HID Identity pivCLASS RPK40-H 921PHRNEGE037G Manuale Utente
Codici prodotto
921PHRNEGE037G
pivCLASS Registration Engine and pivCLASS
Certificate Manager
Certificate Manager
The pivCLASS Registration Engine is a
software module that reads, validates,
authenticates and registers credentials with
a PACS automatically without manual data
entry. The software validates multiple card
types, including PIV, PIV-I, CIV (PIV-C), CAC
NG, CAC EP, TWIC and FRAC.
software module that reads, validates,
authenticates and registers credentials with
a PACS automatically without manual data
entry. The software validates multiple card
types, including PIV, PIV-I, CIV (PIV-C), CAC
NG, CAC EP, TWIC and FRAC.
The pivCLASS Certificate Manager is a
software module that, after credential
registration, regularly communicates with
external trust authorities to check the status
of cached certificates. Upon determining a
status change, the software can suspend any
card associated with a revoked certificate
and/or send an email to a distribution
list for notification. pivCLASS Certificate
Manager also sends that information via
Ethernet (AES256 encryption optional) to the
pivCLASS Authentication Modules (PAMs) for
enforcement.
software module that, after credential
registration, regularly communicates with
external trust authorities to check the status
of cached certificates. Upon determining a
status change, the software can suspend any
card associated with a revoked certificate
and/or send an email to a distribution
list for notification. pivCLASS Certificate
Manager also sends that information via
Ethernet (AES256 encryption optional) to the
pivCLASS Authentication Modules (PAMs) for
enforcement.
pivCLASS Reader Services sends mode
updates, TWIC Privacy Keys (TPKs), and other
information to PAMs and supports multiple
authentication modes including FASC-N,
CHUID, CAK, PIV + PIN, CHUID + BIO, CAK +
BIO, and PIV + PIN + BIO.
updates, TWIC Privacy Keys (TPKs), and other
information to PAMs and supports multiple
authentication modes including FASC-N,
CHUID, CAK, PIV + PIN, CHUID + BIO, CAK +
BIO, and PIV + PIN + BIO.
Typically, an agency will install the pivCLASS
Registration Engine on each workstation where
credential registration is to occur. pivCLASS
Certificate Manager software is required for
ongoing revalidation of certificates after
registration and is usually placed on the PACS
server, although alternative configurations can
be implemented to meet specific needs.
Registration Engine on each workstation where
credential registration is to occur. pivCLASS
Certificate Manager software is required for
ongoing revalidation of certificates after
registration and is usually placed on the PACS
server, although alternative configurations can
be implemented to meet specific needs.
The communication flow between pivCLASS
elements and other parts of the architecture is
detailed in Figure 2.
elements and other parts of the architecture is
detailed in Figure 2.
Genuine HID
®
With Genuine HID, the
U.S. Federal Government,
government contractors
and other facilities benefit
from the broadest product
line of trusted, fully interoperable secure
identity solutions in the market. Genuine HID
solutions are designed and built in IS0 9001
certified facilities; include worldwide agency
certifications; and are backed by global
product warranties. Supported by industry-
leading expertise and the strongest delivery
and response platform available, Genuine HID
solutions reinforce the long-standing trust that
when customers purchase from HID Global,
they are investing with absolute confidence.
U.S. Federal Government,
government contractors
and other facilities benefit
from the broadest product
line of trusted, fully interoperable secure
identity solutions in the market. Genuine HID
solutions are designed and built in IS0 9001
certified facilities; include worldwide agency
certifications; and are backed by global
product warranties. Supported by industry-
leading expertise and the strongest delivery
and response platform available, Genuine HID
solutions reinforce the long-standing trust that
when customers purchase from HID Global,
they are investing with absolute confidence.
pivCLASS® Software Components:
pivCLASS Registration Engine:
reads, validates, authenticates
and automatically registers valid
credentials into PACS database
without any manual data entry.
reads, validates, authenticates
and automatically registers valid
credentials into PACS database
without any manual data entry.
pivCLASS Certificate Manager:
periodically revalidates the
status of digital certificates
and updates the PACS with
any change in status; can
automatically suspend any
card associated with a revoked
certificate; can send an email to
a distribution list for notification.
periodically revalidates the
status of digital certificates
and updates the PACS with
any change in status; can
automatically suspend any
card associated with a revoked
certificate; can send an email to
a distribution list for notification.
pivCLASS Reader Services:
configures and manages
pivCLASS readers via the PAM.
configures and manages
pivCLASS readers via the PAM.
s e
c u r e i d e n t i
t y
G
E N
U I N
E
Figure 2
PACS
Controller/Panel
Existing Physical
Access Control System
(PACS)
PACS
Software
Existing Security Mgmt
System Head-end
pivCLASS
Registration Engine
& pivCLASS
Certificate Manager
Validation Authorities
Federal Bridge, CRL, OCSP,
SCVP, TWIC Cancelled Card List
pivCLASS
®
Authentication
Module
Registration Engine &
Certificate Manager Functions
Credential Registration
Path discovery and validation
Revocation checking
Authentication Module
& Reader Functions
Signature checks
Private key challenge
Conformity & freshness checks
PIN & BIO checks
pivCLASS
®
System Diagram
pivCLASS Software
Communicates with Trust
Authorities