Supporting PIV I Cards

How to determine if your physical access control system supports the solution

  • By Bob Fontana
  • Jun 01, 2012

When your physical access control system (PACS) manufacturer tells you its system supports PIV-I “end-to-end,” you might want to do some additional digging to make sure you both agree as to what that really means. Legacy PACS designed for proximity cards (or even PIV cards) are unlikely to support PIV-I cards without specific upgrades for handling 128-bit identifiers. Just because a PACS supports PIV cards doesn’t mean it supports PIV-I cards. In a plug-and-play world, it may be your job to ensure that each component is capable of PIV-I.

PIV Card Identifiers

The identifier on a PIV card is the 32-digit Federal Agency Smart Credential Number (or FASC-N). The FASC-N, found in the card’s CHUID container, is a “smart number” consisting of nine fields.

The first five FASC-N fields—16 binary coded digits—are sufficient to uniquely identify every federally issued credential. That means that physical access control systems may safely use the first 16 digits of the FASC-N as the card identifier without concern for duplicates. The largest possible 16-digit identifier would therefore be 9,999,999,999,999,999, which happens to require 54 bits. Most access control panels cannot store a value as large as this as a single number. Instead, they employ schemes that split the value into two or three logical parts. A common method is to concatenate the agency code, system code and credential number (14 digits), forming one number, and the credential series code and individual credential issue (2 digits), forming another number. Another method is to combine the agency code and system code into a number represented as the traditional “facility code” and store the credential number as the traditional “card number.”

This is often done to avoid updating panel firmware and head-end software to support larger identifiers.

PIV-I Card Identifiers

PIV-I cards are intended for non-federal issuers. The number of organizations that could potentially deploy it is so large that the agency code-system code-credential number method used by PIV cards would not work. Therefore, with PIV-I, the FASC-N can no longer be used as the card identifier. In fact, the first 14 digits of the FASC-N on a PIV-I card are all 9s.

Therefore, if a system can read only a partial FASC-N, all PIV-I cards would appear the same.

PIV-I credentials must use a different numbering system called the globally unique identifier (GUID), which also is found in the CHUID container. The construction of the GUID has some important properties that impact physical access control systems. A GUID is generated in a way that ensures uniqueness across the planet, even if the machine generating it is “off the grid.” The GUID is always 128 bits, which is more than double the size of the 16-digit truncated FASC-N.

The Reader

The reader must be able to recognize that the credential is a PIV-I card. The correct way for the reader to do this is to read the CHUID and check the first 14 digits of the FASC-N. If it is not all 9s, it then outputs the FASC-N. If it is all 9s, it outputs the GUID. The panel must be able to accept cards of both formats—FASC-N or GUID.

The Panel

PIV-I credentials require the control panel and the head end to store larger values for identifiers. These values can still be broken into smaller pieces for ease of storage, but because the GUID is a series of 128 bits rather than a string of binary coded digits, the panel must employ a different method for splitting a GUID received from a reader.

Splitting must be done by bits, not digits. When a PIV-I GUID arrives on the reader port, the panel must split the GUID and compare it with pieces of GUIDs previously received from the head end.

The Head End

Because head-end computers usually have larger memory capacities and more sophisticated database engines, the PIV-I GUID can often be stored as a single 128-bit value. In fact, Microsoft SQL Server supports the GUID as a data type. Regardless, head-end software must be able to accept a GUID as card identifier from the enroller and must be able to send the complete GUID to the panel. The panel must be capable of storing the GUID in a way that it can quickly be compared with the GUID arriving on a reader port.

Remember, there are many things to keep in mind when determining if your PACS supports PIV-I “end-to-end” and whether your access control system truly has the capability to support PIV-I cards.

This article originally appeared in the June 2012 issue of Security Today.

Featured

  • Security Industry Embraces Mobile Credentials, Biometrics and AI, New Trends Report From HID Finds

    As organizations navigate an increasingly complex threat landscape, security leaders are making strategic shifts toward unified platforms and emerging technologies, according to the newly released 2025 State of Security and Identity Report from HID. The comprehensive study gathered responses from 1,800 partners, end users, and security and IT personnel worldwide, and reveals a significant transformation in how businesses are approaching security, with mobile credentials and artificial intelligence emerging as key drivers of innovation. Read Now

  • UK’s NHS Hospital Transforms Security with Edge-processing Camera System

    i-PRO Co., Ltd.,(formerly Panasonic Security), a manufacturer of edge computing cameras for security and public safety, recently announced that a leading teaching hospital in Northeast England, has enhanced its security infrastructure with i-PRO X-Series cameras integrated with Milestone’s XProtect Video Management Software (VMS). Read Now

  • Gun Violence Report Finds Retail Spaces, K-12 Schools Most Targeted

    ZeroEyes, the creators of the only AI-based gun detection video analytics platform that holds the U.S. Department of Homeland Security SAFETY Act Designation, today announced the release of its annual Gun Violence Report, offering a deep dive into the landscape of gun-related incidents across the United States. This analysis extends beyond mass fatality events, providing a more nuanced understanding of when, where, and why shootings occur. Read Now

  • Agentic AI Will Revolutionize Cybercrime in 2025 According to New Report

    Malwarebytes, a provider in real-time cyber protection, recently released its 2025 State of Malware report, which reveals insight into the emergence of agentic artificial intelligence (AI), plus the year’s most prominent threats and cybercrime tactics. The report details a significant uptick in the number of known ransomware attacks, the total value of ransoms paid in 2024, and how IT teams can address them. Read Now

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.