HID Global's pivCLASS solutions work together with existing PACS and external trust authorities to deliver functionality specified by Federal Information Processing Standards Publication 201 (FIPS 201). Supporting PKI-at-the-door mandates and PIV-I and CIV (also known as PIV-C) requirements for cards issued by non-federal entities, the product family delivers fully tested and validated solutions for upgrading a physical access control infrastructure so that it can authenticate PIV credentials across the full range of assurance levels as defined by the federal government's Special Publication 800-116 (SP800-116). pivCLASS also supports the Transportation Worker Identification Credential (TWIC) reader specification.
"As the first fully integrated and government-approved FIPS 201 compliance solution from a single supplier, the pivCLASS product suite solidifies HID Global's position as the access control solutions leader in the U.S. federal government market," said Bob Dulude, director, Federal Identity Initiative with HID Global. "The solution enables customers to use their PIV cards for stronger, converged access control to both physical and logical resources, while ensuring interoperability of a single identity credential across all government agencies. It also eases the transition from legacy cards to PKI-based credentials, and preserves investments in the existing PACS infrastructure by supporting future system enhancements and evolving security requirements."
With pivCLASS, customers achieve FIPS 201 compliance for their PACS by simply deploying new pivCLASS Readers and installing pivCLASS Authentication Modules between the readers and the existing PACS panel. The resulting, upgraded access control system can now perform FIPS 201 authentication checking for all National Institute of Standards and Technology (NIST)-defined assurance levels. The modular system performs all necessary authentication steps, from the time of enrollment to the time of access.
Key pivCLASS components include:
- pivCLASS Readers: A family of eight readers supports any FIPS-201 compliant contact or contactless card type including PIV, PIV-I, CIV, CAC, TWIC and FRAC. The readers provide fully functional backward compatibility with existing HID Global iCLASS and HID Prox readers to ease the transition from legacy cards to PKI-based credentials. HID Global plans to announce additional readers in the second quarter of 2012.
- pivCLASS Authentication Modules (PAMs): PAMs are embedded computers packaged in a small form factor with pre-loaded, updatable firmware that are installed between the readers and existing PACS panel. Each PAM can support up to two readers at one or two doors. Readers pass card information to the PAM which performs the required authentication checks to validate (or invalidate) the cardholder's credentials. If valid, the PAM derives and sends a badge ID to the access control panel for an access authorization decision.
- pivCLASS Validation Server: The Validation Server software provides centralized dynamic control of assurance level settings for each PAM. The Server configures the pivCLASS PAMs, manages their firmware updates, and regularly communicates with external trust authorities to import and send the PAMs updated credential status information for enforcement.