamless operations over years of use and
  mission change
• New technologies continue to drive extensions to
  the architecture and augment more and more
  processes as time goes on
• Identity Management is an end-to-end process,
  from the time the person is encountered to the
  time when they are released. The information
  technology architecture and tools must span the
  entire process

7
World View The Biometrics Architecture
BISA
FBI IAFIS
MPAC
SOID, EMIO,Others
DBIDS
DoDABIS / NGA
Cross Domain
NGIC BAT
NGIC BIR/AIMS(Biometrics Enabled Intel)
BAT
Biometrics Analysis Cell (BAC)
Data Flow between BAT (Field), BAT (NGIC)
and BAT (Huachuca)
BAT Cluster(Huachuca)
Ingestion and Match of Non-BAT data from BISA
and (soon) othersystems takes place at the BAT
Cluster.

• 3000 Fielded Systems and Servers
• 1000 Data Accessing Systems
• CENTCOM, EUCOM, PACOM, AFRICOM, SOUTHCOM,
  INSCOM, NGIC

8
World View Detention Facility
Real World Camp Cropper, Camp Bucca, Guantanamo
Bay
BAT
DMS
MP Detainee Operations Center
DSS and ReplicationInfrastructure
MP Compound Ops
MI Interrogation Center
MP Compound Ops
DetentionCenter MainServers
MI Fusion Analysis Center
MP Compound Ops
MP Compound Ops
MI DocEx, DAB, MI Screening, CMD, Command
9
Relationship Between BAT and DMS
Although DMS is a separate application running
over a separate database, Persons (Detainees) in
DMS are managed by the BAT System. BAT is the
enrollment point for detainees, and their
detained status is managed by BAT. DMS connects
to BAT to update its knowledge of persons in the
system.
FACILITY A

• Detainee ID and Enrollment in BAT
• Detention Report marks detainee as DETAINED
  at location FACILITY A

BAT Server
DMS Server
BAT-DMS Connector
BATDB
DMSDB
BAT Users
DMS Users

• Add Interrogation and other Intelligence
  Information to BAT Dossiers and BAT Data Model

• Administer Detainee within the Facility

10
Relationship Between BAT and DMS
Each DMS runs its own facility in real-time, but
Movement Orders can be conducted between DMS
facilities to transfer detainees from one
facility to another. BAT Records for the
detainee, including biometrics, are transferred
along with the DMS historical information.
Detainees can then be identified biometrically
using BAT upon their arrival at the destination
facility.
FACILITY A
DMS
BAT
FACILITY B
BAT
DMS
11
Relationship between DMS and DMS Portal
DMS Portal is an overarching Web Portal
Application that interacts with DMS application
servers running each of the detention
centers. The DMS Portal is capable of running
distributed queries via web services to the
various DMS systems to provide real-time
information on where a detainee is at any given
time, or to see facility information such as
rosters of detainees, by location, in real-time.
DMS Portal

• Portal users can see live information from
  multiple facilities in real-time.

DMS (Facility C)
DMS (Facility A)
DMS (Facility B)
12
BAT The Identity Management Piece
13
BAT Interfaces to COTS Hardware API/Plug-In
Approach
Image AcquisitionWizard

• SDK plug-ins including camera models by
• Canon
• Kodak
• Olympus
• Nikon
• SecuriMetrics

• Connect
• Snap
• Cut, Crop, Rotate
• Import from File

Identification and Enrollment Wizard
ICamera Interface
Iris AcquisitionWizard

• SDK plug-ins including iris device models by
• SecuriMetrics

• Connect
• Capture

IIrisDevice Interface
Fingerprint AcquisitionWizard (Tenprint Plugin)

• SDK plug-ins including single-finger and tenprint
  readers by
• Cross Match
• Smith Heimann
• SecuriMetrics
• Digital Persona (legacy)

• Connect
• Collect EBTS File
• Sequence Check
• Validate
• Collect Single Prints
• Collect Iris and Photo
• Quality Check

IFPDevice Interface
14
BAT Interfaces to COTS Hardware
Digital Cameras
Iris Cameras
Multimodal Collection Devices
Ten-Print Fingerprint Devices
Single Finger Fingerprint Devices
GPS Devices
Digital Signature Pads
Barcode Readers
Badge Printers
Dictation Foot Pedal
15
BAT Identification and Enrollment

• Collects and validates data fields to produce
  Department of Defense standard Electronic
  Biometric Transmission Standard (EBTS)
  Transactions
• Workflow driven to collect fingerprints, irises,
  photographs and biographical data.

EBTS Textual Data Collection

• Collects, Compresses (WSQ) and Sequence Checks
  fingerprints by interfacing with a wide variety
  of fingerprint devices
• Interfaces permit users to import, export,
  validate and view existing EFT Files

EBTS Fingerprint Collection
16
The BAT Dossier is the Entry Point for Adding a
Detainee into DMS
The BAT Dossier contains the Detainee Status
information. BAT ID/Enrollment is the first step
in adding an individual to the system. In the
process, they are biometrically identified
against all previous encounters theater-wide.

• BAT Enroller uses the BAT ID/Enrollment
  Wizard to Identify and/or Enroll the
  individual.
• If the individual is biometrically
  identified, his existing Dossier is loaded.
• If the individual is not in the system then
  the individual is enrolled and a new Dossier
  is created.
• The detainee is then marked as DETAINED at a
  given facility (in this example, the DEMO
  correctional facility.) This is the data that
  signals to DMS that the person is now
  detained at the facility.

17
DMS The Facility Management Piece
18
DMS Capabilities

• DMS allows real-time management of the following
  processes within a facility
• Real-time Location of Detainees (Assigned and
  Current)
• Movement Orders (Internal and External)
• Facility Layouts
• Disciplinary Reports
• Disciplinary Actions
• Blotters
• Significant Activities
• Watches
• Detainee Requests
• Rosters
• Level Reports
• Headcounts
• Escort Control
• Facility Work Orders
• Missed Meals Tracking
• Ad-Hoc Querying and Reporting
• Guard Messages and Alerts

19
DMS Facility Builder
New DMS Facility layouts can be built in hours or
even minutes using the DMS Facility Builder. An
XML Schema for the facility layout defines the
locations and their hierarchy. The Facility
Builder, using the XML, populates an empty DMS
database with the locations and the DMS System is
ready for operation.

• The entire XML facility layout for a major
  detention center fits on a single page.
• DMS can accommodate any kind of facility
  structure with nested locations such as Camps,
  Compounds, Buildings, Floors, Rooms, Cells,
  Tents, Trailers, or any other user-named
  locations.

20
DMS Checks BAT for Changes and Brings in New
Detainees
DMS Operations Center users check BAT for changes
and new detainee are brought into DMS.

• New detainees are brought in to DMS.
• Photos and Thumbnails produced by BAT during
  Enrollment
• ISN Number, Name and other contextual data
  such as DOB comes from BAT.

21
Login, Home Location and Kiosk Mode
Users log into DMS from their web browser.

• When a user logs into DMS, they can select a
  Home Location which is the highest level in
  the facility that they can see.
• When a DMS terminal is operating in Kiosk
  Mode, the Home Location is fixed, preventing
  operators from viewing or interacting with
  other parts of the facility.
• For example, a DMS Terminal at the guard post
  outside of Block A can be Homed to Block A,
  so that guards can only interact with Block A
  and sub-locations of Block A.

22
Location Heat Map
A dynamic Heat Map view of the facility shows
which locations are heavily populated and which
locations are relatively empty.

• Virtual heat map colors locations based on
  actual occupancy versus the predefined location
  capacity. If locations are over-capacity or
  nearing full capacity they appear more red. If
  locations are empty or near-empty they appear
  more green.
• Clicking on locations or navigating using the
  location breadcrumb trail adjusts the view
  allowing drill down.

23
Location Block View
Location Block View shows a graphical
representation of a block. Locations show the
ISN of the occupants, their country of origin,
their Risk Level and the status of Detainee
Actions that are in progress.

• Custom views of a location such as the Block
  View show a nested block view of a location and
  its sub-locations.
• Information about occupants are shown in the
  block view, including
• Detainee Number
• Nationality Code
• Risk Level
• Detainee Action Status
• Blotter visible

24
Detainee View
The Detainee View shows all current and
historical activities, flags and information
associated with a Detainee.

• Name and ISN
• Flags
• Thumbnail / Full Face Photo Link
• Location
• Information
• Movement Orders
• Watches
• Requests

25
Movement Orders Form (Individual and Group)
Users create and conduct Movement Orders for
Individuals or Groups using the Movement Order
Form.

• Movement order form is State driven. Statuses
  include New, Pending, In Progress, Complete and
  Canceled.
• Active buttons in the form are used to
  initiate actions such as starting or finishing
  the movement.
• Thumbnails of moving detainees are shown in
  the movement order.
• Signature blocks are automatically populated
  based on the logged in user as they initiate
  actions.

26
DMS Portal
The Enterprise Oversight Piece
27
Facility Master List
The Facility Master List shows all DMS Facilities
that are available through the DMS Portal.
Administrators can add new facilities to the
Portal by adding their web address. DMS Portal
contacts the DMS Facility via web service calls.

• Facility Master List
• Add Facility used to link in new facilities
• Publish Sites used to push knowledge of the
  facilities out to each individual facility.
  This allows facilities to discover each other
  in order to perform cross- facility movement
  orders.

28
Detainee Search
Cross-facility Search by ISN, BAT GUID or Name

• Search

29
Detainee Search Results
Each site returns back results from the search.
The site where the detainee is located returns
the current information (real-time) for the
detainee.

• DMS Facility
• Thumbnail and Photo Link
• Basic Personal Data
• Assigned Location and Occupying Location
  (real-time)

30
Facility Statistics Details
Facility Statistics (real-time) are available for
viewing through the Portal. If a facility is
unreachable (ie. Network is down, etc.) then the
last known statistics are displayed.

• Facility Details shows hierarchy of locations
  with actual occupancy and assigned counts.
  Clicking on the hyperlinks brings up live
  (real-time) roster view of the location.

31
Facility Real-Time Location Roster
Facility Statistics (real-time) are available for
viewing through the Portal. If a facility is
unreachable (ie. Network is down, etc.) then the
last known statistics are displayed.

• Real-time rosters for a selected location.

32
MARS
Multilingual Identity Management Piece
33
Summary

• The solution provides the DoD with a robust,
  highly capable out of the box solution for
  enterprise-wide Detention Management operations.
• The solution includes a complete end-to-end
  architecture that includes multimodal biometric
  identification and enrollment.
• The solution has proven its ability to operate
  effectively on the largest missions (detainee
  populations gt25,000 at a single facility). It
  has been running continuously (24 x 7) at
  major operational detention centers for years.
• The solution is very flexible. Databases to
  support new facilities can be designed,
  created and operational in a matter of hours.
• The solution provides reach-in capability across
  multiple facilities enterprise-wide. Using
  DMS Portal, real-time information about
  detainees and facilities is available for
  management purposes from one central location.
• The solution is readily adaptable to the civil
  correctional system

34
Contact
For additional information, contact Anthony
Iasso Oberon Associates aiasso_at_oberonassociates.co
m