HID® pivCLASS® Authentication Module

Upgrade to FIPS 201 compliance – provides strong authentication for physical access
pivCLASS® authentication module

As an embedded computer packaged in a small form factor with pre-installed, updatable firmware, HID's pivCLASS Authentication Modules (PAM) enables physical access control systems (PACS) to upgrade to FIPS 201 compliance by performing the FIPS 140-certified cryptographic functions the typical PACS panel cannot.

The PAM is installed between a supported reader and the existing access control panel and provides configurable Wiegand output to the controller. This enables the system to be upgraded to support PIV or any FIPS 201-compliant cards for access control without replacing the existing PACS panels. Similarly, much of the existing wiring may be reusable.

pivCLASS Authentication Module supports a range of commercially available contact, contactless and biometric readers, including the extensive line of pivCLASS readers.

HID Global’s pivCLASS Authentication Module (PAM) is configured and managed from the host PACS server using the pivCLASS Reader Services application. Using Reader Services, the administrator can select the reader types to be controlled by a PAM for specific doors or other access points. It is also used to set the authentication modes on a per door basis in each PAM. These modes can be changed dynamically from the host PACS using this application.

Key Features:

  • One PAM supports up to two readers at one or two doors: Readers pass card information to the PAM, which performs the required authentication to validate (or invalidate) the cardholder's credentials. If validated, the PAM derives and sends the badge ID to the access control panel for the access authorization decision.
  • Validates PKI-based smart cards: Authenticates PIV, PIV-I, CIV (a.k.a., PIV-C), TWIC, FRAC and CAC cards. Performs path validation and certificate revocation checking using CRL, OCSP or SCVP.
  • Meets regulatory requirements: Enables facilities to perform one-, two- and three-factor authentication to meet all necessary authentication modes and assurance levels specified in NIST SP 800-116 and the TWIC Reader Specification.


  • Board - 6.7" x 6.05" (17 cm x 15.4 cm)
  • Enclosure - 16" x 16" x 3.5" (18.6 cm x 16.8 cm)

Interface to Readers:

  • Number Channels - Supports 1 or 2 readers at 1 or 2 doors
  • Communication - 2 RS-485 serial ports
  • Protocols - CoreStreet Reader Protocol (CSRP), HID pivCLASS

Interface to PACS Controller:

  • Number Channels - Output for 1 or 2 readers
  • Communication - 2 Wiegand ports

Interface to PVS Management System:

  • Protocol - Ethernet TCP/IP
  • Security - Optional 256-bit AES encrypted Ethernet TCP/IP
  • Initial Configuration Security - Web interface enabled/disabled with DIP switch

Compliance & Certification:

  • PVS Management Station Interface - 256-bit AES encryption
  • Crypto Firmware - FIPS 140-2 Level 1 certified
  • Safety - FCC, UL 294
  • Module Warranty - 18 months
  • Operational
  • Memory - 2GB SD flash memory card (standard)
  • Number Cardholders - Up to 100,000
  • Firmware - Centralized, automated management of PAM firmware updates is provided by pivCLASS Validation Server (PVS)
  • Offline Operation - Functions normally if communication to the PVS Management Station is interrupted
  • Operation Interface - Embedded browser-based interface for initial configuration, network settings and hardware options. Full PAM configuration and management via pivCLASS Validation Server's Management Station.