28 March, 2012
HID Global, announced the availability of its pivCLASS Government Solutions portfolio, an product suite that enables the U.S. federal government, government contractors and other facilities to comply with federal identity mandates without having to replace their existing physical access control system (PACS).
The pivCLASS family is designed to make it easy for agencies to meet requirements and use their PIVand other smart cards for physical access control, resulting in compliance, interoperability and high security.
HID Global’s pivCLASS solutions work with existing PACS and external trust authorities to deliver functionality specified by FIPS 201. Supporting PKI-at-the-door mandates and PIV-I and CIV (also known as PIV-C) requirements for cards issued by non-federal entities, the product family delivers solutions for upgrading a physical access control infrastructure so that it can authenticate PIV credentials across the full-range of assurance levels as defined by the federal government’s Special Publication 800-116. pivCLASS also supports the Transportation Worker Identification Credential (TWIC) reader specification.
With pivCLASS, customers achieve FIPS 201 compliance for their PACS by simply deploying new pivCLASS Readers and installing pivCLASS Authentication Modules between the readers and the existing PACS panel. The resulting, upgraded access control system can now perform FIPS 201 authentication checking for all NIST-defined assurance levels. The modular system performs all necessary authentication steps, from the time of enrollment to the time of access.
Key pivCLASS components include:
pivCLASS Readers: A family of eight readers supports any FIPS-201 compliant contact or contactless card type including PIV, PIV-I, CIV, CAC, TWIC and FRAC. The readers provide backward compatibility with existing HID Global iCLASS and HID Prox readers to ease the transition from legacy cards to PKI-based credentials. HID Global plans to announce additional readers in the second quarter of 2012.
pivCLASS Authentication Modules (PAMs): PAMs are embedded computers packaged in a small form factor with pre-loaded, updatable firmware that are installed between the readers and existing physical access control panels. Each PAM can support up to two readers at one or two doors. Readers pass card information to the PAM which performs the required authentication checks to validate – or invalidate – the cardholder’s credentials. If valid, the PAM derives and sends a badge ID to the access control panel for an access authorization decision.
pivCLASS Validation Server: The Validation Server software provides centralized dynamic control of assurance level settings for each PAM. The Server configures the pivCLASS PAMs, manages their firmware updates, and regularly communicates with external trust authorities to import and send the PAMs updated credential status information for enforcement.