Table of Contents - X.1268 (03/2026) - Framework for out-of-band physical access control systems using beacon-initiated mutual authentication
1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Introduction
7 Out-of-band physical access control system
7.1 Overview and entities
7.2 Structure of authentication beacon packet
8 Set-up and usage procedure for out-of-band physical access control system
8.1 Registering a facility authenticator and deploying it to a facility
8.2 Adding the authentication beacon processing procedure to the mobile ID card
8.3 Usage procedure
9 Security threats
9.1 Mobile ID card theft
9.2 Denial of mobile ID card usage
9.3 Remote control of mobile ID card
9.4 Mobile ID card unavailability
9.5 Facility authentication spoofing
9.6 Forgery and tampering of facility access control records
10 Security requirements
10.1 Applying multi-factor authentication on mobile ID card
10.2 Malware restriction
10.3 Providing alternative authentication means for mobile ID cards
10.4 Verification of authentication information of facility authenticator
10.5 Security system operation
Annex A – Additional procedure for out-of-band physical access control system
A.1 Facility control panel
Appendix I – Relationship between security requirements and threats
Appendix II – Use cases of the out-of-band physical access control system
II.1 Employee ID card
II.2 Visitor pass
II.3 Parking facility transponder
II.4 Retractable bollard
Page
II.5 Public toilet
II.6 Nursing room
II.7 Appointment check-in
Appendix III – PII protection use cases in out-of-band PACS connected with mobile ID card app and mobile wallet app
III.1 Mobile ID card app
III.2 Mobile identity wallet (PKI based certificate)
Appendix IV – Authentication beacon configuration following BLE specification
IV.1 BLE-based authentication beacon
Appendix V – Limitations of using a smartphone as an authenticator for PACS
Bibliography
|