The United States Transportation Security Administration (TSA) has announced an urgent need for tools and capabilities to provide alternative identity verification solutions for passengers seeking access to security checkpoints and the sterile area of the airport before boarding an aircraft.
The goal is for TSA to identify and validate one or more commercially available identity verification services that can be deployed at airports and offered as a service directly to travelers who do not have an acceptable form of identification. Invited vendors may enter into a cooperative research and development agreement (CRADA) with TSA to formalize the collaboration.
Real ID deadline looms
TSA’s default approach for verifying passenger identity uses the Credential Authentication Technology (CAT) system to validate the authenticity of machine-readable identity credentials (e.g. license, passport), verify the passenger’s flight information and confirm the passenger is the true bearer of the credential. TSA has worked with state DMVs and industry to develop acceptance and interoperability requirements for mobile credentials (e.g. state-issued mobile Driver’s License). Additionally, TSA operates a call center that specializes in helping transportation security officers verify the identity of passengers who arrive at the checkpoint without any acceptable forms of ID.
With the enforcement of the Real ID act starting on May 7, 2025, TSA says that it urgently requires solutions that will verify the identities of passengers who hold a state-issued ID credential that is not Real ID compliant (i.e. no star) using alternative sources for identity. TSA envisions an operational concept in which the passenger downloads a commercial application to their personal device, executes remote identity verification, is provided with a secure token, scans their non-compliant ID and the vendor-issued secure token at TSA’s systems in the checkpoint, and proceeds to screening as directed by a TSA officer.
Requirements
The commercial solutions must be implemented within three months of CRADA execution. Furthermore, they must be passenger-held mobile applications, be implemented and operated by offerors without dependency on TSA systems or network modifications, personnel or funding, and achieve remote verification of a passenger’s full name and date of birth at a level consistent with NIST fair evidence requirements. The creation of an alternative identity verification token should ideally be transmitted to TSA’s second-generation Credential Authentication Technology (CAT-2) as an mDoc per ISO/IEC 18013-5:2021. TSA will evaluate other transmission methods that lead to a secure transmission.
TSA notes that the request is to assess available capabilities and not a solicitation for procurement. Responses are invited by April 28. Presentations from invited companies will be held May 5-6, with CRADA execution scheduled for May 20.
Read more about the introduction of Real ID here.