As an embedded computer packaged in a small form factor with pre-installed, updatable firmware, HID's pivCLASS Authentication Modules (PAM) enables physical access control systems (PACS) to upgrade to FIPS 201 compliance by performing the FIPS 140-certified cryptographic functions the typical PACS panel cannot.
The PAM is installed between a supported reader and the existing access control panel and provides configurable Wiegand output to the controller. This enables the system to be upgraded to support PIV or any FIPS 201-compliant cards for access control without replacing the existing PACS panels. Similarly, much of the existing wiring may be reusable.
pivCLASS Authentication Module supports a range of commercially available contact, contactless and biometric readers, including the extensive line of pivCLASS readers.
HID Global’s pivCLASS Authentication Module (PAM) is configured and managed from the host PACS server using the pivCLASS Reader Services application. Using Reader Services, the administrator can select the reader types to be controlled by a PAM for specific doors or other access points. It is also used to set the authentication modes on a per door basis in each PAM. These modes can be changed dynamically from the host PACS using this application.
One PAM supports up to two readers at one or two doors: Readers pass card information to the PAM, which performs the required authentication to validate (or invalidate) the cardholder's credentials. If validated, the PAM derives and sends the badge ID to the access control panel for the access authorization decision.
Validates PKI-based smart cards: Authenticates PIV, PIV-I, CIV (a.k.a., PIV-C), TWIC, FRAC and CAC cards. Performs path validation and certificate revocation checking using CRL, OCSP or SCVP.
Meets regulatory requirements: Enables facilities to perform one-, two- and three-factor authentication to meet all necessary authentication modes and assurance levels specified in NIST SP 800-116 and the TWIC Reader Specification.
Specification
Dimensions
Board – 6.7" x 6.05" (17 cm x 15.4 cm)
Enclosure – 16" x 16" x 3.5" (18.6 cm x 16.8 cm)
Interface to Readers
Number Channels – Supports 1 or 2 readers at 1 or 2 doors
Communication – 2 RS-485 serial ports
Protocols – CoreStreet Reader Protocol (CSRP), HID pivCLASS
Interface to PACS Controller
Number Channels – Output for 1 or 2 readers
Communication – 2 Wiegand ports
Interface to PVS Management System
Security – Optional 256-bit AES encrypted Ethernet TCP/IP
Initial Configuration Security – Web interface enabled/disabled with DIP switch
Compliance & Certification
PVS Management Station Interface – 256-bit AES encryption
Crypto Firmware – FIPS 140-2 Level 1 certified
Module Warranty – 18 months
Operational
Memory – 2GB SD flash memory card (standard)
Number Cardholders – Up to 100,000
Firmware – Centralized, automated management of PAM firmware updates is provided by pivCLASS Validation Server (PVS)
Offline Operation – Functions normally if communication to the PVS Management Station is interrupted
Operation Interface – Embedded browser-based interface for initial configuration, network settings and hardware options. Full PAM configuration and management via pivCLASS Validation Server's Management Station.
Related Document