CAC and PIV cards are different than older, less secure, prox and smart cards. We work hard to make it easy for you to install an IDFACTORS reader because we know you may have an impatient customer or a challenging installation. We make it our business to ship Readers configured to the installation, but there are times when we just do not get the needed information. No matter, we are here to help.
This short GUIDE will help you understand and install an IDFACTORS Reader. If you have installed HSDP-12 access systems that use the PIV or CAC card, you probably know the information provided herein. If not, the information below will be of value for a successful installation.
1.0 How to install an IDFACTORS Reader
Reader connections are provided on both a screw terminal block and an RJ-45 socket suitable for a pre-terminated cable (shown in the diagram below). The terminal block is detachable for easy wiring.
V+ | 9 -18VDC (12V nominal) | D0/D1 | Wiegand/RS485 data |
LED1 | Panel grant/deny signal | MODE | 1 or 2 factor mode select |
Wire Gauge | 22AWG | 20AWG | 18AWG | CAT5 |
Cable Distance | 200 feet (60m) | 300 feet (90m) | 500 feet (150m) | 150 feet (45m) |
2.0 A brief Introduction to CAC and PIV Cards
This Matters: The CAC and PIV work differently than old HID prox or iClass-type cards. They are programmed with data including public key certificates and a biometric template. There is also a unique identifier for physical access called the FASC-N (the Federal Agency Smart Credential Number).
The FASC-N is a 32-digit decimal number of which the first 16-digits are unique and identify the agency, department and person the Card is issued to. It is commonly used in PACS as the personal identifier. Be sure that any access system using the CAC or PIV can to process a minimum of 64-bits of the FASC-N. Any fewer bits will not be secure. Most modern access systems are capable of processing 200 bits.
Note there is no Site Code or Facility Code on the CAC or PIV Cards.
3.0 How CAC and PIV Cards Work Differently
The CAC and PIV cards have a secure chip that is used differently between 1-Factor Card Only and 2-Factor Card + PIN Modes:
- With a Reader in 1-Factor mode, the card can be presented by Contact (inserting the card with the chip up and facing you) or Contactless (holding the card about 1” from the reader for about 1 second).
- With a Reader In 2-Factor Mode, the card must be presented by Contact and then the PIN is entered (followed by the ETR button). The NOTES below will be helpful:
4.0 How Different IDFACTORS Readers Work
1-Factor Readers do not have a keypad. They can be ordered as Contact-only, Contactless only, or Dual Interface (works both Contact and Contactless which is great for redundancy).
2-Factor Readers have a keypad and are used for higher security because the user must know the PIN. 2-Factor Readers can also be configured to operate in 1-Factor mode.
5.0 Setting the Reader Security Mode and Wiegand Format
If the Security Mode needs to be switched to 1-Factor Mode, it can be done in firmware or hardware:
- In firmware, using the ReaderConfig application, type CMD>SM 1F from the Command Line. You can get the App by emailing customerservice@idfactors.com or by calling 510-346-1510.
- In hardware, add a jumper (strap wire) between positions 1 and 2 on the Terminal Block on the back of the Reader (see Figure above).
The Security Mode can also be dynamically controlled via a setting in the PACS panel that controls a relay that is wired to the Reader. Similar to the hardware jumper described above, closing a relay on the Panel will switch the Reader into 1-Factor Mode. The Security Mode is typically defined by the time of day, day of the week, or threat level.*
6.0 Setting the Wiegand Format
If the Reader’s Wiegand Format needs to be changed, use the IDFACTORS ReaderConfig Application*. The App will display multiple formats and the desired one is selected by typing WF xx.
7.0 Testing the Reader – Access System Interface
Now that the Reader is set to the desired Security Mode and Wiegand format, you can test the functionality. Note that you will need a CAC, PIV or PIV Compatible card and you may need to know the PIN to the card, which will be 4 to 8 digits. Proprietary proximity and contactless smart cards will not work! Also note that the test card must be enrolled into the PACS system and authorized for access for the door to open.
Once you have a card for testing, try the following:
- For 1-Factor contact, insert the card into the contact slot (chip up and facing you) and you should see the Green LED flash briefly and the door open
- For 1-Factor contactless, hold the card about ½ inch from the front of the Reader and you should see the Yellow LED turn on for about 1-second and you should see the Green LED flash briefly and the door open.
- For 2-Factor Readers, insert the card into the contact slot (chip up and facing you) and you will see the Yellow LED turn on. Enter the card’s PIN, then press ETR and the Green LED should flash briefly and the door open.
- If you do not have success, do not blame the Reader just yet. Experience has shown that it could be the Card being used, the settings in the access system, or wiring somewhere in the panel. First check the following:
- If the Green LED on the Reader flashed Green (and beeped) then the Card was read successfully and the FASCN was sent to the access system panel. If the door did not open, then the panel wiring needs to be checked and the Wiegand format in the system needs to be checked against the format setting in the Reader using ReaderConfig.
- If the LEDs on the Reader exhibit a different LED sequence, check the table below to see if the cause can be determined:
Red | Yellow | Green | Meaning | Behavior | Troubleshoot Possible Cause |
☼ S | ☼ S | ☼ S | Power On/Reset | Reader beeps and LEDs occasionally flash in sequence during testing | Reader may be re-setting: Check Power to the Reader |
☼ F | ☼ F | ○ | Card Reset Error | Red and yellow flash rapidly in sequence on Card insertion | Possible fault in Card or Reader – try another Card or Reader Combination to verify faulty item |
○ | ○ | ○ | Card Inserted | All LEDs off | |
○ | ○ | ☼ 1 | Card Read Good | Green flash briefly | |
☼ A | ☼ A | ○ | Card Error | Red and yellow toggle rapidly | Try another known good Card and try Card in another Reader to verify |
☼ | ○ | ○ | Card Expired | Red on solid | |
☼ A | ☼ A | ○ | PIN Locked | Red and yellow alternately toggle rapidly | Reset Card at PC with good PIN entry or go to PIN reset station |
○ | ☼ | ○ | PIN Request | Yellow on solid | |
☼ 1 | ○ | ○ | Pin Key Press | One red flash per key-press | |
○ | ○ | ☼ 1 | PIN Good | Green flash briefly | |
☼ A | ☼ A | ○ | PIN Bad | Red and yellow toggle rapidly | Re-enter PIN. If problem repeats reset Card at PC or go to PIN reset station |
○ | ☼ 1 | ○ | Pin Restart | One yellow flash per key-press | |
○ | ○ | ☼ | Access Granted | Green on solid after Card scan + Green flash | Check panel and wiring to door and door locking device |
☼ | ○ | ○ | Access Denied | Red on solid after Card scan + Green flash | Verify access credential and privileges in access system |
○ LED off ☼ LED on (solid)
☼ 1 LED flash once ☼ F LED flashing
☼ A LEDs alternating ☼ S LEDs flashing in sync
If you are not able to resolve your problem, Contact Customer Service at www.customerservice@idfactors.com