Home' RTCA Documents for Review : DO-230H FRAC Contents 49
©2017 RTCA, Inc.
H. User identity code (ID number, card number, PACS ID) read from the token by the ID reader and
sent to the biometric processor as claim of identity (also includes user biometric template data
for template on card architectures).
I. Biometric characteristic presented to the biometric sensor during an access transaction (e.g .,
fingerprint, iris, face, vascular, etc.). This may also include interactions between applicant and
sensor such as indicator lights or audio cues.
J. Applicant-supplied information (name, address, etc.) obtained during PACS enrollment via the
PACS processor (part of typical legacy PACS).
The enrollment process generates the biometric template that will characterize the user in the system
and writes the enrollment template to a central database on a server, to the card, to the PACS remote
access controller/server, to the field controller panel, or to the biometric readers. If fingerprint
technology is selected for use in physical access control systems (PACS), it is recommended that the
fingerprint template used for PACS operations be generated from one or more of the same ten
fingerprint images collected for the Criminal History Records Check (CHRC) during applicant
processing. This provides another level of assurance that the person that is using the credential for
access is, in fact, the same person that applied for a credential. Even if an alternate biometric
technology is enrolled for operational use for physical access (such as facial or iris recognition.), it is
still recommended that the applicant’s fingerprint be matched with the CHRC fingerprint data when
they return for credential issuance and enrollment of the alternate biometric technology. (See Section
3 for more specific information on the biometric enrollment process and privacy considerations.)
Matching a presented biometric sample against a specific enrolled biometric record is known as 1:1
verification matching. In the example shown, identity is claimed by the presentation of a card (a
magnetic stripe card, proximity card or smart card). This claim of identity usually includes a unique
ID number that can point to the user’s biometric enrollment record in a data repository for matching
purposes. Use of the unique ID as an index pointer to the biometric record would not be required if
that biometric record is stored within the memory of an ID card itself. Alternatively, identity could be
claimed with the presentation of a combination of PIN and card. The verification process compares
the biometric data extracted from the sample with the enrollment template of a specific individual
whose identity is claimed by the user.
Logical Access to Security Systems
Logical access to airport information systems has traditionally been authenticated through User IDs and
participant-selected passwords. More recently, cryptographic mechanisms and biometric techniques have
been applied to logical security, replacing or supplementing the traditional methods. Biometrics can replace
complex passwords that are difficult to remember and vulnerable to discovery when they are written down.
This provides a high level of security and a convenience benefit to the user.
After enrollment and before issuance of a credential, an applicant can verify that he/she is the correct
participant to receive a credential via 1:1 biometric verification against the originally enrolled Identity
Management and Credential Issuance System (IdM-CIS) record for his/her credential. Once confirmed, the
credential is activated and the participant self- selects a personal identification number (PIN).
Federal Information Processing Standard 201 (FIPS 201) for Personal Identity Verification (PIV) of
Federal employees and contractors provides an example of ID proofing and issuance requirements that
provide full chain of trust for the ID, biometrics, threat/risk evaluation and credential. Information on the
Links Archive Navigation Previous Page Next Page