1. technology and computing
2. hardware
3. computer networking
4. router

pivCLASS
How to Order Guide
D00546, Release A.4
May 2013
The most current version of this document is available for download at
www.hidglobal.com/main/developers/pivclass.
To check order status, go to:
www.hidglobal.com > Knowledge Center > Customer Support > Customer Order Status.
HID, HID Global, the HID logo, pivCLASS, iCLASS, iCLASS SE, Trusted Identity Platform and Secure Identity Object
are the trademarks or registered trademarks of HID Global Corporation, or its licensors, in the U.S. and other
countries.
This document is subject to change without notice.
Document History
Date
Author
Description
Version
5/10/13
7/6/12
6/28/12
BD
LD
BD, RP
A.4
A.3
A.2
4/12/12
DD, BD
2/26/12
DD, BD
Updated for Release 3.2
Corrected an error. Added the Validation Server USB option.
Removed pivCLASS Validation Server CD, 6714-306-01 and PIV Audit Card Package. Added
6714-306-04.
Corrected PIV+PIN typos; added PIV Audit Card Package Part Number, API DTK and new
training
Initial release
A.1
A.0
pivCLASS How to Order Guide – D00456, A.4
Contents
pivCLASS Introduction ............................................................................................................................... 3
pivCLASS Certification ............................................................................................................................... 3
Reader Configuration Choices .................................................................................................................. 3
Reader Part Number Configuration Aides ................................................................................................ 3
pivCLASS Readers ...................................................................................................................................... 4
pivCLASS Bundles ...................................................................................................................................... 5
pivCLASS Authentication Module (PAM) ................................................................................................. 6
Validation Server ......................................................................................................................................... 7
Evaluation Kits & Credential Testing Aides ............................................................................................. 8
Evaluation Kits ..........................................................................................................................................................8
Credential Testing Aides ...........................................................................................................................................8
Certification Training Course..................................................................................................................... 9
Reader Programming Cards .................................................................................................................... 10
Reader Configuration Cards.................................................................................................................................... 10
Firmware Update Cards .......................................................................................................................................... 10
Reader Accessories .................................................................................................................................. 11
Page 2 of 11
© 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
pivCLASS How to Order Guide – D00456, A.4
pivCLASS Introduction
®
HID Global’s pivCLASS Government Solutions portfolio is an extensive product family making it easy for U.S.
Federal Government, government contractors and other facilities to comply with security regulations. By using
Personal Identity Verification (PIV) and other smart cards for physical access control results in compliance,
interoperability and high security.
The pivCLASS modular approach provides government agencies the ability to use their PIV identity cards for strong
Public Key Infrastructure (PKI)-based validation for physical access control. The solution enables this functionality
without the need to “rip and replace” existing Physical Access Control systems (PACs), reducing costs, and removing
complexities to make it easy and affordable to acquire, install and maintain compliant physical access control
systems.
pivCLASS accomplishes this in part by communicating with an agency’s PACs and external trust authority PKIs to
deliver functionality specified by National Institute of Standards and Technology (NIST) Federal Information
Processing Standards Publication 201 (FIPS 201).
Ordering information for all Release 3.2 pivCLASS components are included in this How to Order guide.
pivCLASS Certification
You must be a pivCLASS certified reseller to order either the pivCLASS Validation Server or the pivCLASS
Authentication Module (PAM). You do NOT need to be certified to order any pivCLASS reader. Certification is
achieved by having at least two members of your staff successfully complete the pivCLASS training program.
Reader Configuration Choices
All pivCLASS readers are designed to be “transitional readers”. Transitional readers can be configured to support two
different operational modes:
1.
Wiegand Mode – in this mode the reader will read the FASC-N or UUID from the card and pass this data
directly to the door controller or panel over a Wiegand interface. The FASC-N output can be configured to
provide various output formats including 64 bit BDC, 75 bit GSA and 200 bit full FASC-N. The UUID output
is always 128 bits. Custom FASC-N output formats are available but some of these may not be supported in
PAM mode. It is important to note that in this mode NO AUTHENTICATION is done; it is provided to enable
a phased implementation approach.
2.
PAM Mode – in this mode the reader is connected to a pivCLASS Authentication Module (PAM) using
RS485 communication protocol. This mode supports CHUID, CAK (card authentication key), PIV+PIN,
PIV+PIN+BIO authentication, as defined in FIPS 201, depending on the capabilities of the reader (i.e.,
contactless, contact or biometric). This mode also supports the additional TWIC authentication modes
CHUID + BIO and CAK + BIO.
These readers can be reconfigured in the field to support either mode. For example, the following two step process
can be used to reconfigure from Wiegand to PAM mode:
•
Connect the reader to the PAM
•
Reconfigured the reader to PAM mode using a pivCLASS Reader Programming Card
Reader Part Number Configuration Aides
In addition to this document HID provides an online tool for determining the part number for various pivCLASS
readers. You can access this tool on the PIV & FIPS 201 Solutions page by following the link
https://www.hidglobal.com/government/piv and clicking on “pivCLASS, iCLASS SE, multiCLASS WE Configuration
Guide” link under the Related Documents column.
Note: This is a large Excel file that will take some time to download.
May 2013
© 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page 3 of 11
pivCLASS How to Order Guide – D00456, A.4
pivCLASS Readers
Obtaining individual pivCLASS reader part numbers requires the use of the online pivCLASS Reader Configurator. You do not need to be pivCLASS certified to resell
pivCLASS readers.
Part Number
Description
Base
Part No.
pivCLASS R10 & RP10
Mini-Mullion Contactless Reader
900
pivCLASS R15 & RP15
Mullion Contactless Reader
910
pivCLASS R40 & RP40
Wall Switch Contactless Reader
920
125 kHz
Interpreters1
13.56 MHz
Interpreters
Controller
Communications2
Controller
Hardware
Connection
Product
Version
Color
Security3
Specific
Configuration
Settings4
N = Without Prox
P = With Prox (Std)
H
(contactless)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
E
T = Terminal Strip
K = Black 0 = Standard
G = Gray E = Elite
XXXX
N = Without Prox
P = With Prox (Std)
P
(contact +
contactless)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
E
T = Terminal Strip
K = Black
0 = Standard
E = Elite
XXXX
pivCLASS RK40 & RPK40
921
Wall Switch Contactless Keypad Reader Keypad
pivCLASS RKCL40 & RPKCL40
Wall Switch Contact/Contactless Keypad Reader 923
with LCD display
pivCLASS RKCLB40 & RPKCLB40
Wall Switch Contact/Contactless Keypad Reader 924
with LCD display and Biometric sensor
125 kHz Prox Interpreters
Order P for standard format support = HID Prox, AWID, EM4102 and Indala (10022 – 26-bit).
All pivCLASS readers support high frequency 13.56 MHz technology.
2 Controller Communications
R = Default option. Supports both Wiegand out and full duplex (FDX) RS-485. Reconfigurable in field from Wiegand to RS485 using a programming card. FDX required for use with PAM.
P = Supports both Wiegand out and half duplex (HDX) RS485 with OSDP v1 protocol. Reconfigurable in field from Wiegand to RS485 using a programming card. HDX is not supported by PAM.
Factory configuration option for Wiegand mode is determined by the “Specific Configuration Settings”. See note 4 below.
3 iCLASS® Security Options (Factory or Field Configurable)
0 = Standard Security (Version 1) Keyset – compatible with iCLASS SE®, iCLASS SR, standard iCLASS, SE for MIFARE Classic and SE for MIFARE DESFire EV1 credentials.
E = Elite, reads only SE EliteTM credentials with unique matching keys – compatible with iCLASS SE, iCLASS SR, standard iCLASS, SE for MIFARE Classic and SE for MIFARE DESFire EV1 with matching Elite keys. Line item
on PO requires ICE reference number.
4 Specific Configuration Settings
Identifies all firmware configurations including Wiegand output settings, PAM and OSDP mode settings and audio/visual settings (e.g., default setting): buzzer on, LED normally red, flashes green on read, buffer one key, no
parity, 4 bit message. Use the pivCLASS, iCLASS SE, multiCLASS Configuration Guide located on the HID Global PIV & FIPS 201 Solutions web page (https://www.hidglobal.com/government/piv) to obtain the complete
reader part number.
1
Page 4 of 11
© 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
May 2013
pivCLASS How to Order Guide – D00456, A.4
pivCLASS Bundles
Bundles consist of two (2) pivCLASS readers and one (1) pivCLASS Authentication Module (PAM). You must be a pivCLASS Certified Reseller to purchase these
bundles. To obtain the desired bundle part number first determine the individual pivCLASS reader part number and then insert a “B” in front of the Base Part Number
as shown below. First year maintenance and support is mandatory with every PAM and must be purchased separately (not included with Bundle purchase).
Part Number
Description
Qty 2 x
Base
Part No.
13.56 MHz
Interpreters
Controller
Communications2
Controller
Hardware
Connection
Product
Version
Color
Security3
Specific
Configuration
Settings4
Qty 1 x
pivCLASS R40-H OR
pivCLASS Authentication Module
pivCLASS RP40-H
(Model: M2000)
B920
Contactless Smart Card Reader: Authentication module hardware,
Finished Reader, Wall Switch
firmware and installation guides.
Includes PAM with plastic enclosure
and mounting plate.
Qty 2 x
Qty 1 x
pivCLASS RKCL40-P OR
pivCLASS RPKCL40-P
Contactless and Contact Smart
Card Reader: Finished Reader,
Wall Switch, Key Pad, LCD
US Double-Gang Size
125 kHz
Interpreters1
pivCLASS Authentication Module
(Model: M2000)
B923
Authentication module hardware,
firmware and installation guides.
Includes PAM with plastic enclosure
and mounting plate.
N = Without Prox
H
P = With Prox
(contactless)
(Std)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
T = Terminal
Strip
E
K = Black
G = Gray
0=
Standard
E = Elite
XXXX
P
N = Without Prox
(contact +
P = With Prox
contactless)
(Std)
P = RS485 HDX
R = RS485 FDX
(See note 2)
N = Pigtail
T = Terminal
Strip
E
K = Black
0=
Standard
E = Elite
XXXX
125 kHz Prox Interpreters
Order P for standard format support = HID Prox, AWID, EM4102 and Indala (10022 – 26-bit).
All pivCLASS readers support high frequency 13.56 MHz technology.
2 Controller Communications
R = Default option. Supports both Wiegand out and full duplex (FDX) RS485. Reconfigurable in field from Wiegand to RS485 using a programming card. FDX required for use with PAM.
P = Supports both Wiegand out and half duplex (HDX) RS485 with OSDP v1 protocol. Reconfigurable in field from Wiegand to RS485 using a programming card. HDX is not supported by PAM.
Factory configuration option for Wiegand mode is determined by the “Specific Configuration Settings”, see note 4 below.
3 iCLASS Security Options (Factory or Field Configurable)
0 = Standard Security (Version 1) Keyset – compatible with iCLASS SE, iCLASS SR, standard iCLASS, SE for MIFARE Classic and SE for MIFARE DESFire EV1 credentials.
E = Elite, reads only SE EliteTM credentials with unique matching keys – compatible with iCLASS SE, iCLASS SR, standard iCLASS, SE for MIFARE Classic and SE for MIFARE DESFire EV1 with matching Elite keys. Line item
on PO requires ICE reference number.
4 Specific Configuration Settings
Identifies all firmware configurations including Wiegand output settings, PAM and OSDP mode settings and audio/visual settings (e.g., default setting): buzzer on, LED normally red, flashes green on read, buffer one key, no
parity, 4 bit message. Use the pivCLASS, iCLASS SE, multiCLASS Configuration Guide located on the HID Global PIV & FIPS 201 Solutions web page (https://www.hidglobal.com/government/piv) to obtain the complete
reader part number.
1
May 2013
© 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page 5 of 11
pivCLASS How to Order Guide – D00456, A.4
pivCLASS Authentication Module (PAM)
Order individual pivCLASS Authentication Modules using the part numbers on this page. The PAM supports up to two (2) pivCLASS readers. Note: Must be connected
to a pivCLASS Validation Server. First year maintenance and support is mandatory with every PAM and must be purchased separately (not included with the PAM
purchase). You must be a pivCLASS Certified Reseller to purchase PAMs.
Description
pivCLASS Authentication Module
Model: M2000
Authentication module hardware, firmware and
installation manuals.
Part Number
Base Part No.
91000
Description
Product Version
A
B = Plastic Enclosure Backplate & Cover
N = No enclosure (board only)
Configuration Settings
NNN = Default
Part Number
pivCLASS Authentication Module Standard Maintenance & Support
One year support for one (1) authentication module with the first year mandatory.
PCAMM4
pivCLASS Authentication Module Maintenance & Support Reinstatement fee per unit
PCAMM4R
Page 6 of 11
Packaging
© 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
May 2013
pivCLASS How to Order Guide – D00456, A.4
Validation Server
Order the pivCLASS Validation Server using the part numbers found on this page. First year maintenance and support is mandatory with every pivCLASS Validation
Server and must be purchased separately (not included with the Validation Server purchase). You must be a pivCLASS Certified Reseller to purchase a Validation
Authority.
Description
Part Number
pivCLASS Validation Server
Includes pivCLASS Management Station, Validation
Server, Path Builder SerVE and Enroller software and supporting
documentation.
PCVSL
pivCLASS Validation Server Standard Maintenance & Support
One year support for one (1) validation server. First year mandatory. 8x5 Central M-F.
PCVSM4
pivCLASS Validation Server Software Maintenance & Support Reinstatement
Per server installation
PCVSM4R
May 2013
© 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page 7 of 11
pivCLASS How to Order Guide – D00456, A.4
Evaluation Kits & Credential Testing Aides
Order evaluation kits using part numbers on this page. Evaluation kits provide all parts necessary to setup and evaluate a mini-pivCLASS system.
You must be a pivCLASS Certified Reseller to purchase a pivCLASS Evaluation Kit.
Evaluation Kits
Description
Part Number
Evaluation Kit for CAK / CHUID Authentication
Includes 1 x pivCLASS R40-H reader, 1 x pivCLASS Authentication Module & SD card, 1 x EDGE Solo single-door stand-alone access control system, OMNIKEY 3021
D91920ANN
PC contact card reader, USB memory stick containing documentation and software, PIV test card kit, legacy test card kit containing iCLASS & HID Prox cards and
documentation.
Evaluation Kit for PIV + PIN Authentication
Includes 1 x pivCLASS RPKCL40-P reader, 1 x pivCLASS Authentication Module & SD card, 1 x EDGE Solo single-door stand-alone access control system, OMNIKEY
D91923ANN
3021 PC contact card reader, USB memory stick containing documentation and software, PIV test card kit, legacy test card kit containing iCLASS & HID Prox cards
and documentation.
Credential Testing Aides
Description
Part Number
PIV Test Card kit
Includes 3 cards – 2 of which are “golden” cards with no errors and the remaining 1 has been revoked.
The package also includes CA certificates the associated CRL. Note: This part is included in the evaluation kit – order this part additional or replacement cards.
01-0032-01
Legacy Test Card kit containing iCLASS & HID Prox cards
Includes 1 x standard iCLASS card and 1 x HID Prox card. Note: This part is included in the evaluation kit – order this part as additional or replacement cards.
6712-311-01
PIV Audit Cards
Includes a mix of 23 PIV and PIV-I cards 21 of which have altered data that would, if not detected, result in an access control system compromise. Includes CA
certificates, CRL and a User Guide.
01-0034-01
Page 8 of 11
© 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
May 2013
pivCLASS How to Order Guide – D00456, A.4
Certification Training Course
Sign-up for pivCLASS certification training using part numbers on this page. Only certified resellers are authorized to sell pivCLASS Authentication Modules and
Validation Servers. Use this training course to become a certified reseller.
Description
Part Number
pivCLASS Certification Training and Materials – HID Facility
Three day training session leading to pivCLASS certification performed at the HID Facility.
6712-914
Includes course and materials. Does not include travel expenses.
pivCLASS Certification Training and Materials – Customer Facility
Three day training session for up to 10 people leading to pivCLASS certification performed at the
Customers facility.
6712-915
Includes course and materials. Does not include travel expenses.
pivCLASS Certification Training and Materials - Customer Facility
Includes cost associated with Travel and Expenses for training at the Customer's Facility.
May 2013
PIV-TRAIN-xxxx
© 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page 9 of 11
pivCLASS How to Order Guide – D00456, A.4
Reader Programming Cards
Reader programming cards are used to reconfigure a reader to a desired target configuration by using Reader Configuration Cards. Firmware Update Cards can be
used to reload the reader with the latest version of firmware. Contact HID Technical Support (https://support.hidglobal.com) to ensure selecting the proper configuration
card extension.
Reader Configuration Cards
Part Number
Description
Base Part No.
1
2
iCLASS Security Keys
Configuration Card Extension
Reader Mode and Output Configuration Settings
Use these part numbers to order configuration cards to change reader modes (e.g.,
Wiegand to PAM) and output formats (e.g., 200 bit Wiegand).
Includes reader configuration programming card and instructions
SEC9X-CRD-
0 = Standard
E = Elite
-XXXX = Specific configuration1
Reset Beeper / LED, Keypad and IPM to Factory Defaults
Use these part numbers to order configuration cards to reset reader settings to factory
defaults.
Includes reader configuration programming card and instructions
SEC9X-CRD-
0 = Standard
E = Elite
-0000 = Factory configuration (Rx models)2
-0001 = Factory configuration (RPx models)
-0002 = Factory configuration (RKx models)
-0003 = Factory configuration (RPKx models)
Contact your HID Global Support representative (https://support.hidglobal.com) to determine your specific configuration extension.
Factory Default configurations include: LED normally red, beep on and flashes green on read card; keypad data = buffer one key, no parity, 4 bit message, Intelligent Power Management = Off; Prox reads 125 kHz HID Prox,
AWID, Indala (ASP10022), EM4102.
Firmware Update Cards
For updating reader interpreters and other functionality to the latest firmware version over an RF interface.
Part Number
Description
Programming Cards – Firmware
Base Part No.
Firmware Update Cards
Includes latest version of reader firmware on a RF programming card and instructions.
1 Contact
SEF9X-UPG-
iCLASS
Security Keys
0 = Standard
E = Elite
Version
E = Rev E Version
Update Card Extension
-XXXX1
your HID Support Representative (https://support.hidglobal.com) to obtain the Firmware Update Card extension.
Page 10 of 11
© 2007-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
May 2013
pivCLASS How to Order Guide – D00456, A.4
Reader Accessories
Part Number
Description
Mounting Plates, Spacers, Screws and Accessory Kits
R10 (or equivalent size model) Mini-Mullion Reader Mounting Plate, Any Color
6303-104-01
R15 (or equivalent size model) Mullion Reader Mounting Plate, Any Color
6309-103-01
R30 (or equivalent size model) EU/Asian Reader Mounting Plate, Any Color
6402-103-01
R40 (or equivalent size model) Wall Switch Reader Mounting Plate, Any Color
6403-109-01
R10 (or equivalent size model) Reader Spacer, Black
6132AKB
R10 (or equivalent size model) Reader Spacer, Gray
6132AGB
R15 (or equivalent size model) Reader Spacer, Black
6132AKC
R15 (or equivalent size model) Reader Spacer, Gray
6132AGC
R30 (or equivalent size model) Reader Spacer, Black
6132AKD
R30 (or equivalent size model) Reader Spacer, Gray
6132AGD
R40 (or equivalent size model) Reader Spacer, Black
6132AKE
R40 (or equivalent size model) Reader Spacer, Gray
6132AGE
RK40 (or equivalent size model) Reader Spacer, Black
6132AK
RK40 (or equivalent size model) Reader Spacer, Gray
6132AG
RKCL40 (or equivalent size model) Reader Spacer, Angle Right, Black
6132AKK
RKCL40 (or equivalent size model) Reader Spacer, Angle Left, Black
6132AKL
RKCL40 Wall Plate, two piece, Black
6714-119-01
RKCL40 Mounting Plate for two piece Wall Plate, Black
6714-305-01
Security Screw
400-2D71-06
Reader Accessory Kit (includes terminal blocks, screws and installation guide)
6700-300-02
Reader Accessory Kit (includes terminal blocks, screws and installation guide for reader with side car)
6714-306-04
May 2013
© 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page 11 of 11