Home' RTCA Documents for Review : DO-230H FRAC Contents 121
©2017 RTCA, Inc.
CONSIDERATIONS FOR INTEROPERABLE IDENTITY & ACCESS CREDENTIAL
Many Airport Operators create and issue to their constituencies identity badges to wear while on airport
property. In many cases the badge is also used at card readers located at various access controlled entry
points and connected to a Physical Access Control System (PACS). This addendum will explore the
potential for defining an interoperable badge or credential that can be used interchangeably between
different PACS at airports nationwide and internationally. Note that modern terminology considers an ID
badge that contains electronic data a "Credential", where a simple, surface printed photo ID card is an ID
Part of the planning process must include determining if any site specific, proprietary data such as Facility
Code, (see Section 4.1.1 PACS Introduction; 4.1.6 Card Technologies; Appendix B Glossary) may need
to be encoded in the credential.
Current situation - Legacy Access Control Systems deliberately prevent credential interoperability
PACS manufacturers often embed an 8-bit facility code number, 0-255, in their system control panels. The
facility code precedes a 16-bit sequential or unique number, 0-65535, for the card. As a user presents the
card to a PACS card reader, the card's facility code and sequential, or unique, number are read and
transmitted to the PACS control panel for verification and authentication. When the facility code from the
card matches the facility code stored in the PACS control panel, the sequential, or unique, number is verified
and the system makes a decision to grant or deny access. The total size of this very common data model is
8 bit facility code, 16 bit sequential number and one start and stop bit for a total of 26 bits.
When the facility code does not match, the PACS regards the card as alien to the system. The PACS then
generates an error message and denies access. No further processing occurs. This data model is deliberately
designed to be proprietary and limit interoperability.
In addition, the card manufacturer, system installation company and manufacturer keep records of each
facility code and the sequential card numbers produced for each facility code to make certain that no
duplicate credential identifiers are used. The three digit facility code is used often kept "secret" by the card
manufacturer, the system integrator and system manufacturer. Only credentials produced for the specific
facility will be processed by the PACS.
The result is that Airport Operators are locked-in to buying their blank card stock from the system
manufacturer, or specific service provider.
Legacy credential technologies - Vulnerability
The record of issued credential numbers, (Identifiers) opens a vulnerability for an adversary to obtain
knowledge of cards that are issued, registered and actively used in the system. With no, or little inherent
resistance to duplication, it is relatively simple for an adversary to create a duplicate card that is registered
in the system and then use the duplicate card to gain access to restricted areas of the airport. System activity
logs will display and attribute the illicit access transactions to the initial, authorized card holder.
Considerations to achieve technical interoperability among multiple airports PACS
Links Archive Navigation Previous Page Next Page