HID pivCLASS PACS (Physical Access Control System) Service integrates with Security Center, so that you can use PIV credentials on Mercury LP4502 controllers.
Configuration overview
The PACS Service can be installed on the same server as Security Center, or on a separate server. For more information, see the pivCLASS Installation Overview Guide from HID.
Hardware architecture
HID pivCLASS embedded authentication allows for strong authentication of smart cards using the pivCLASS embedded authentication module installed on the Mercury LP4502 controller. Up to 16 readers per LP4502 are supported when in this mode.
The authentication module authenticates credentials according to the assurance profile assigned to the reader. Credentials are first authenticated and registered using the HID Registration Engine, which also creates a cardholder and credential in Security Center.
When a compatible PIV, PIV-I, CAC, CIV, or TWIC smart card is presented to a pivCLASS OSDPv2 reader, it is authenticated by the pivCLASS embedded authentication module, using the assurance profile assigned to that reader. Access is granted when the certificates are authenticated and the card is deemed valid. The embedded authentication modules and associated assurance profiles are managed by HID Reader Services, which is part of the HID pivCLASS PACS Service.
The HID Certificate Manager periodically revalidates cached certificates of registered credentials and updates their status according to external certificate issuers and authoritative sources, such as Federal PKI Bridge Certification Authorities, TWIC CCL (Canceled Card List), OSCP/SCVP responders, and LDAP Directory servers.
The cardholder and credential status is updated automatically when the HID Certificate Manager performs its scheduled validation.
For a network and data flow diagram, see Security Center Network Diagram - HID pivCLASS.