PIV & FIPS 201 Smart Cards
HID Global’s pivCLASS® Government Solutions portfolio is an extensive product family that makes it easy for U.S. Federal Government, government contractors and other facilities to comply with security regulations and to use their Personal Identity Verification (PIV) card and other smart cards for physical access control, resulting in compliance, interoperability and high security.
PIV and FIPS 201 smart card solutions allow government agencies to PIV-enable their existing physical access control systems (PACS) without the need to “rip and replace” their PACS infrastructure. The pivCLASS modular approach – fully tested, validated and government approved – preserves investments, reduces costs, and removes complexities, making it easy and affordable to acquire, install and maintain FIPS 201-compliant physical access control systems.
Delivering fully tested and validated turnkey government solutions from a single, trusted source, pivCLASS authenticates PIV cards across the full range of National Institute of Standards and Technology (NIST)-mandated assurance levels.
PIV cards allow government agencies to PIV-enable their existing physical access control systems (PACS) without the need to “rip and replace” their PACS infrastructure. Delivering fully tested and validated turnkey government solutions from a single, trusted source, pivCLASS authenticates PIV cards across the full range of National Institute of Standards and Technology (NIST) -mandated assurance levels.
pivCLASS Readers support both FIPS 201 PKI-based card and legacy card types (PIV, PIV-I, CIV, CAC, TWIC, iCLASS, HID Prox® and more). Together with the pivCLASS Authentication Module, any required authentication mode (CHUID, CAK, PIV+PIN, BIO, CHUID+BIO, CAK+BIO) can be executed to meet any security assurance level.
pivCLASS Authentication Modules (PAMs) are embedded computers packaged in a small form factor with pre-loaded, updatable firmware that are installed between the readers and existing PACS panel. PAMs do the “heavy lifting” of PIV cardholder credential validation as cards are presented to readers. The PAM caches validation status to deliver PKI-based high security at the door.
pivCLASS Certificate Manager is a sever-based application that revalidates extracted or imported cardholder certificates on a user-defined, periodic basis. This process includes revocation checking and certificate path revalidation. The pivCLASS Certificate Manager supports validation of both RSA and ECC signed certificates, as well as the use of Certificate Revocation Lists (CRLs), Online Certificate Status Protocol (OCSP) and Server-based Certificate Validation Protocol (SCVP).
pivCLASS Registration Engine is a server-based product that is used to register FIPS-201 cards into a physical access control system. The product includes one PACS plug-in to connect to a PACS database. Currently plug-ins for over 30 different PACS head-end products are supported. The pivCLASS Registration Engine extracts cardholder data from any FIPS 201 compliant smart card and verifies this data using three-factor authentication that ensures the card data is genuine and has not been tampered, copied, cloned, lost, stolen or shared.
pivCLASS IDPublisher is a software application designed to import credentials from an authoritative data source (such as an identity management system [IDMS], card management system [CMS] or human resources database) and provision these credentials into a PACS database. pivCLASS Certificate Manager can be used to validate these credentials as part of this provisioning process.
MultiPACS is designed to concurrently register identification credentials into multiple similar or disparate physical access control systems. It can receive cardholder information from multiple sources including pivCLASS Registration Engine, OMNICheck Plus with PACS Registration or imported by pivCLASS IDPublisher.
The pivCLASS Validation Workstation is ideal for validating PKI-based smart cards (when provisioning into a physical access control system is not required). It can be used as a standalone device to execute one, two or three factor authentication of TWIC, PIV, PIV-I, CIV, FRAC and CAC cards. The revocation status is checked using CRLs, the TWIC Canceled Card List (CCL) or via OCSP or SCVP. Cardholder PINs are matched on-card. For three factor authentication it compares the cardholder's stored biometric against a live sample. There is no PACS integration with this product.
pivCLASS Mobile Validator software verifies PIV, PIV-I, CIV, CAC, TWIC and FRAC cards using various supported third party mobile handheld readers. This software can also be used to read and display drivers' license information and card serial numbers from MIFARE™, DESFire™ and proximity cards.