HID pivCLASS User manual
pivCLASS
How to Order Guide
D00546, Release A.4
May 2013
The most current version of this document is available for download at
www.hidglobal.com/main/developers/pivclass.
To check order status, go to:
www.hidglobal.com > Knowledge Center > Customer Support > Customer Order Status.
HID, HID Global, the HID logo, pivCLASS, iCLASS, iCLASS SE, Trusted Identity Platform and Secure Identity Object
are the trademarks or registered trademarks of HID Global Corporation, or its licensors, in the U.S. and other
countries.
This document is subject to change without notice.
Document History
Date Author Description Version
5/10/13
BD
Updated for Release 3.2
A.4
7/6/12
LD
Corrected an error. Added the Validation Server USB option.
A.3
6/28/12
BD, RP
Removed pivCLASS Validation Server CD, 6714-306-01 and PIV Audit Card Package. Added
6714-306-04.
A.2
4/12/12
DD, BD
Corrected PIV+PIN typos; added PIV Audit Card Package Part Number, API DTK and new
training
A.1
2/26/12
DD, BD
Initial release
A.0
pivCLASS How to Order Guide – D00456, A.4
Page 2 of 11 © 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Contents
pivCLASS Introduction...............................................................................................................................3
pivCLASS Certification...............................................................................................................................3
Reader Configuration Choices ..................................................................................................................3
Reader Part Number Configuration Aides................................................................................................3
pivCLASS Readers......................................................................................................................................4
pivCLASS Bundles......................................................................................................................................5
pivCLASS Authentication Module (PAM) .................................................................................................6
Validation Server.........................................................................................................................................7
Evaluation Kits & Credential Testing Aides.............................................................................................8
Evaluation Kits ..........................................................................................................................................................8
Credential Testing Aides...........................................................................................................................................8
Certification Training Course.....................................................................................................................9
Reader Programming Cards ....................................................................................................................10
Reader Configuration Cards....................................................................................................................................10
Firmware Update Cards..........................................................................................................................................10
Reader Accessories..................................................................................................................................11
pivCLASS How to Order Guide – D00456, A.4
May 2013 © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page 3 of 11
pivCLASS Introduction
HID Global’s pivCLASS®Government Solutions portfolio is an extensive product family making it easy for U.S.
Federal Government, government contractors and other facilities to comply with security regulations. By using
Personal Identity Verification (PIV) and other smart cards for physical access control results in compliance,
interoperability and high security.
The pivCLASS modular approach provides government agencies the ability to use their PIV identity cards for strong
Public Key Infrastructure (PKI)-based validation for physical access control. The solution enables this functionality
without the need to “rip and replace” existing Physical Access Control systems (PACs), reducing costs, and removing
complexities to make it easy and affordable to acquire, install and maintain compliant physical access control
systems.
pivCLASS accomplishes this in part by communicating with an agency’s PACs and external trust authority PKIs to
deliver functionality specified by National Institute of Standards and Technology (NIST) Federal Information
Processing Standards Publication 201 (FIPS 201).
Ordering information for all Release 3.2 pivCLASS components are included in this How to Order guide.
pivCLASS Certification
You must be a pivCLASS certified reseller to order either the pivCLASS Validation Server or the pivCLASS
Authentication Module (PAM). You do NOT need to be certified to order any pivCLASS reader. Certification is
achieved by having at least two members of your staff successfully complete the pivCLASS training program.
Reader Configuration Choices
All pivCLASS readers are designed to be “transitional readers”. Transitional readers can be configured to support two
different operational modes:
1. Wiegand Mode – in this mode the reader will read the FASC-N or UUID from the card and pass this data
directly to the door controller or panel over a Wiegand interface. The FASC-N output can be configured to
provide various output formats including 64 bit BDC, 75 bit GSA and 200 bit full FASC-N. The UUID output
is always 128 bits. Custom FASC-N output formats are available but some of these may not be supported in
PAM mode. It is important to note that in this mode NO AUTHENTICATION is done; it is provided to enable
a phased implementation approach.
2. PAM Mode – in this mode the reader is connected to a pivCLASS Authentication Module (PAM) using
RS485 communication protocol. This mode supports CHUID, CAK (card authentication key), PIV+PIN,
PIV+PIN+BIO authentication, as defined in FIPS 201, depending on the capabilities of the reader (i.e.,
contactless, contact or biometric). This mode also supports the additional TWIC authentication modes
CHUID + BIO and CAK + BIO.
These readers can be reconfigured in the field to support either mode. For example, the following two step process
can be used to reconfigure from Wiegand to PAM mode:
•Connect the reader to the PAM
•Reconfigured the reader to PAM mode using a pivCLASS Reader Programming Card
Reader Part Number Configuration Aides
In addition to this document HID provides an online tool for determining the part number for various pivCLASS
readers. You can access this tool on the PIV & FIPS 201 Solutions page by following the link
https://www.hidglobal.com/government/piv and clicking on “pivCLASS, iCLASS SE, multiCLASS WE Configuration
Guide” link under the Related Documents column.
Note: This is a large Excel file that will take some time to download.
pivCLASS How to Order Guide – D00456, A.4
Page 4 of 11 © 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. May 2013
pivCLASS Readers
Obtaining individual pivCLASS reader part numbers requires the use of the online pivCLASS Reader Configurator. You do not need to be pivCLASS certified to resell
pivCLASS readers.
Description
Part Number
Base
Part No. 125 kHz
Interpreters113.56 MHz
Interpreters Controller
Communications2
Controller
Hardware
Connection
Product
Version Color Security3Specific
Configuration
Settings4
pivCLASS R10 & RP10
Mini-Mullion Contactless Reader 900
N = Without Prox
P = With Prox (Std)
H
(contactless)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
T = Terminal Strip
E
K = Black
G = Gray
0 = Standard
E = Elite
XXXX
pivCLASS R15 & RP15
Mullion Contactless Reader 910
pivCLASS R40 & RP40
Wall Switch Contactless Reader 920
pivCLASS RK40 & RPK40
Wall Switch Contactless Keypad Reader Keypad 921
pivCLASS RKCL40 & RPKCL40
Wall Switch Contact/Contactless Keypad Reader
with LCD display 923 N = Without Prox
P = With Prox (Std)
P
(contact +
contactless)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
T = Terminal Strip
E
K = Black
0 = Standard
E = Elite
XXXX
pivCLASS RKCLB40 & RPKCLB40
Wall Switch Contact/Contactless Keypad Reader
with LCD display and Biometric sensor 924
1 125 kHzProx Interpreters
Order P for standard format support = HID Prox, AWID, EM4102 and Indala (10022 – 26-bit).
All pivCLASS readers supporthigh frequency 13.56 MHztechnology.
2Controller Communications
R = Default option. Supportsboth Wiegand out and full duplex (FDX)RS-485. Reconfigurable in field from Wiegand to RS485using a programming card.FDX required for use with PAM.
P = Supports both Wiegand out and half duplex(HDX) RS485 with OSDP v1protocol.Reconfigurable in field fromWiegand to RS485 using a programming card. HDX is not supported by PAM.
Factory configurationoption for Wiegandmode is determined bythe “Specific ConfigurationSettings”. See note4 below.
3iCLASS®Security Options (Factoryor Field Configurable)
0 = Standard Security(Version 1) Keyset – compatible with iCLASS SE®, iCLASS SR, standard iCLASS, SE for MIFARE Classic and SE for MIFARE DESFire EV1 credentials.
E = Elite, reads only SE EliteTM credentials with unique matching keys– compatible with iCLASS SE, iCLASS SR, standard iCLASS,SE for MIFARE Classic and SE for MIFARE DESFire EV1 with matching Elite keys.Line item
on PO requires ICE reference number.
4Specific Configuration Settings
Identifiesall firmware configurations including Wiegand outputsettings, PAMand OSDP mode settings and audio/visual settings (e.g., default setting): buzzer on, LED normallyred, flashes green on read, buffer one key, no
parity, 4 bit message. Use the pivCLASS, iCLASS SE, multiCLASS Configuration Guide located on the HID Global PIV & FIPS 201 Solutions web page (https://www.hidglobal.com/government/piv) to obtain the complete
reader part number.
pivCLASS How to Order Guide – D00456, A.4
May 2013 © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page 5 of 11
pivCLASS Bundles
Bundles consist of two (2) pivCLASS readers and one (1) pivCLASS Authentication Module (PAM). You must be a pivCLASS Certified Reseller to purchase these
bundles. To obtain the desired bundle part number first determine the individual pivCLASS reader part number and then insert a “B” in front of the Base Part Number
as shown below. First year maintenance and support is mandatory with every PAM and must be purchased separately (not included with Bundle purchase).
Description
Part Number
Base
Part No. 125 kHz
Interpreters113.56 MHz
Interpreters Controller
Communications2
Controller
Hardware
Connection
Product
Version Color Security3Specific
Configuration
Settings4
Qty 2 x
pivCLASS R40-H OR
pivCLASS RP40-H
Contactless Smart Card Reader:
Finished Reader, Wall Switch
Qty 1 x
pivCLASS Authentication Module
(Model: M2000)
Authentication module hardware,
firmware and installation guides.
Includes PAM with plastic enclosure
and mounting plate.
B920 N = Without Prox
P = With Prox
(Std)
H
(contactless)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
T = Terminal
Strip E K = Black
G = Gray
0 =
Standard
E = Elite
XXXX
Qty 2 x
pivCLASS RKCL40-P OR
pivCLASS RPKCL40-P
Contactless and Contact Smart
Card Reader: Finished Reader,
Wall Switch, Key Pad, LCD
US Double-Gang Size
Qty 1 x
pivCLASS Authentication Module
(Model: M2000)
Authentication module hardware,
firmware and installation guides.
Includes PAM with plastic enclosure
and mounting plate.
B923 N = Without Prox
P = With Prox
(Std)
P
(contact +
contactless)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
T = Terminal
Strip E K = Black 0 =
Standard
E = Elite
XXXX
1 125 kHzProx Interpreters
Order P for standard format support = HID Prox, AWID, EM4102 and Indala (10022 – 26-bit).
All pivCLASS readers supporthigh frequency 13.56 MHztechnology.
2Controller Communications
R = Default option. Supportsboth Wiegand out and full duplex (FDX)RS485. Reconfigurable in field fromWiegand to RS485 using a programming card.FDX required foruse with PAM.
P = Supports both Wiegand out andhalf duplex (HDX) RS485 with OSDP v1 protocol. Reconfigurable in field from Wiegand to RS485 using a programming card.HDX is not supported by PAM.
Factory configurationoption for Wiegandmode is determined bythe “Specific ConfigurationSettings”, see note4 below.
3iCLASS Security Options (Factory or FieldConfigurable)
0 = Standard Security (Version 1) Keyset – compatible with iCLASS SE, iCLASS SR, standard iCLASS, SE for MIFARE Classic and SE for MIFARE DESFire EV1 credentials.
E = Elite, reads only SE EliteTM credentials with unique matching keys– compatible with iCLASS SE, iCLASS SR, standard iCLASS, SE for MIFARE Classic and SE for MIFARE DESFire EV1with matching Elite keys. Line item
on PO requires ICE reference number.
4SpecificConfiguration Settings
Identifiesall firmware configurations including Wiegand output settings,PAM and OSDP mode settingsand audio/visualsettings (e.g., default setting): buzzer on, LED normally red, flashes green on read, buffer one key, no
parity, 4 bit message. Use the pivCLASS, iCLASS SE, multiCLASS Configuration Guide located on the HID Global PIV & FIPS 201 Solutions web page (https://www.hidglobal.com/government/piv) to obtain the complete
reader part number.
pivCLASS How to Order Guide – D00456, A.4
Page 6 of 11 © 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. May 2013
pivCLASS Authentication Module (PAM)
Order individual pivCLASS Authentication Modules using the part numbers on this page. The PAM supports up to two (2) pivCLASS readers. Note: Must be connected
to a pivCLASS Validation Server. First year maintenance and support is mandatory with every PAM and must be purchased separately (not included with the PAM
purchase). You must be a pivCLASS Certified Reseller to purchase PAMs.
Description Part Number
Base Part No.
Product Version
Packaging
Configuration Settings
pivCLASS Authentication Module
Model: M2000
Authentication module hardware, firmware and
installation manuals.
91000 A B = Plastic Enclosure Backplate & Cover
N = Noenclosure (board only)
NNN = Default
Description Part Number
pivCLASS Authentication Module Standard Maintenance & Support
One year support for one (1) authentication modulewith the first year mandatory. PCAMM4
pivCLASS Authentication Module Maintenance & Support Reinstatement fee per unit PCAMM4R
pivCLASS How to Order Guide – D00456, A.4
May 2013 © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page 7 of 11
Validation Server
Order the pivCLASS Validation Server using the part numbers found on this page. First year maintenance and support is mandatory with every pivCLASS Validation
Server and must be purchased separately (not included with the Validation Server purchase). You must be a pivCLASS Certified Reseller to purchase a Validation
Authority.
Description Part Number
pivCLASS Validation Server
Includes pivCLASS Management Station, Validation
Server, Path Builder SerVE and Enroller software and supporting
documentation.
PCVSL
pivCLASS Validation Server Standard Maintenance & Support
One year support for one (1) validation server.First year mandatory. 8x5 Central M-F. PCVSM4
pivCLASS Validation Server Software Maintenance & Support Reinstatement
Per server installation PCVSM4R
pivCLASS How to Order Guide – D00456, A.4
Page 8 of 11 © 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. May 2013
Evaluation Kits & Credential Testing Aides
Order evaluation kits using part numbers on this page. Evaluation kits provide all parts necessary to setup and evaluate a mini-pivCLASS system.
You must be a pivCLASS Certified Reseller to purchase a pivCLASS Evaluation Kit.
Evaluation Kits
Description Part Number
Evaluation Kit for CAK / CHUID Authentication
Includes 1 x pivCLASS R40-H reader, 1 x pivCLASS Authentication Module & SD card, 1 x EDGE Solo single-door stand-
alone access control system, OMNIKEY 3021
PC contact card reader, USBmemory stick containing documentation and software, PIV test card kit, legacy test card kit containing iCLASS & HID Prox cards and
documentation.
D91920ANN
Evaluation Kit for PIV + PIN Authentication
Includes 1 x pivCLASS RPKCL40-P reader, 1 x pivCLASS Authentication Module & SD card, 1 x EDGE Solo single-door stand-alone access control system, OMNIKEY
3021PC contact card reader,USB memory stick containingdocumentation and software, PIV test card kit, legacytest card kit containing iCLASS & HID Prox cards
and documentation.
D91923ANN
Credential Testing Aides
Description Part Number
PIV Test Card kit
Includes 3 cards – 2of which are “golden”cards with no errorsand the remaining 1hasbeen revoked.
The package also includesCA certificates the associated CRL. Note: This part isincluded in theevaluation kit– order this partadditional or replacement cards. 01-0032-01
Legacy Test Card kit containing iCLASS & HID Prox cards
Includes 1 x standard iCLASS card and 1 x HID Prox card. Note: This part is included in the evaluation kit – order this part as additional or replacement cards. 6712-311-01
PIV Audit Cards
Includes a mix of 23 PIV and PIV-I cards 21 ofwhich have altered data thatwould, if not detected, result in an access control system compromise. Includes CA
certificates, CRL and a User Guide. 01-0034-01
pivCLASS How to Order Guide – D00456, A.4
May 2013 © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page 9 of 11
Certification Training Course
Sign-up for pivCLASS certification training using part numbers on this page. Only certified resellers are authorized to sell pivCLASS Authentication Modules and
Validation Servers. Use this training course to become a certified reseller.
Description Part Number
pivCLASS Certification Training and Materials – HID Facility
Three daytraining session leading to pivCLASS certificationperformed at the HID Facility.
Includescourse and materials. Does not include travel expenses.
6712-914
pivCLASS Certification Training and Materials – Customer Facility
Three daytraining session forup to 10 people leading to pivCLASS certificationperformed atthe
Customers facility.
Includescourse and materials. Does not include travel expenses.
6712-915
pivCLASS Certification Training and Materials - Customer Facility
Includes cost associated with Travel and Expenses for training at the Customer's Facility. PIV-TRAIN-xxxx
pivCLASS How to Order Guide – D00456, A.4
Page 10 of 11 © 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. May 2013
Reader Programming Cards
Reader programming cards are used to reconfigure a reader to a desired target configuration by using Reader Configuration Cards. Firmware Update Cards can be
used to reload the reader with the latest version of firmware. Contact HID Technical Support (https://support.hidglobal.com) to ensure selecting the proper configuration
card extension.
Reader Configuration Cards
Description Part Number
Base Part No. iCLASS Security Keys Configuration Card Extension
Reader Mode and Output Configuration Settings
Use these part numbersto order configuration cards to change reader modes (e.g.,
Wiegand to PAM) and output formats (e.g., 200 bit Wiegand).
Includesreader configuration programming cardand instructions
SEC9X-CRD- 0 = Standard
E = Elite -XXXX = Specific configuration1
Reset Beeper / LED, Keypad and IPM to Factory Defaults
Use these part numbers to order configuration cards to reset reader settings to factory
defaults.
Includesreader configuration programming card and instructions
SEC9X-CRD- 0 = Standard
E = Elite
-0000 = Factory configuration (Rx models)2
-0001 =Factory configuration (RPxmodels)
-0002 =Factory configuration (RKxmodels)
-0003 = Factory configuration (RPKx models)
1Contact your HIDGlobalSupport representative (https://support.hidglobal.com) to determine your specific configuration extension.
2Factory Default configurations include: LED normallyred, beep on and flashes green on read card; keypaddata = buffer one key, no parity,4 bit message, IntelligentPower Management = Off; Prox reads 125 kHz HID Prox,
AWID, Indala (ASP10022), EM4102.
Firmware Update Cards
For updating reader interpreters and other functionality to the latest firmware version over an RF interface.
Description Part Number
Programming Cards – Firmware Base Part No. iCLASS
Security Keys Version Update Card Extension
Firmware Update Cards
Includes latest versionof reader firmware on a RF programming card and instructions. SEF9X-UPG- 0 = Standard
E = Elite E = RevE Version -XXXX1
1 Contact your HID Support Representative (https://support.hidglobal.com) to obtainthe Firmware Update Card extension.
pivCLASS How to Order Guide – D00456, A.4
May 2013 © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page 11 of 11
Reader Accessories
Description Part Number
Mounting Plates, Spacers, Screws and Accessory Kits
R10 (or equivalent size model) Mini-Mullion Reader Mounting Plate, Any Color 6303-104-01
R15 (or equivalent size model) Mullion Reader Mounting Plate, Any Color 6309-103-01
R30 (or equivalent size model) EU/AsianReader Mounting Plate,Any Color 6402-103-01
R40 (or equivalentsize model)Wall Switch Reader Mounting Plate, AnyColor 6403-109-01
R10 (or equivalent size model) Reader Spacer, Black 6132AKB
R10 (or equivalent size model) Reader Spacer, Gray 6132AGB
R15 (or equivalent size model) Reader Spacer, Black 6132AKC
R15 (or equivalent size model) Reader Spacer, Gray 6132AGC
R30 (or equivalent size model) Reader Spacer, Black 6132AKD
R30 (or equivalent size model) Reader Spacer, Gray 6132AGD
R40 (or equivalent size model) Reader Spacer, Black 6132AKE
R40 (or equivalent size model) Reader Spacer, Gray 6132AGE
RK40 (or equivalent size model) Reader Spacer, Black 6132AK
RK40 (or equivalent size model)ReaderSpacer, Gray 6132AG
RKCL40 (or equivalent size model) Reader Spacer, Angle Right, Black 6132AKK
RKCL40 (orequivalent size model) Reader Spacer, Angle Left, Black 6132AKL
RKCL40 Wall Plate, two piece,Black 6714-119-01
RKCL40 Mounting Plate for two piece Wall Plate, Black 6714-305-01
Security Screw 400-2D71-06
Reader Accessory Kit (includes terminal blocks, screws and installation guide) 6700-300-02
Reader Accessory Kit (includes terminal blocks, screws and installation guide for reader with side car) 6714-306-04
Table of contents
