Home' RTCA Documents for Review : DO-230H FRAC Contents 114
© 2017, RTCA, Inc.
interact with PACS readers and the PACS system to authenticate the mobile PACS credential
loaded on the smartphone.
9. Following credential issuance, targeted PACS systems may be provisioned with the user’s mobile
PACS credential information either automatically from the component infrastructure, or manually
on the PACS system by a PACS administrator.
The above steps reflect processes that are provided by some commercial PACS vendors, and those
incorporated in the U.S. Federal Government’s initiative for Derived PIV Credentials, as exemplified in
NISTIR 8055, Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research,
http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8055.pdf. Other scenarios including delivering the
mobile PACS credential in an email, which eliminates the need for an Enrollment App to be downloaded
and run. However, this email method may not be as secure since the email may be compromised by a third
party if additional security measures (e.g., encrypted email and password protected credentials) are not
Infrastructure components required to implement the above typical credential delivery process may include
an Identity Management System/Database, Web Portal, Credential Issuance and Management System,
Certificate Authority, PACS Provisioning System, and Mobile Device Management System. The Credential
Issuance and Management System provides credential issuance and post-issuance credential lifecycle
management. Lifecycle management entails monitoring credential expiration, refreshing expired
credentials, and terminating/revoking credentials when a user is no longer eligible for access to airport
protected areas. Lifecycle management also entails credential re-issuance to new mobile devices in the
event that an original mobile device containing a credential is lost, damaged, or stolen.
Mobile Devices as PACS Credentials Summary
Mobile devices, especially smartphones, provide versatile credential hosting platforms that could be
employed in a wide range of physical access control use cases. The technical feature sets within these
devices support secure credentials that are resistant (if implemented correctly) to cloning, forgery, and
alteration; and provide for high levels of assurance for access to the most secure access control areas with
the implementation of tamper-resistant hardware secure elements, and strong, multi-factor authentication.
Interfaces with Other Systems
From a site-centric view, and regardless of system architecture, the PACS is often the center system of
physical security equipment for sites that do not require a full scale physical security information
management (PSIM) systems. The PACS controls, per SSP policies, who is allowed to cross the boundary
between different areas. SSP policies yield specifications for PACS instrumentation and specific
programming guidance as required to implement the processes and procedures defined for each access
Modern PACS support the capability to detect, report, and annunciate events that are considered non-
routine and treated by the system as Alarm Events. As an example, alarm events may be grouped as:
Links Archive Navigation Previous Page Next Page