A New Life for an Old PACS.

EXOPACS tools can transform a PACS using legacy Prox and Mag-stripe credentials into an open, secure PIV-based platform that is forward compatible to OSDP and FICAM compliance.

Why it Matters:

  • Up to 50% of the access cards in the world today are still insecure 125 KHz Prox or Mag-swipe technology.  
  • These cards can be easily cloned at one of 3,000 retail kiosks in the U.S. or by using a device that is available on Amazon for under $20.00.  
  • It would be fool’s gold to migrate to OSDP and not upgrade the legacy cards to a more secure technology.  
OSDP was not designed to protect against entry by a cloned card. 

50% of all legacy Prox and Mag-stripe access cards in use today are insecure

They can be easily cloned

OSDP does not detect them

Many Chip Cards have manufacturer specific private keys that make them sole source

PIV is The one open platform secured by a Public Key Certificate that the enterprise can control


The Advantages of PIV:

  • PIV is a widely available open card platform that is based on PKI certificates, making Prox, Mag-stripe and proprietary chip cards obsolete.  PIV puts the enterprise in control of their access cards.
  • PACSIDTM cards from IDFACTORS are based on the FIPS-201 PIV standard and can be secured with a self-signed or trusted 3rd party PKI certificate.
  • Any standard FIPS-201 card reader can read a PIV card in low security mode. IDFACTORS Readers also cryptographically validate the PKI certificate, assuring it was issued by a trusted source and has not been tampered with.  

How it Works:

EXOPACS works alongside your PACS to add strong authentication of PIV-capable credentials.  It can also create PIV-I and PACSIDTM cards, validate certificate status of Government-issued PIV cards and interface with leading PACS to enroll most PIV-capable cards. There are 4 components to EXOPACS.  Below is a brief description of each.


IDFACTORS PIV Door Access Readers support both Wiegand and OSDP and include a native cryptographic PKI challenge-response to the CAK and check of the digital signature on the certificate, authenticating the card is genuine.  

Readers are available in 1-Factor, 2-Factor and 3-Factor BIO models.

PACSIDTM Credentials are PIV-capable and include a FIPS-201 applet with a Public Key Certificate and an embedded FASCN, GUID and/or a legacy card identifier.  

EXOPACSTM Card Transformer is a highly functional desktop workstation that can read Prox or Mag-stripe legacy cards and seamlessly create a PIV-I or PACSID card bearing the identifier data from the legacy card. 

Replicating the legacy identifier on the PACSID Card eliminates the tedious process of re-enrolling the user with a new identifier.  The card creation process takes just seconds.  

The Transformer can be loaded with a self-signed or trusted 3rd-party PKI signing certificate, ensuring only cards issued by the Transformer are granted access.

The Transformer can operate stand-alone to create PACSID duplicates of legacy card identifiers as well.  Alternatively, it can be connected to the EXOPACS Manager Application for additional functionality that includes creating PIV-I cards, enrolling PIV-capable cards into a PACS and validating PIV card status via OCSP.
EXOPACSTM Manager Application connects to the Desktop Transformer and provides a seamless card management experience.  It integrates 4 tasks that are essential in operating a PACS that utilizes PIV, and PIV-capable credentials. These include: 

  • Creating new PIV-I cards, 
  • Transforming legacy Prox and Mag-stripe cards to PACSID cards
  • Enrolling cards into a PACS including non-PII information and PIV certificate status 
  • Validating PIV certificate status of Government-issued PIV credentials by OCSP.
1-Factor Access Reader

with PACSID Credential

FIPS-201 Contactless Reader
Card Transformer WorkStation with 4-Line OLED Display and USB Interface
EXOPACS Application

Manages PIV, PIV-I and PACSID Cards


OSDP defines a secure, 2-way communication protocol between access readers and controllers.  It is a clear upgrade over Wiegand.

OSDP requires replacement of the PACS hardware and software, which can be too expensive for customers on a limited budget.  

Those system owners may want to consider EXOPACS, which can significantly de-risk the security profile of a PACS using legacy cards, whether the system is Wiegand or OSDP based.  

By moving to PACSID cards and authenticating readers on critical doors, rogue cards will be detected and rejected, greatly improving security on a manageable budget.  And the expense of OSDP can be deferred. ChatGPT arrived at the same conclusion by stating “cards can be lost, stolen or duplicated more easily than readers can be tampered with.” 

Get custom pricing and
delivery information.

We solve problems.
How can we help?