Cruise ships take on board multifactor authentication

* Cruise ship security

My wife and I are just back from a vacation, a cruise along Mexico’s Pacific coast. As always when I travel I look for instances of identity data usage, security and the potential for fraud or error. This time was no different and I want to focus on boarding procedures (both initially, at the start of the cruise as well as in each port) and port procedures. The former are handled by the ship’s security people while the latter are done by the port country’s security authorities (in this case, Mexican authorities).

The procedures, while similar, can be subtitled “positive” identity and “relative” identity. First, positive identity.

When you check in with the cruise line you are asked, just as you are when checking in with an airline, for a government issued ID card containing a picture of you – typically a driver’s license or passport. Note that passports will soon be a requirement for all travelers re-entering the United States. Once that formality is taken care of, you are issued a ship ID card/door key. This is a hard plastic card imprinted with your name, an account number and a barcode. It’s used to open your cabin door, make purchases aboard ship and must be used to get off and back on the ship while in port.

Once you’re given this card at check in, you proceed aboard ship where your picture is taken and associated (in an onboard database) with your card’s barcode number. Subsequently, every time you re-board the ship you put the card in a reader which brings up your picture for the security officer to compare with your face.

The port security officers, since they don’t have access to the ship’s database, ask for an additional step. When entering the port you must present your passport (or other photo ID) and the ship’s card. The passport photo is matched to your face and the passport name is matched to the ship card. If there’s a match, you can enter the secured area of the port. If not, well, I've heard Mexican jails aren’t pleasant!

This all seems pretty straight forward, and is a good example of multifactor authentication combining biometrics (your face and picture) and a token (the ship’s card) for authentication purposes. This is a positive identity.

But suppose, as a fair number of cruisers do, that you never leave the secure area of the port. After all, there are shops and bars within the security perimeter so you really never have to encounter the Mexican authorities. Is there a game you could play? There is, and we’ll look at that next time.

Upcoming Event: “Federated Identity Management: A Comparison of Various Approaches” is a free Webinar being offered this Thursday, April 12 at 11 a.m. U.S. EDT (UTC/GMT-4 hours) and sponsored by Ping Identity. Click here for details and registration.

Now available: Jim Yang of the Penrose project notes the release of LDAP Studio 0.7, an open source LDAP tooling platform for the Eclipse environment.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.