Configuring HID PIV authentication on a Mercury LP4502 controller - Security Center 5.9 | Synergis™ Softwire

HID pivCLASS User Guide for Security Center 5.9

Applies to
Security Center 5.9 | Synergis™ Softwire
Last updated
2021-12-22
Content type
Guides > User guides
Language
English (United States)
Product
Security Center
Version
5.9

Personal Identity Verification (PIV) is a credential specified by the US government's Federal Information Processing Standard Publication 201 (FIPS 201), which specifies cryptographic key sizes, algorithms, biometrics, and best practices in physical access control.

Before you begin

Procedure

  1. Upload the Mercury firmware onto the Synergis™ unit:
    1. On the GTAP Product Download page, select the latest version of Synergis™ Softwire from the Download Finder list, and download the latest .sfw file listed in the Third Party Firmware Packages section.
    2. Save the .sfw file on your local drive.
    3. Log on to the Synergis™ unit.
    4. Click Maintenance > Softwire upgrade.
    5. Click Select upgrade file.
    6. In the file browser that opens, select the .sfw firmware file, and click Open.
    7. Click Upgrade now.
  2. For Synergis™ Softwire 11.1 and later, change the database layout to the Ficam layout by doing the following:
    1. Log on to your Synergis™ unit, and click Configuration > Mercury controller settings.
    2. Expand the Database layout settings section, select Ficam from the list, and click Save.
    3. Perform a software restart on the Synergis™ unit.
  3. For Synergis™ Softwire versions earlier than 11.1, change the database layout to the Ficam layout by doing the following:
    1. Log on to your Synergis™ unit, using the following URL:
      https://<IP address>/MercuryEP/UnitWide/DefaultDbSettings/Set?value=FicamLayout
      NOTE: <IP address> is the IP address of your Synergis™ unit.
    2. On the redirect page that opens, click the link to apply the database layout change.
    3. Perform a software restart on the Synergis™ unit.
  4. Log back on to your unit using the following URL:
    https://<Synergis™ Cloud Link IP address>/MercuryEP/FirmwareVersions
  5. On the FirmwareVersions page, click Install PivClass embedded auth package <version>, where <version> is the latest firmware version.
    Installing and enabling the plugin can take a few minutes.
  6. Perform a software restart on the Synergis™ unit.
  7. For Synergis™ Softwire 11.1 and later, enable HID pivCLASS:
    1. Log back on to your Synergis™ unit, and click Configuration > Mercury controller settings.
    2. Expand the Auxiliary authentication module section, select PivClass from the list, and click Save.
    3. Perform a software restart on the Synergis™ unit.
  8. For Synergis™ Softwire versions earlier than 11.1, enable HID pivCLASS:
    1. Go to the following:
      https://<IP address>/MercuryEP/UnitWide/AAM/Set?value=HIDPivCLASSEmbeddedAuth
    2. On the redirect page that opens, click the link.
    3. Perform a software restart on the Synergis™ unit.
  9. In Config Tool, create a door and associate the hardware to it.
  10. Create a custom field for DoorInReaderType, and another for DoorOutReaderType:
    1. From the Config Tool home page, open the System task, and click the General settings view.
    2. Click the Custom fields tab, and click Add an item ().
    3. In the Add custom field dialog box, configure the following:
      Entity type
      Select Door.
      Data type
      Select Numeric.
      Name
      Create one custom field named DoorInReaderType, and the other named DoorOutReaderType.
      Default value
      Set to 0.
      Group name
      Enter a name for the section that the two custom fields are grouped under. For example, Mercury reader mode.
      Priority
      Set to 1.
    HID pivCLASS uses the following default values:
    0
    No pivCLASS-Embedded (Default setting)
    1
    CHUID (TWIC)
    2
    CAK (TWIC)
    3
    CHUID + BIO (TWIC)
    4
    CHUID + CAK + BIO (TWIC)
    5
    CHUID (PIV)
    6
    CHUID + PIN (PIV)
    7
    CHUID + PIN + BIO (PIV)
    8
    CAK (PIV)
    9
    CHUID + CAK (PIV)
    10
    CAK + BIO (PIV)
    11
    Card ONLY (no PKI)
    12
    Card + PIN (no PKI)
    13
    Card + PIN + PACS PIN (no PKI)
    14
    Card + PIN + BIO (no PKI)
  11. In the Area view task, click the door's Custom fields tab.
  12. Set the custom field values for the reader types to 6 or 8.
    NOTE: Types 6 and 8 are the ones we have tested.