pivCLASS Solutions Brochure - HID Global
pivCLASS Solutions Brochure - HID Global
pivCLASS Solutions Brochure - HID Global
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>pivCLASS</strong> ® Validation Server<br />
Software Components:<br />
<strong>pivCLASS</strong> Validation Service:<br />
periodically generates and<br />
distributes updated validation<br />
status of all enrolled credentials<br />
<strong>pivCLASS</strong> Management Station:<br />
configures and manages the<br />
various PAMs connected to the<br />
system.<br />
Path Builder SerVE Client: used<br />
to support path discovery and<br />
revocation checking using either<br />
the OCSP or SCVP protocols.<br />
Optional <strong>pivCLASS</strong> Enroller: for<br />
systems that do not already<br />
have PKI enabled registration<br />
functionality.<br />
Figure 2<br />
<strong>pivCLASS</strong> ® Validation Server<br />
The <strong>pivCLASS</strong> Validation Server is a software<br />
solution that provides centralized management<br />
and control of <strong>pivCLASS</strong> system components.<br />
The software regularly communicates with<br />
external trust authorities, imports updated<br />
credential information and sends that<br />
information via Ethernet (AES256 encryption<br />
optional) to the <strong>pivCLASS</strong> Authentication<br />
Modules for enforcement.<br />
<strong>pivCLASS</strong> ® System Diagram<br />
<strong>pivCLASS</strong> Validation Server<br />
Communicates with Trust<br />
Authorities<br />
The software validates multiple card types,<br />
including PIV, PIV-I, CIV (PIV-C), CAC NG, CAC<br />
EP, Legacy CAC, TWIC and FRAC, and supports<br />
multiple authentication modes including<br />
FASC-N, CHUID, CAK, PIV + PIN, CHUID + BIO,<br />
CAK + BIO, and PIV + PIN + BIO.<br />
The <strong>pivCLASS</strong> Validation Server also configures<br />
PAMs and manages their firmware updates. An<br />
API enables third party integration to physical<br />
access control system software. Typically, an<br />
agency will install the <strong>pivCLASS</strong> Validation<br />
Server software on one dedicated server in<br />
each site, although alternative configurations<br />
can be implemented to meet specific needs.<br />
PACS<br />
Controller/Panel<br />
Existing Physical<br />
Access Control System<br />
(PACS)<br />
<strong>pivCLASS</strong> ®<br />
Authentication<br />
Module<br />
Authentication Module<br />
& Reader Functions<br />
Signature checks<br />
Private key challenge<br />
Conformity & freshness checks<br />
PIN & BIO checks<br />
PACS<br />
Software<br />
Existing Security Mgmt<br />
System Head-end<br />
<strong>pivCLASS</strong> ®<br />
Validation<br />
Server<br />
The communication flow between <strong>pivCLASS</strong><br />
elements and other parts of the architecture is<br />
detailed in Figure 2.<br />
Genuine <strong>HID</strong> <br />
With Genuine <strong>HID</strong>, the<br />
U.S. Federal Government,<br />
government contractors<br />
and other facilities<br />
Validation Server Functions<br />
Path discovery<br />
Path validation<br />
Revocation checking<br />
Construct FACL<br />
benefit from the broadest<br />
product line of trusted,<br />
fully interoperable secure<br />
G E N U I N E<br />
s e c u r e i d e<br />
identity solutions in the market. Genuine <strong>HID</strong><br />
solutions are designed and built in IS0 9001<br />
certified facilities; include worldwide agency<br />
certifications; and are backed by global<br />
n t i t y<br />
product warranties. Supported by industry-<br />
leading expertise and the strongest delivery<br />
and response platform available, Genuine <strong>HID</strong><br />
solutions reinforce the long-standing trust that<br />
when customers purchase from <strong>HID</strong> <strong>Global</strong>,<br />
they are investing with absolute confidence.<br />
Validation Authorities<br />
Federal Bridge, CRL, OCSP,<br />
SCVP, TWIC Cancelled Card List