Post-Pandemic Follow-Up Audit of Security Checkpoints

This paper provides a follow-up audit of security checkpoints (or simply checkpoints) for mass transportation hubs such as airports and seaports aiming at the post-pandemic R&D adjustments. The goal of our study is to determine biometric-enabled resources of checkpoints for a counter-epidemic response. To achieve the follow-up audit goals, we embedded the checkpoint into the Emergency Management Cycle (EMC) – the core of any doctrine that challenges disaster. This embedding helps to identify the technology-societal gaps between contemporary and post-pandemic checkpoints. Our study advocates a conceptual exploration of the problem using EMC profiling and formulates new tasks for checkpoints based on the COVID-19 pandemic lessons learned. In order to increase practical value, we chose a case study of face biometrics for an experimental post-pandemic follow-up audit.


I. INTRODUCTION
Security checkpoints (hereinafter referred to simply as ''checkpoints'') are central components of nearly all national and international mass-transit hubs (e.g., airports, seaports, train stations, etc.), as well as ports of entry for international border crossings [1], [2], [3]. The main waves of followup audits of checkpoints deployed within mass-transit hubs emerged as a result of three significant disruptive events ( Fig. 1): • after the 2001 9/11 terrorist attack, • after the 2015 European Unit (EU) migration crisis, and • after the 2019 COVID-19 pandemic. The 9/11 terrorist attack stands as the main catalyst for the unprecedented expansion of security-focused research and development (R&D). This first wave attack is one of the main catalysts for significant advancements in biometric technologies [4], [5], [6], [7], [8]. The post-EU mass-migration VOLUME 11, 2023 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ crisis marks the second wave of checkpoint follow-up audits, which has revealed many socio-technological vulnerabilities of advanced security technologies [9], [10], [11]. The third wave, the COVID-19 pandemic, reveals the gamut of sociotechnological challenges and some particular solutions such as digital-based contact tracing [12], ''selfies'' as a part of contact tracing [13], non-contact and near-field services [14], along with screening using the infrared bands [15]. The noted three waves of checkpoint follow-up audit also revealed how the various countermeasures influence the decision-making of officers at the checkpoints, and in turn, impact the travelers passing through the checkpoints. Such a relationship is one of the many socio-technological vulnerabilities revealed in a follow-up audit. Identifying these relationships is critical for improving future technologies, especially when seeking to reduce the likelihood of these technologies having a negative socio-technological impact on the users of checkpoints.
In this paper, disruptions are categorized into natural disruptions (e.g. pandemic, earthquake, etc.) and human-made disruptions (e.g. terrorist attacks, criminal and security incidents, etc.). Because these disruptions are rare, random, and chaotic, ill-prepared checkpoints are extremely vulnerable, often to the point of being rendered useless. By acknowledging the risk a significant disruption event can pose, a followup audit allows us to predict and mitigate the impact and damage caused by possible future disruptions.
An embedded task-centric follow-up audit approach [22] was selected to examine how post-pandemic security checkpoint R&D can be achieved. This approach is to embed the checkpoint R&D process into the Emergency Management Cycle (EMC). The EMC is designed specifically to address and mitigate the multitude of challenges associated with disaster response, management, and recovery [23], [24], [25]. By using an embedded task-centric follow-up audit approach, important insights can be gleaned: • R&D road-mapping (Section IV-A), • EMC-centric R&D landscaping (Section IV-B, and • Experimental exploration of the R&D landscape (Section IV-C). The conceptual contribution of our study provides an extension of the contemporary checkpoint using the EMC projections. This study aspect helps determine the counter-epidemic-centric framework for future generations of checkpoints. From this point of view, this work follows the general trend of the COVID-19 pandemic response, i.e. adjusting various system concepts with respect to current and potential future epidemic disasters. Contemporary checkpoints are a main international focus for both the IATA and ICAO in their efforts to improve future R&D [1], [16] and stand as central considerations when road-mapping [26]. Our study helps to overcome the drawbacks of road-mapping where the counter-epidemic functions of the checkpoints are not defined or included. We make the following specific contributions: • Pandemic-centric follow-up audit of a contemporary checkpoint. Periodic reviews such as [27], [28] did not include epidemiological factors. We state that the epidemiological views should be a mandatory requirement of the checkpoint R&D in conjunction with lessons learned from the 2015 EU migration crisis.
• Identifying the fundamental EMC principles to be applied to the checkpoint as well as the technologysocietal gaps related to the checkpoint epidemic countermeasures. This is an essential adjustment of known checkpoint concepts such as the ICAO-IATA roadmap [26].
• Experimental follow-up audit on mitigation of crossborder biometric technologies performance degradation in epidemiological scenarios. Our results are reported in three main Sections: 1) a review of the current state in the area (Section II); 2) an audit of the technology-societal challenges (Section III); and 3) a follow-up audit with a focus on the EMC principles, and the experimental examination (Section IV). The provided audit results are in the recommendations outlined in Section V.
The abbreviations and narratives used in this paper are shown in the Nomenclature section.

II. CONTEMPORARY CHECKPOINT
The state-of-the-art landscape of checkpoints before the 9/11 security disruption was mainly characterized by the harmonization of available security resources, such as improving the skills of security staff and increasing the efficiency of control of passenger flows [4], [29], [30]. Without question, the biometric-enabled technologies for checkpoints have dominated the R&D in this space. After the 9/11 terrorist attacks, biometric-enabled technologies were directed into practice.
This period was well-documented, periodically reviewed, and audited in order to determine and bridge the technologysocietal gaps in checkpoints.
The advancement of e-borders and their components such as checkpoints are central to international initiatives aimed at achieving closer cooperation between countries based on the related advances in technology [1], [8], [31]. The roots of e-borders can be traced back to the extensive work in biometric system design [32], such as decision-making under uncertainty, proactive risk management, modeling, and early warning control security systems [29].
Checkpoint technology is a well-established area that combines the R&D advances from several fields such as biometric-enabled authentication (e-ID) [33], multi-echelon security doctrine [3], intelligent human-machine interactions [31], [34], modeling complex systems, legality, privacy regulations, and delegation to machines a part of human privacy [35], and intelligent conversational agents [19], [36]. While these technologies are relevant to epidemiological monitoring and e-health [37], to be most aptly integrated at a checkpoint they must be modified in a manner reflective of the lessons learned during the pandemic. Contemporary checkpoint technologies are the result of the technologysocietal evolution of several generations of security systems [2], [21], [30], [38]. Periodic road-mapping is a common practice in identifying trends, needs, and priorities in checkpoint development [26].
Essential components of the framework for future potential disruptions were developed in the pre-pandemic period, in particular, self-service technologies [39], [40],e-ID with possibilities to extend to personal health state data [16], intelligent e-interviewer for protection personnel [19], and tracing people of interest [41], [42], [43].
The most contrasting feature of contemporary checkpoint R&D is the conceptual-level embedded intelligent technologies [31], [34] such as cognitive agent models [40], [44], [45], [46], human-machine interactions [19], traveler deep screening [34], and border control technologies [31], [47]. Biometric authentication and screening support multi-state, multi-feedback processes, with deep learning being the most promising approach [33], [34]. Various intelligent prescreening systems were started from the CAPPS (Computer Assisted Passenger Pre-screening System), e.g. Secure Flight and TSA Pre-Check, and classify travelers into high-risk and low-risk traveler types based on information such as demography, flight information, frequent flyer status, and mode of payment for the ticket [21]. Intelligent techniques such as machine reasoning, aim to more actively support security personnel [19]. Machine reasoning allows for assessing risk, trust, and biases at the R&D stage, as well as at the checkpoint deployment and personnel training. Specifically, trust allows actions that otherwise are not possible (i.e., trust and risk allow actions to be conducted based on incomplete information) [48]. Bias in face recognition, in particular, is a well-documented [49], [50], [51], [52] and important factor in R&D.
Such intensive and innovative checkpoint R&D is greatly motivated by the recognition that public health threats clearly are national and international security threats, with checkpoints being critical in counter-epidemic efforts. An example of earlier counter-epidemic measures applied during the brief 2003 SARS (Severe Acute Respiratory Syndrome) epidemic is the usage of IR thermal screening in mass-transit hubs. In [53], febrile passengers were identified by the remote IR sensor-based assessment of the temperature (if greater than or equal to 37.8C • ). Of importance is noting that only ≈12% of passengers who exceeded the alarm threshold had a fever. One study [54] suggested that IR thermal screening is an ineffective means of screening travelers for possible influenza infections. Alternative advanced bio-security technologies have been recently reviewed in [55] with promising results. For example, during the pandemic, smart reusable and selfsterilizing masks capable of detecting SARSCoV-2 stand as one example of an active area of checkpoint R&D [56], [57].
The gaps in supporting epidemiological intelligence via online datasets are highlighted in particular, in [58] including the identification of infection cases and clusters, rapid contact tracing, monitoring of traveler patterns during a lockdown, and enabling public-health messaging at scale. Mobile counter-epidemic technology introduced by the IATA [59] that is based on a trust-centric distributed platform (i.e. Self-Sovereign Identity (SSI) platform, is an emergent but efficient solution) has shown particular promise. Alternative resources such as unused memory for declaration of the epidemiological status (e.g. vaccination protocol and health precautions) and protocol of e-passport [33] have not been fully utilized. A needed focus for the next R&D phase is biometric-enabled SSI [60], [61], [62] that supports cross-platform compatibility with counter-epidemiological infrastructures [63]. Briefly, we summarize the efforts for the last two decades as follows: • Modeling checkpoint operations and supporting infrastructure is well-identified within the R&D realm, in particular, multi-state screening such as adaptive queuing models [45], [64], [65], [66], [67], [68], causal reasoning models [66], [69], [70], [71], human-machine interaction models [72], concealed item detection models [36], baggage screening models [71], passenger flow models [73], risk scoring models [70], attack models [44]; • Biometric-enabled techniques have made significant progress over the past number of years, namely: e-ID [33], watchlist screening [19], [69], impersonation detection [20], identity de-duplication detection [67], authentication machines [27], [28], implementation and deployment guides and regulations [1], roadmapping [26] as well as issues of human right protection [35]. It should be noted that centralized platforms became a limiting factor in the progress of checkpoint technologies.
• Self-service technologies have for years been consistently developing and advancing, such as agent-based modeling [40], socio-demographic factors [39], [74], optimization [75], and automated interviewing VOLUME 11, 2023 techniques [19] including intelligent-conversational agents aiming at detecting deception using micro face expression recognition together with biomedical signs [36], [76]. Most increasing importance and demand are checkpoint technologies capable of assessing a traveler's psychological state, such as identifying their level of anger, stress, or panic. Of importance is noting that the novel paradigms of trusted identification based on a decentralized platform originally emerged as part of on-demand self-service R&D [77], [78], [79].

III. TECHNOLOGY-SOCIETAL CHALLENGES
Despite the significant and ongoing efforts to improve postpandemic checkpoint R&D, challenges remain. This audit aims to further national readiness of checkpoint technologies for future threats. Technology-societal challenges are revealed by a thorough checkpoint assessment in terms of risks, trust, bias, fairness and other measures of performance of technology and related human and social aspects. This includes the risk of traveler mis-identification [27], [70], traveler's trust or mistrust of a self-service [39], [74], [75], decision-making bias in face recognition [20], [69], demographic bias [49], [50], [51], [52], and related risk of error propagation when using Traveler Data Envelope (TDE) technology [1].
Contemporary checkpoints are viewed as a complex system with well identified-trends specific to the incorporation of artificially intelligent tools [19], [40], [46], [66]. Centralized computational platforms are limited factors for improving checkpoint performance [35], [58], [77], such as the limit in terms of travelers' trust in the identification process, resilience to attacks, and counter-epidemic measures. This stands as a significant motivation for identifying alternative approaches within the checkpoint R&D process, such as the employment of physical credentials that most aptly and accurately identify travelers (i.e., passports, IDs and their biometric extensions such as e-passports and e-IDs).
Today, most travelers can choose where they wish to store their physical credentials. In some cases, they can decide who receives their credentials. Similar to physical credentials, digital credentials (identity) can be stored by travelers in a digital wallet (e.g. mobile phone, tablets, in the cloud). These can be in the form of a ''unique representation of a subject engaged in an online transaction'' [80]. Digital/verifiable credentials offer a convenient, secure, and privacy-oriented alternative to traditional physical credentials [61] (e.g., vaccination certificates). However, the storage of digital information on centralized databases will raise security, ethical, and privacy concerns, as well as limit travelers' control over the processing of their personal data. It is essential that contemporary biometric-enabled checkpoints avoid storing the personal data of travelers in the cloud, but instead store the information on an individual's e-ID. By taking this approach, travelers are responsible for their own biometric data [1], [16], [17], [28], and will arguably have greater confidence and trust when transiting checkpoints. Nevertheless, despite significant progress in privacy protections, a traveler's personal data is vulnerable to various kinds of cyber-attacks or related threats.
A. CHECKPOINTS AFTER THE 9/11 ATTACK The 9/11 terrorist attack caused an acceleration phenomenon of checkpoint technologies. The attack stimulated R&D specific to biometric-enabled identification [16], self-service kiosks (gates) [17], trusted traveler services [18], [81], biometric-enabled watchlists [19], [20], as well as the harmonization of advanced management techniques --all increasing checkpoint performance [21]. For example, each of the five major U.S. trusted traveler programs represents layered screening processes aiming at mitigating the risks associated with trust and bias during decision-making [18].
In the U.S., the Maryland Test Facility, MdTF, was created in 2014 to support the DHS Science and Technology Directorate and Customs and Border Protection's Apex Air Entry/Exit Re-engineering project, to test and evaluate operational processes, including biometric technologies.
IATA's deployment of the travel-pass screening mechanism [59] stands as a noteworthy breakthrough in transferring checkpoint technologies from a centralized platform to a trusted distribution platform [78], [82]. This IATA initiative proves in real-world practice that contemporary checkpoints at mass-transit hubs, such as airports and seaports, can serve as epidemiological countermeasures. The next logical step is to combine counter-epidemic and biometric technologies such as an SSI distributed platform [60]. Arguably, the IATA initiative marks an important point in the changing landscape for both local and global security, as well as for counterepidemic in the post-pandemic world.

1) LAYERED SECURITY CONCEPT
One of the most significant achievements in checkpoint R&D in the aftermath of 9/11 was the expansion of the layered security concept. Layered security represents a model whereby each security task is represented as a combined part of a relevant security level. One example is the Transportation Security Administration (TSA) model which includes 21 layers of security related to various aspects of the traveler screening process [3], [21]. Each of these layers can be interpreted in terms of its cognitive features as defined by the first layer: ''Intelligence of the problem-solving skills'' (human, machine, or semi-automated systems). For example, in [3], intelligence is considered in relation to ''international cooperation'' (layer 2), ''customs and border protection'' (Layer 3), ''joint terrorism task force'' (layer 4), together with the ''no-fly list and passenger pre-screening program'' (layer 5). Especially challenging in designing the layered risk assessment is ensuring each layer compensates for the limitations of another, and discovering mechanisms that produce mutual reinforcement, such that layers provide greater protection together than the sum of their individual effects [83].
Since 9/11, various aspects of the layered security model have been extensively studied, in particular, completeness and depth of protection [83], portfolio approach [84], and disruption rates of security layers [85]. Layered security models also provide conceptual and strategic views for other models. For example, the disruption rates reported in [85] notes that layer 1 (Intelligence) contributes to ≈15% of total security, layer 5 (No-fly list and passenger pre-screening) ≈5%, and layer 10 (Checkpoint screening with Transportation Security Officers) ≈30%.
Our analysis of layered checkpoint security and the recent reviews [21], confirm that counter-epidemic measures, such as layered bio-security, have not been prioritized within contemporary checkpoint R&D, with the exception of fragmentary studies such as modeling epidemic impact on entry screening [86] and risks of potential epidemics [21]. Risk and trust are propagated through the layers. The risk of humanhuman and human-machine interactions, as well as trust, vary. Given each unique traveler, harmonization risk and trust assessments are exploited in trust traveler programs [6], [54]. Specific terminology and assessments are developed in layered security models. They include, in particular, watchlist redress measures [87], depth of protection (a number of security measures that fall on a single path in layered security) [83], adversary adaptation (strategy when attackers learn from their attempts to break the layered security defense), marginal measures (conditional scenarios in layered security model), and depth of social embedding (the number of databases used in e-border profiling) [27].

2) EARLY DISTRIBUTED PLATFORM
Early approaches to solving the cross-border traveler authentication and risk assessment started around the year 2011. Table 1 represents a set of databases (referred to as Justice and Home Affairs (JHA) databases) used at checkpoints across the EU [5]. The JHA database is uniquely distinguishable for its being both centralized and decentralized. As noted in Table 1, an inherent property of security checkpoints is their utilization of a distributed ledger. In decentralized systems, such as an API (Advanced Passenger Information), PNR (Passenger Name Record), and EU-US TETR (Terrorist Finance Tracking Programme), ''the distinction between personal and non-personal data is increasingly replaced by the distinction between personal and operational data, the latter involving 'anonymized' or 'depersonalized' data''. For clarity in the discussion, we will use the abbreviation ''JHA'' when discussing traveler profiling (not only in the EU).
A key question ''asked'' during the screening of travelers during the first generation of e-border checkpoints was: ''Is this traveler on the watchlist?'' [5]. Today, this key question has evolved to be: ''What is the risk (or cost) of the traveler being wrongly matched/non-matched to the JHA database?'' [31]. Central to asking the contemporary version of this question is ensuring robust safeguards are in place to negate the risk of impersonation. The three main types of impersonation assessed at contemporary checkpoints include [20]: 1) inherent impersonation --an unintentional mistaken identity resulting from a technological error, 2) intentional impersonation --a purposefully manufactured false identity aimed at deceiving checkpoint inquiries, and 3) social media mining impersonation --impersonation caused by mining social media platforms for anonymous blogs, pseudonyms, and synthetic biometric traits retrievable from social networks [41]. Effectively addressing the risks of impersonation is critical for all checkpoint R&D, especially considering the watchlists for contemporary and future e-borders will be assessed using the JHA-based inference of risk rather than a human operator.

B. EU MIGRATION CRISIS
Since the 2015 EU migration crisis, several scholars have examined the numerous warning signs and challenges relating to checkpoints during this crisis [9], [10], [11], [88]. The primarily finding were as follows: (a) Stationary checkpoints, such as gates in mass-transit hubs, were of little to no use; (b) Mobile biometric-enabled systems were successful for migrant authentication in some scenarios; (c) Most of the migrants had iPhones or other smartphones with a wide assortment of apps; and (d) New technology-societal approaches were critical and in high demand.
A central question raised during the post-EU 2015 migration crisis was why advanced border policy and praxis, including biometric-enabled systems, failed. Unsurprisingly, there are no common positions on how to deal with humanitarian crises for events such as the EU 2015 migration crisis. This challenge is largely the result of the different security, defence policies, and strategies of the numerous EU member states. For example, study [9] advocates the need for checkpoint systems that are ''systemic rather than ad hoc; global rather than national or narrowly regional; and based on rights and opportunity rather than security''. A key recommendation of this work is that ''third-state cooperation on migration needs to be reformulated''. To this end, EU actors should collaborate with neighbouring states to predict and control migration. In [11], the autonomy of migration (AoM) approach was developed. The AoM claims that migrations yield moments of autonomy (moments of uncontrollability and excess) in any attempt to control or regulate migration. AoM scholars who study how migrants challenge and subvert border controls, purposefully noted that AoM is a useful tool for investigating border security practices while limiting the exposure to control-biased analysis.
Another significant consideration for checkpoint R&D is the risk of a global migration crisis caused by climate change. As the climates change around the world, the risk of increasing irregular migration (both voluntary migration and involuntary displacements), along with a possible global migration crisis, are real. These risks are exasperated by rapid population growth in areas highly exposed to migration [89]. Furthermore, globalization has been transforming VOLUME 11, 2023 TABLE 1. Sample of centralized and decentralized JHA databases which are used in EU checkpoints [5].

FIGURE 2.
The process of authenticating a pre-pandemic traveler passing through kiosks/gates. The traveler passes through a series of checks involving the biometric acquisition, biometric verification, passport/document authentication of genuinity, and watchlist screening.
the existing risks and threats, which are near impossible to neutralize when the focus of nation states is limited to their domestic national security concerns. The specific nature of future climate-related migration flows will depend upon the adaptive capacity of people living in highly exposed regions and on the intervening variable of migration and border policies of potential destination countries --issues critical to both current and future checkpoint R&D.

1) DISTRIBUTED PLATFORM AND BLOCKCHAIN
Distributed Justice and Home Affairs (JHA) databases were used at checkpoints across the EU [5] since 2011, as summarized in Table 1.
Over the past decade, distributed ledgers and underlying blockchain technologies have become core attributes of today's checkpoint R&D. For example, the key message of the report [82] is that ''distributed ledger best fits a particular purpose, balancing security and central control with the convenience and opportunity of sharing data between institutions and individuals.'' As illustrated in Fig. 2, a central element of contemporary centralized traveler authentication screening (also called pre-pandemic screening) are biometric-enabled check-point technologies [1], [5], [16], [17]. Today's traveler authentication processes consist of the following checks: • Biometric acquisition (1): live-captures of a biometric sample (i.e., face, fingerprints, iris); • Verifier (2): biometric verification of the traveler's identity, i.e. live-captures a biometric sample for a one-toone match against the image obtained from the biometric document holder.
• Issuer (3): authentication of a traveler's document (i.e., ensuring the document is genuine, valid, lawfully issued by a country, and not listed as lost or stolen); • JHA check (4): confirmation that the traveler is authorized to cross the border. Risks related to the screening of travelers are assessed at each step of the authentication process, ultimately contributing to an accurate and trustworthy final decision. Modern checkpoints are biometric-enabled and semi-automated systems supervised by officers in a remote station, who in the event of a problem, can quickly coordinate and intervene with on-site checkpoint officers.

2) BIOMETRIC-ENABLED SELF-SOVEREIGN IDENTITY
SSI-based authentication characteristically involves a traveler securely creating and controlling their digital identity via a personal device they own (i.e., smartphone, tablet, etc.) [62], however, details such as biometric traits are not discussed. Nevertheless, biometric-enabled SSI can be considered as a type of distributed computing [60], including cloudbased ''selfie-biometrics'' [90]. For selfie-biometrics, confidentiality can be achieved using various secure biometric mechanisms, such as fuzzy commitment, secure multiparty computation based on cryptosystem methods, as well as cancelable biometrics [91].
It is important to note that self-service processes including self-authentication are defined as human-machine interactions and modeled as a dynamic closed-loop system that learns from the tracking of a traveler's biometric behavior and physical traits, e.g. [19], [36], [92].
Identity systems that rely on the centralized platform have proven unreliable [78], [82]. The following R&D challenges of checkpoint evolution are emphasized: • Demand for new security policy caused by the 9/11 terrorist attack was satisfied by unprecedented attention to homeland security.
• Demand for new security paradigms caused by the 2015 EU migration crises was partially satisfied, e.g. [9], [10], [11], however, the need for massive mobile authentication technology remains active.
• Challenging steps initiated by the COVID-19 pandemic include the rapid replacement of a centralized platform with a semi-centralized platform and distributed ledger based on trust and interoperability.
Fundamentals of the SSI for checkpoint tasks have wellidentified roots in the pre-pandemic R&D phases, e.g. [62], [78], [80]. They are reviewed in [93]. The core of SSI is distributed ledgers --a type of database that is spread across multiple sites, countries or institutions, and is commonly public [82]. In identity management, trust is a risk judgment between two or more people or organizations [82], and must satisfy two key areas of inquiry: • Prove to me that you are whom you say you are (authentication); and • Prove to me that you have the permissions necessary to do what you ask (authorization).

C. COVID-19 PANDEMIC
State-of-the-art checkpoints during the COVID-19 pandemic can be characterized using the two main factors: 1) changing computational and communication platforms from centralized to decentralized ones (as was done by IATA (International Air Transport Association) [59]), and 2) the degradation of biometric-enabled performance during pandemic (e.g. the significant decline in the efficacy of face recognition technologies [94]). Both can be considered as the starting point for a follow-up audit under a common performance assessment view such as the risk of the degradation of face recognition, risk of mis-identification, public trust in technologies used for tracing infection spread, and bias of decision-making (e.g. testing for a communicative disease, or a demographic bias of face recognition).

1) DECENTRALIZATION AND SSI
The COVID-19 pandemic sparked significant developments and advancements for next-generation checkpoints such as the SSI communication and computation platform. The SSI platform combines the advancements in mobile biometrics that developed during the post-9/11 and post-2015 EU migration crises, and also includes the counter-epidemic technologies that have recently emerged during the COVID-19 pandemic (such as vaccination passport control and tracing) [77], [95], [96], [97]. The transfer of biometric-enabled identity data from centralized platforms to decentralized SSI platforms presents new technology-societal opportunities and improvements to checkpoint performance [60], such as the detection of duplicate profiles [33], [67]. Fig. 3 illustrates the trusted biometric-enabled SSI screening process (predicted post-pandemic) which includes both the self-authentication and self-counter-epidemic models operationalized via a decentralized platform. Given a traveler and their token (iPhone): • Self-authentication process is controlled by the App store (1) that supports the Verifier (2), Issuer (3) and JHA check (4).
• Self-counter-epidemic process is controlled by App labs (5) through which labs and test centres can: (a) send test results or vaccination certificates to travelers; (b) register testing vaccination centres (6) identify labs and testing centres at departure locations; and (c) register of global health requirements (7) that provides information on vaccine status, testing, and travel requirements. Replacing computational and communication platforms requires R&D adjustments related to existing checkpoint technologies. We refer to recent work on epidemicconditioned biometrics such as periocular face recognition (face around the eyes) [56], [98], [99], [100], mask detection [101], and adjusting e-interviewers with respect to the acoustic effects of mask wearing [102] and incorrect mask wearing [101], [103]. We also refer to [58], [104] for legal, ethical, and privacy concerns of the counter-epidemic checkpoint extension. In particular, the checkpoint counterepidemic mode will need to be 'proofed' against possible privacy breaches and related privacy concerns. One suggested approach is to ensure data can be shared in a manner that allows independent audits to safeguard against the data being unlawfully used for purposes outside of a pandemic response or being retained post-pandemic.
The main lesson learned from the COVID-19 pandemic is that checkpoints should be a part of the coordinated, standardized national, and international counter-epidemic infrastructure. Considering the importance of such checkpoints in safeguarding against future epidemics, it is imperative that adjustments are made to current checkpoint R&D efforts.
Considering the hasty development of COVID-19 vaccine passports by governments around the world, it is understandable these governments were unable to coordinate and develop comprehensive technical standards prior to launching their respective vaccine passports. Due to the hasty and relatively recent development of COVID-19 vaccine passports around the world, there has not been sufficient time to fully consider the risks and impacts associated with their development (i.e., risks associated with lacking national or international standards, the efficacy of the technology, along with impacts relating to fairness, civil liberties, and privacy [105]). Considering the multitude of challenges associated with the analysis of vaccine passports, we will only be addressing and referencing the IATA Travel Pass Initiative [59] and IBM's Digital Health Pass [106].
The IATA Travel Pass Initiative is based on four independent open-sourced components that can interact with each other using blockchain technology and can be combined with an end-to-end solution [59], including: (a) a registry of global health requirements that provides information on vaccine status, testing and travel requirements; (b) a registry of testing vaccination centres to identify labs and testing centres at departure locations; (c) a lab app through which labs and test centres can send test results or vaccination certificates to passengers; and (d) a digital passport module, which will enable passengers to create, verify, and share their certificates.
Similarly, IBM's Digital Health Pass includes three major leading-edge technologies: (a) an application issuing credentials as used by approved issuers; (b) a digital wallet, and (c) verifiers. The IBM Digital Health Pass has been successfully integrated into several traveler checkpoints for health verification, enabling travelers to load and validate their COVID-19-related health and vaccination credentials during online flight check-in. During the online check-in process, a traveler's health ID check is completed to ensure the health screening requirements for the destination(s) they are traveling to are accurately assessed, with a corresponding COVID-19 digital credential then being generated. These credentials then are authenticated by IBM's Digital Health Pass using data encryption and blockchain, which ensures no personal health information is stored by the airline or IBM --the airline only receives a status confirmation that the passenger is able to fly.

2) EPIDEMIC-CONDITIONED BIOMETRICS
Integration of biosecurity in checkpoints leads to the deployment of systems that identify travelers across a variety of different services, such as registries for global and local health requirements, registries for testing vaccination centers, and laboratory apps --such solutions being unacceptable. However, counter-epidemic security and identity security have the same structure that addresses the distributed ledger. This is a primary reason for rapid IATA checkpoint responses to epidemic challenges, e.g. [59]. This pioneering solution was possible because most components were developed, tested, or/and deployed --the second reason for success. For example, self-service (substitution human-human by humanmachine interactions) is a stable trend in checkpoint R&D [14], [39], [40]. This trend is relevant to several epidemiological precautionary measures such as preventing contact and keeping distance.
The COVID-19 pandemic has prompted the expansion and accelerated development of various touchless technologies, with face recognition being one among them. Biometrics traits should be used in conditions of counter epidemiological measures, such as masks, shields, and gloves. Epidemicconditioned biometric traits refer to counter-epidemic projections in order to assess the performance of biometric-enabled tools and systems. Note that for this new notion, we limit the analysis by checkpoint needs only, that is biometricenabled ID (face, fingerprint, and iris traits) and conversation agent (emotions). Examples of epidemic-conditioned biometric traits include: • Faces conditioned by a mask, glasses, and shield and resulting in the periocular face region.
• Fingerprints and palmprints (contact and touchless) conditioned by gloves or need to use sanitizer.
• Irises conditioned by glasses and a shield but not a mask.
• Voices conditioned by a mask or shield.
• Emotional state assessment conditioned by a mask (its assessment is limited by the periocular face region).

3) FAIRNESS IN BIOMETRICS
Fairness, risk, trustworthiness, biases, transparency, explainability, and interpretability become the key assessments for the performance of biometric-enabled systems [49], [50], [51], [52]. An example of a bias is the so-called own-race bias, which constitutes the tendency to have better recognition of one's own racial ingroup rather than those of other races. The effect of social categorization of face recognition has been well established: face recognition is superior for individuals that belong to familiar social categories, such as one's own age group, gender, and race. The social categorizationindividuation model proposes that the ingroup biases in face recognition are the result of the enhanced processing of 7606 VOLUME 11, 2023 identity diagnostic features of ingroup faces and categorydiagnostic features of outgroup faces. Other socio-ethical categories include impersonation and distrust (user behavioral effects in interactions with biometric devices). A related effect is known as the Doddington phenomenon [20], [107]. This phenomenon describes a situation where subjects in a biometric system can always be classified into four main categories: 'sheep', 'goats', 'lambs', and 'wolves'. Sheep are subjects that are easily recognized; goats are subjects that are difficult to recognize; lambs are subjects that are easily impersonated, and wolves are subjects that are good at impersonation.

IV. FOLLOW-UP AUDIT: THREE-ECHELON APPROACH
By using an experiment-centric follow-up audit for this study we were able to show how the degradation of face recognition can be improved by fusing immunity e-ID with existing biometric-enabled ID --improving accuracy using epidemic-conditioned biometrics such as the analysis of the periocular face area. It is essential that our approach is not limited to only the COVID-19 recovery of checkpoint operations, but also included as a part of the United Nations research roadmap on global recovery [108] aimed at improving response to future potential threats.
The post-pandemic follow-up audit of R&D checkpoints is largely based on achievements realized pre-pandemic and during the pandemic response period itself. As illustrated in Fig. 4, this study employed a three-echelon approach for the follow-up audit. Researchers needed to achieve a general assessment of the post-pandemic R&D to strategically identify future R&D planning. The first echelon aims to satisfy these needs and provides R&D road-mapping. Second, researchers needed to explore the R&D landscape to help specify the R&D tactic. The goal of the second echelon is to identify the R&D details for various paths of road-mapping. Finally, experimental extrapolation, or examination of the specified problems is used in the third echelon.

A. THE EMC-CENTRIC R&D ROADMAPPING
To achieve the follow-up audit strategic goals, we placed checkpoint operations into the EMC --the core of any border control doctrine aimed at mitigating the risks associated with future disasters and global disruptions [23], [24], [25].  5 illustrates the engineering roadmap for checkpoint operations within the EMC framework. Accordingly, the human considerations relating to checkpoint R&D using the EMC, can be viewed via one of the following phases: mitigation, preparedness, response, and recovery. We state that the development, performance, efficiency, and deployment of checkpoints should be considered with respect to the EMC for both pre-and post-pandemic priorities.
In Fig. 5, the aforementioned priorities are manifested as technology-societal gaps. For example, current checkpoint responses are the result of the missing three EMC phases. The EMC profiling activates the checkpoint in the following technology-society coordinates: • How can checkpoints contribute to the mitigation of the disaster? (Mitigation phase); • How can checkpoints be most aptly integrated into epidemiological surveillance and intelligence? (Preparedness phase); • How can checkpoints operate in disaster scenarios? (Response phase); and • How can checkpoints reallocate resources between the modes? (Recovery phase). This disaster countermeasure domain consists of all the activities focused on the prevention and defense of an epidemiological emergency. It is reasonable to use a standard and a well-defined EMC taxonomy. Post-pandemic realities for closed communities (such as big military ships) are considered from a decision-support view in [109]. We follow this trend and have formulated a post-pandemic reality-focused approach for open communities using powerful security regulators for mass-transit hubs. In Fig. 6, the concept of a future post-pandemic checkpoint is represented as a synergy of two contemporary (pre-pandemic) concepts: • Left part: Layered bio-security including states such as sanitation, wearing masks and shields, keeping social VOLUME 11, 2023 FIGURE 6. Propose the addition of biometric SSI in future checkpoints. The adjustment of the R&D checkpoint is caused by the conversion from a centralized to a decentralized platform. The post-pandemic checkpoint of the future is a synergy of the pre-pandemic layered bio-security concept and layered security model.
• Central part: Post-pandemic checkpoint including biometric recognition, biometric/health e-ID, e-interviewer, tracing, self-service, and profiling. Authors of a recent paper [112] state that we now live in an era in which threats posed by viral pandemics are a daily reality. COVID-19 is one of many potential viral threats to humans. There are just over 250 known zoonotic viruses -viruses that have previously spilled over from animals to humans and have caused disease in people. This is an additional motivation for the EMC profiling of R&D biometric-enabled approaches.
Conceptually, the proposed EMC profiling of future checkpoints should be recognized as strategically aimed technology-societal road-mapping. This technology roadmap aims at advancing border control technologies and fostering better understanding among stakeholders, as is the case with the IATA [26]. The EMC states that the key stakeholders of a system involved in counter-epidemic measures should be long-term partners in preparedness rather than being partners only when emergencies occur and are ongoing. This approach follows from the technology-societal priority that all resources must be consolidated to combat epidemics --the main lesson learned from the current COVID-19 pandemic.

B. THE EMC-CENTRIC R&D LANDSCAPING
The next step of the follow-up audit after the EMC-centric R&D road-mapping is the EMC-centric R&D landscape. The EMC-centric approach for small and medium-sized enterprises has been introduced in [113]. These authors provided a pandemic readiness audit --a process that would enable  businesses to systematically evaluate their preparedness in the face of a pandemic. These authors suggest a list of audit questions that are in the form of an R&D road-map. This approach is adapted for the purposes of our work. Fig. 7 illustrates an R&D road-mapping process that uses four prioritized tasks: Epidemic Surveillance (T1), Contact Tracing (T2), Semi-automated Interviewing (T3), and Privacy and Legislation (T4). In Fig. 7: • Four EMC phases and their causal relationships, such as mitigation, preparedness, response, and recovery, are involved in profiling.
• These general EMC phases are defined in terms of checkpoint protocols (i.e. R&D emergency mode, testing the emergency mode, activation of the emergency mode, and switching back to regular mode).
• Tasks T1, T2, T3, and T4 reflect the specificity of EMC profiling. Table 2 provides conceptual details of the epidemic countermeasures for the first two EMC phases. Specifically, we aim at answering the question: ''How does checkpoint available and potential resources possibly contribute to bridging the EMC gap toward the next checkpoint generation?''

C. EXPERIMENTAL FOLLOW-UP AUDIT
This section represents the third, experimental echelon of follow-up audits. We show experimentally how the checkpoint biometric recognition should be adjusted toward the counter epidemiological requirements. Our experimental examinations are limited by the following conditions: • ICAO-IATA recommendations on biometric traits [16] and • Requirements of counter-epidemic measures to use IR face images as a source of health status features (e.g. temperature, breath, and heart pulse). These limitations suggest that face images are represented in the visual and IR spectrum. We used this fact in our experiments. According to the ICAO-IATA recommendation, three kinds of biometric traits are preferable in e-ID: (a) face, (b) fingerprints, and (c) iris [16]. In epidemiological scenarios, counter-epidemic measures (mask, shield, glasses, and gloves) impact the availability of these biometric traits. Hence, it is reasonable to consider epidemic conditional biometric traits. For this, we chose two predictable postpandemic checkpoint recognition modes: Mask detection as an epidemic countermeasure and authentication person with a mask. The authentication scenario is as follows: given a person, his/her face is acquired and extracted features are compared with images in the e-ID.

1) GOALS AND APPROACH
In this paper, we focus on mask-covered face recognition; the upper face biometrics is periocular biometrics. Intuitively, the performance of a biometric-enabled system should degrade if only a part of the face is available. The goals of the below experimental studies, or examinations, are as follows: Goal I: Estimate the degree of the face recognition degradation under the condition that only the periocular region of the face is available; Goal II: Compensate for this performance degradation.
To tackle the second goal, we propose using an infrared (IR) video band for the extraction of a hidden part of the face. Schematically, the proposed approach is explained as follows: There are several arguments in favour of this approach, in particular: (a) Cross-sensor periocular biometrics have been studied, in particular, in [98], [99], [100], and [114], and (b) IR face image is a useful source of features such as breathing function and air-breathing temperature.
We conducted the following experimental examinations in order to accelerate practical acceptance of the follow-up audit conclusions and recommendations (Fig. 8): Experimental examination I: Mouth and nose cover detection (mask detection). Experimental examination II: Face verification (1:1 comparison) using periocular region in order to estimate the biometric performance degradation; Experimental examination III: Face identification (1:N comparison) using visual, thermal, and thermal+visual hybrid image to examine how different spectral domains can mitigate the performance degradation of face biometrics.

2) DATASETS AND TOOLS
In our experiments, the following datasets were used: • Flickr-Faces-HQ Dataset (FFHQ) [115]: contains 70,000 high-quality images crawled from Flickr. Images are of different subjects of varying ages, ethnicity, background, and wearing different accessories.
• SpeakingFaces Dataset [116]: large-scale multimodal dataset that combines thermal, visual, and audio data streams. It includes data from 142 subjects, with a gender balance of 68 female and 74 male participants, with ages ranging from 20 to 65 years with an average of 31 years. With approximately 4.6 million images collected in both the visible and thermal spectra, each of the 142 subjects has nine different head positions and each position with 900 frames acquired in 2 trials.
For this experiment, two datasets of synthetic face images were used/created: • Thermal-Mask dataset [117]: A dataset of masked and unmasked face images in the visual and IR band (total of 153,360 visual/IR image pairs) using the dataset of unmasked face images in the IR band.  • MaskedFace-Net [118]: A dataset of masked face images in the visual band (total of 70,000 images) using the FFHQ dataset. Fig. 9 provides an example of how the masked face images in the IR and visual band were created from the corresponding unmasked images. For mask detection, ResNeXt [119] was used as the backbone for the Cascade R-CNN [120]. This advanced recognition tool is characterized by a set of attractive features for purposes of an experimental examination, in particular: 1) parallel paths which provide better performance compared to ResNet while having the same complexity; 2) cardinality which controls the number of parallel paths; and 3) feature pyramid network to optimize features maps in upper layers. Details of this experiment are provided in [121].

3) EXPERIMENTAL EXAMINATION I: MOUTH AND NOSE COVER DETECTION
Experimental examination I on mask detection is a part of a more complex experiment as shown in Fig. 8. In this experiment, we are interested in 1) detecting faces in the visual and IR (thermal) spectral bands, and 2) classifying these face images into two classes: (a) masked and (b) unmasked faces.
To detect the masked and unmasked faces in the IR and visual spectra, we separately applied a cascade R-CNN, a deep neural network classifier, for each spectrum. The experiment consists of 142 subjects, 100 subjects (70%) were used for training, 28 subjects (20%) were used for validation, and the remaining 14 subjects (10%) were used for testing. Sufficient precision on location and classification of faces with or without masks (about 99.7% and 99.5% mAP 50 for thermal and visual, respectively) was achieved using the ResNeXt-101 architecture. The results of the detector for experimental audit agree with the reported results. Details of the experiment are given in [121].

4) EXPERIMENTAL EXAMINATION II: PERIOCULAR RECOGNITION AND PERFORMANCE DEGRADATION
The goal of this experiment was to determine the degradation of recognition performance when the subjects were wearing masks. The mask detection was applied as shown in Fig. 8. Fig. 8 illustrates the process of face recognition at a checkpoint. Typically, only a visual image is required for face recognition; however, in the COVID-19 era, many people are required to wear a mask which can greatly deteriorate the performance of a face recognition algorithm. We propose to unmask the individual using IR information and then create a full-face hybrid image consisting of both visual and lower IR regions.
Since in this examination our focus is to verify the performance of the recognition algorithm, specifically in relation to the periocular region, we choose to perform face verification (1:1 comparison). For this experiment, FFHQ [115] and MaskedFace-Net [118] were used for masked and unmasked face evaluation. In this experiment, we used a Siamese network for face verification. The Siamese network consists of two weight-sharing Inception v3 networks for feature extraction. The features are then compared using Euclidean distance to verify if the face matches the subject. Face verification is best suited for this scenario because it places more emphasis on how obscuring a large part of the face (wearing a mask) can impact recognition.
We report a recognition degradation of 36.34% in verification mode. This experimental examination explains why a pre-pandemic checkpoint operation based on face authentication fails under the conditions such as wearing personal protective equipment during pandemics.
Further details of an experiment are given in [121].

5) EXPERIMENTAL EXAMINATION III: COMPENSATION FOR BIOMETRIC PERFORMANCE DEGRADATION
The goal of this experiment was to examine the performance of face biometrics when using composite images. In this experiment, a composite image including two portions (visual and IR) is shown in Fig. 8. The top portion of the image consists of the forehead and the periocular region of the face taken in the visual spectrum. The bottom portion includes the mouth and neck region of the unmasked individual generated in the thermal spectrum. By combining the top and the bottom portions, we attempt to recover a complete face image for face recognition.
Composite images are created using the Thermal-Mask dataset [117] and the SpeakingFaces dataset [116]. Face identification mode (1 : N comparison), via Inception v3 network, was used to verify the performance of the generated composite images in contrast to the masked and unmasked face images. Facial identification was performed on 5 types of images: visual, thermal, visual-mask, thermal-mask, and composite.
Our experiments concluded as follows. • In the combined Visual+IR domain, the accuracy remains at 98.03% as the introduction of masked images was mitigated by the IR unmasking procedure. The slight performance degradation is most likely because of the unoptimized process of recognizing composite images; however, this process is still vastly superior to recognizing mask vs. unmasked images.
Details of the experiment are provided in [121]. Hence, this final experimental examination of the followup audit shows that it is possible to significantly reduce the face biometric performance degradation using available tools such as thermal cameras in addition to video cameras. That is, epidemic-conditioned face recognition, like a masked face, can be improved for the practice of checkpoint deployment in mass-transit hubs.
The sources of additional information, as per the IATA's recent breakthrough solution, are de-centralized biometric and epidemiological data management.

V. AUDIT RECOMMENDATIONS
By applying follow-up audits of disruption invoked R&D for checkpoints, future R&D efforts will be achieved in a manner that more aptly negates future disruptions (including mass-migration due the climate change). For example, a follow-up audit of checkpoints during the 2015 massmigration crisis in the EU may lead to the discovery of important new knowledge. Such knowledge can then be applied to address the potential humanitarian crises that likely will result due to climate change [89]. Namely, this crisis highlighted the numerous vulnerabilities of advanced biometricenabled systems. Examples of vulnerabilities include areas of controlling, monitoring, and facilitating the mass movement of people across borders and through checkpoints [9], [10]. Another example is the COVID-19 pandemic which shows checkpoint R&D could benefit from identifying the relationship between epidemiology-conditioned biometric traits such as periocular biometrics --providing potentially important insight for future pandemic response and other humanitarian crises.
There are two main recommendations following from the three-echelon audit: • Response to the new post-pandemic reality should embed both the biometric-enabled identity and the immunity identity into a distributed ledger platform; nowadays practice is often limited by immunity IDs.
• The EMC profiling of the checkpoint technology, which currently is not a regular practice in the R&D of the latter, must become standard practice. Its demands have been triggered by the 2015 EU migration crises and COVID-19, --this fact being discovered and developed in this paper.
Accordingly to the EMC-centric approach, it is strongly suggested that future checkpoint R&D reflect on the counterepidemic experiences and be utilized within the mitigation and preparedness phases. Hence, instead of rapidly advancing VOLUME 11, 2023 the R&D specific to counter-epidemic measures (such as response to a current pandemic), checkpoints should switch the operation mode from a regular to an emergency one. In order to achieve this goal, the methodology of the followup audit was chosen -a valuable practice issue of this approach is that biometric-enabled SSI satisfies the requirements of the: 1) regular biometric-enabled mode (theoretical foundations are, e.g. in [122]), and 2) counter-epidemic mode (IATA's current practice [59]) with future extension to epidemic-conditioned biometrics.
During a disruptive event such as a pandemic, or/and migration crisis, having highly advanced checkpoints must be a central part of addressing health and security concerns [10], [89], [123], [124]. For this, various technology-social problems must be solved. Firstly, there should be a unified and standardized approach for communications and computational platforms. These platforms are based on the principles of distributed ledgers that allow the combination of different users, sources of information, and providers. This direction in checkpoint evolution is predetermined by breakthrough research such as blockchain technology [82], along with the distributed nature of some databases used in checkpoints [5]. Secondly, despite significant progress in transferring checkpoint biometrics to a distributed platform [60], [90], [93], biometric-enabled SSI still requires more broad vision and R&D.
Our study leads to the key conclusion that biometricenabled checkpoints must be a part of national and international epidemiological surveillance systems. This work can prompt the EMC-centric R&D approaches. This means that in the post-pandemic period, any R&D solution should be profiled and mapped into the EMC dimensions. Ultimately, using the methodology of a follow-up audit, the following key trends were identified in the checkpoint R&D: responsibility, compatibility, interactability, and user satisfaction.

a: TREND 1 RESPONSIBILITY
The shifting of responsibility for personal biometric data. This includes the transfer of safekeeping of personal biometric data from the border service agency to the traveler. Biometric data are stored only in the traveler's e-passport/ID and not maintained by the agency. Traveler verification is used as opposed to identification [16].

b: TREND 2 COMPATIBILITY
The increase of the depth of social embedding. The biometric chosen for the e-passport/ID becomes more compatible with the biometric templates in the government databases (face and fingerprints) [5].

c: TREND 3 HUMAN-MACHINE INTERACTABILITY
Self-service machines or kiosks using human-machine interactions should incorporate intelligent control. These machines or kiosks need to adapt to non-cooperative travelers, travelers with disabilities, the elderly, etc.

d: TREND 4 USER SATISFACTION
The integrated measurement of various unwanted effects such as impersonation and fairness, as well as risk, trust, and bias in human-machine interactions.
At the time of writing, Russia's invasion of Ukraine, which started in February 2022, is causing the largest forced massmigration of people in Europe since World War II. Along with pandemic travel restrictions, it poses further challenges to border management and calls to address the emerging longerterm trends. 7612 VOLUME 11, 2023 KENNETH LAI (Member, IEEE) received the B.Sc., M.Sc., and Ph.D. degrees from the Department of Electrical and Software Engineering, Schulich School of Engineering, University of Calgary, Calgary, Canada, in 2012, 2015, and 2022, respectively. He is currently a Postdoctoral Fellow with the Biometric Technologies Laboratory, University of Calgary. He has published papers on using deep learning techniques for face recognition, gesture recognition, and stress detection. His research interests include pattern recognition, machine learning, and biometrics and their application to security and healthcare systems. She is currently a Professor with the Department of Electrical and Software Engineering (ESE), Schulich School of Engineering, University of Calgary, where she also directs the Biometric Technologies Laboratory. She has been contributing to the area of artificial intelligence for digital design and biometrics, since 1996. Most recently, she and her team have developed novel risk, trust and bias assessment strategies based on machine reasoning, with applications to biometric-enabled border control, forensics, and healthcare.