HID Identity pivCLASS R10-H 900NHPNEGE0336 ユーザーズマニュアル
製品コード
900NHPNEGE0336
pivCLASS Readers Meet Any
Authentication Mode and Any
Assurance Level
“Controlled” Areas
“Exclusion” Areas
“Limited” Areas
pivCLASS
®
Readers
The pivCLASS Government Solution suite
includes a broad selection of readers for
agencies to meet any security level and the
NIST SP 800-116 guidelines. pivCLASS readers
work with the pivCLASS Authentication
Module
includes a broad selection of readers for
agencies to meet any security level and the
NIST SP 800-116 guidelines. pivCLASS readers
work with the pivCLASS Authentication
Module
™
to meet requirements for:
Any assurance level: controlled, limited or
exclusion.
exclusion.
Any authentication mode: CHUID,
CAK, PIV + PIN, or PIV + PIN + BIO;
also, FASC-N reads for non-SP800-116
“uncontrolled” areas, and the additional
TWIC authentication modes, CHUID + BIO
and CAK + BIO.
CAK, PIV + PIN, or PIV + PIN + BIO;
also, FASC-N reads for non-SP800-116
“uncontrolled” areas, and the additional
TWIC authentication modes, CHUID + BIO
and CAK + BIO.
Nearly any card type, contact or
contactless, including PIV, PIV-I, CIV (a.k.a.,
PIV-C), TWIC, FRAC and CAC.
contactless, including PIV, PIV-I, CIV (a.k.a.,
PIV-C), TWIC, FRAC and CAC.
Additionally, pivCLASS readers provide fully
functional backward compatibility with existing
functional backward compatibility with existing
iCLASS
®
and HID Prox readers, easing the
transition from legacy cards to PKI-based
credentials. The readers also support bi-
directional communication to the PAM.
credentials. The readers also support bi-
directional communication to the PAM.
Assurance Levels and Authentication Modes
Most Federal facilities have likely completed a
risk assessment that designated each door and
portal as requiring an uncontrolled, controlled,
limited or exclusion assurance level. NIST SP
800-116 specifies which authentication modes
are required for which assurance levels. For
instance, a door leading to a high security area
will require a more advanced reader (in order
to perform additional identity checks, such
as biometric fingerprint match) than a lower
security door.
Figure 1 illustrates the different security levels
and the attack vectors addressed by the
pivCLASS solution.
risk assessment that designated each door and
portal as requiring an uncontrolled, controlled,
limited or exclusion assurance level. NIST SP
800-116 specifies which authentication modes
are required for which assurance levels. For
instance, a door leading to a high security area
will require a more advanced reader (in order
to perform additional identity checks, such
as biometric fingerprint match) than a lower
security door.
Figure 1 illustrates the different security levels
and the attack vectors addressed by the
pivCLASS solution.
Figure 1
Secures against cards that are...
Security Area
(per NIST SP800-116
& Risk Assessment)
Authentication
Factors
Authentication
Modes
Revoked
Counterfeit
or Altered
Copied
or Cloned
Lost
or Stolen
Shared
Uncontrolled
None
FASC-N
Controlled
1
CHUID + VIS
Controlled
1
CAK
Limited
2
PIV + PIN
Exclusion
3
PIV + PIN + BIO
BIO: Biometric; CAK: Card Authentication Key; CHUID: Cardholder Unique Identifier; FASC-N: Federal Agency Smart Credential Number; PIN: Personal Identification Number; PIV: Personal Identity Verification (PIV) Authentication Key; VIS: Visual
Meet Any Assurance Level