Identify who is in the building

pivCLASS®
Multi-factor PKI authentication for both physical and logical access.

Multi-factor PKI authentication combines two or more independent credentials based on what the user knows (password), what the user has (security token) or what the user is (biometric verification) to authorize access in a system using public-key encryption.

pivCLASS®
Our multi-factor authentication solutions meet U.S. Federal Government access control standards for agencies and contractors. Our pivCLASS® line includes everything you need to achieve FICAM and FIPS 201 compliance. Install all at once or over time, HID Global provides all of the expertise you need from a name you trust.

Key Features

*Enter buildings and restricted areas equipped with a broad selection of contactless, contact plus contactless and biometric readers
*Log in to computers and secure networks – on site and remotely
*Securely access applications and data – even in the cloud
*Digitally sign and encrypt documents and emails
*Perform multi-factor authentication to meet all necessary authentication modes and assurance levels specified in NIST SP 800-116 and the TWIC Reader Specification

Readers supporting strong PKI authentication.

HID Global's pivCLASS readers offer superior value in securing facilities and ensuring organizations are FIPS 201 compliant. The portfolio includes a broad selection of contactless, contact plus contactless and biometric readers. The readers are designed to work with the pivCLASS Authentication Module (PAM) to meet the assurance level requirements defined in NIST Special Publication 800-116 and in the federal government’s FICAM E-PACS guidelines. Most pivCLASS readers can be deployed in either Wiegand or PAM mode. Wiegand mode is for use without a PAM and provides a phased deployment capability to support transition to FIPS 201 compliance. Conversion from Wiegand mode to PAM mode can be completed in the field by reconfiguring the reader firmware.

Key features include:

*Simultaneous support for legacy cards and PIV cards during periods of transition
*Multiple form factors: R10, R40, RK40, RKCL40 and RKCLB40
*Can be deployed as transitional readers and later reconfigured to support strong authentication
*Read multiple variants of FIPS 201 cards including: PIV, PIV-I, CAC, CIV, TWIC and FRAC

pivCLASS® RKCL40
Combination, contact plus contactless reader with keypad and LCD

pivCLASS® R10
HID Global’s smallest pivCLASS reader is ideally suited for mullion-mounted door installations

pivCLASS® R40
Designed to mount and cover single gang switch boxes

pivCLASS® RK40
Contactless reader with a keypad

pivCLASS® Biometric Reader
HID Global’s pivCLASS® Biometric Reader is intended for use in areas requiring the highest level of security. This dynamic reader is suitable for meeting the FIPS-201 criteria for “Controlled”, “Limited” and “Exclusion” access areas.

Upgrade to FIPS 201 Compliance

Provides strong authentication for physical acccess.

As an embedded computer packaged in a small form factor with pre-installed, updatable firmware, HID's pivCLASS Authentication Modules (PAM) enables physical access control systems (PACS) to upgrade to FIPS 201 compliance by performing the FIPS 140-certified cryptographic functions the typical PACS panel cannot.

The PAM is installed between a supported reader and the existing access control panel and provides configurable Wiegand output to the controller. This enables the system to be upgraded to support PIV or any FIPS 201-compliant cards for access control without replacing the existing PACS panels. Similarly, much of the existing wiring may be reusable.

pivCLASS Authentication Module supports a range of commercially available contact, contactless and biometric readers, including the extensive line of pivCLASS readers.

HID Global’s pivCLASS Authentication Module (PAM) is configured and managed from the host PACS server using the pivCLASS Reader Services application. Using Reader Services, the administrator can select the reader types to be controlled by a PAM for specific doors or other access points. It is also used to set the authentication modes on a per door basis in each PAM. These modes can be changed dynamically from the host PACS using this application.

Key Features

One PAM supports up to two readers at one or two doors: Readers pass card information to the PAM, which performs the required authentication to validate (or invalidate) the cardholder's credentials. If validated, the PAM derives and sends the badge ID to the access control panel for the access authorization decision.
Validates PKI-based smart cards: Authenticates PIV, PIV-I, CIV (a.k.a., PIV-C), TWIC, FRAC and CAC cards. Performs path validation and certificate revocation checking using CRL, OCSP or SCVP.
Meets regulatory requirements: Enables facilities to perform one-, two- and three-factor authentication to meet all necessary authentication modes and assurance levels specified in NIST SP 800-116 and the TWIC Reader Specification.

Software solutions
from our Identity Assurance offering that go beyond a password.

Authentication Server
A versatile, flexible and highly scalable platform for securing access to government and corporate systems and online consumer services.

AAA Server for Remote Access
Multi-factor authentication for securing employee remote access to corporate VPNs and other enterprise resources.

Threat Detection Service
Strong authentication and malware detection, without the need for hardware tokens or client software.

ActivClient®
Smart card solution for strong authentication to protect workstations, mobile devices and networks.

Credential Management System
Solution for issuing and managing PIV and PIV-I cards, enterprise access cards and mobile credentials.

Batch Management System
Leverage service bureau card issuance efficiently and securely.

Validation Authority
Secure, scalable and cost effective validation for PKI Certificates.

Desktop Validation Client
PKI certificate validation at the desktop, using OCSP.

Path Builder
Secure, scalable and cost effective path validation for PIV credentials.

PIV-enabling physical access control systems:

HID Global’s pivCLASS Government Solutions allow for PIV enablement of existing PACS through a modular approach that is ideal for a phased transition and eliminates the need to rip-and-replace existing infrastructures.

pivCLASS solutions include multiple software applications that support enabling physical access control systems to use FIPS 201 PKI-based smart cards. Deploying the pivCLASS Registration Engine, pivCLASS Certificate Manager and pivCLASS Readers configured for Wiegand mode as an initial phase allows for the simultaneous use of PIV and legacy credentials (including proximity, iCLASS®, and other technologies).

Strong authentication can be added in a second phase on a door-by-door basis, as needed. This is accomplished by deploying pivCLASS Authentication Modules along with pivCLASS Reader Services, and reconfiguring the pivCLASS readers in the field.

Key Benefits:

*Solution has been fully tested, end-to-end, by GSA
*Interoperable with virtually every PACS
*Genuine HID products and solutions ensure the highest level of quality and interoperability.
*Simultaneous support for legacy cards (iCLASS, HID Prox and other technologies) and PIV cards during periods of transition
*Multiple reader form factors to choose from: R10, R15, R40, RK40, RKCL40 and RKCLB40
*Supports multiple FIPS 201 cards including: PIV, PIV-I, CAC, CIV, TWIC and FRAC

pivCLASS® Reader Services
Software to configure and manage authentication modules

pivCLASS® Mobile Registration Engine
Software to register credential information from mobile handheld into a PACS

pivCLASS® Validation Workstation
Software to validate credentials and verify cardholder identities

pivCLASS® MultiPACS
Software to push credential information to multiple disparate PACS

pivCLASS® Registration Engine
Software to harvest and register credential information into a PACS

pivCLASS® Certificate Manager
Software to re-validate PKI-based smart card credentials after PACS registration

pivCLASS® Data Import
Software to extract data from PACS database and upload to mobile handheld

pivCLASS® IDPublisher
Software to import credential information from external authoritative sources

pivCLASS® Mobile Validator
Software to validate FIPS-201 credentials using a mobile handheld

PKI Certificate Validation
Path discovery, validation and revocation checking

HID Global’s pivCLASS Certificate Manager is a server-based software application used to revalidate extracted or imported PKI-based credentials such as the PIV certificate and CAK certificate. Periodic revalidation can be scheduled using the operator interface. Revalidation includes path discovery (if needed), path validation and revocation checking. The Certificate Manager can validate certificates signed by either RSA or ECC cryptographic algorithms. Revocation checking is conducted by contacting the issuing Certificate Authority or a Certificate Validation Authority to retrieve certificate revocation lists (CRLs), Online Certificate Status Protocol (OCSP) responses or Server-based Certificate Validation Protocol (SCVP) responses.

Key features

*Easy to deploy and use
*Tested by GSA as part of the pivCLASS FIPS 201 solution
*Interoperable with every standards compliant Certificate Validation Authority
*Supports all NIST specified key lengths and signing algorithms