A New Life for an Old PACS.
EXOPACS tools can transform a PACS using legacy Prox and Mag-stripe credentials into an open, secure PIV-based platform that is forward compatible to OSDP and FICAM compliance.
Why it Matters:
- Up to 50% of the access cards in the world today are still insecure 125 KHz Prox or Mag-swipe technology.
- These cards can be easily cloned at one of 3,000 retail kiosks in the U.S. or by using a device that is available on Amazon for under $20.00.
- It would be fool’s gold to migrate to OSDP and not upgrade the legacy cards to a more secure technology.
50% of all legacy Prox and Mag-stripe access cards in use today are insecure
They can be easily cloned
OSDP does not detect them
Many Chip Cards have manufacturer specific private keys that make them sole source
PIV is The one open platform secured by a Public Key Certificate that the enterprise can control
The Advantages of PIV:
- PIV is a widely available open card platform that is based on PKI certificates, making Prox, Mag-stripe and proprietary chip cards obsolete. PIV puts the enterprise in control of their access cards.
- PACSIDTM cards from IDFACTORS are based on the FIPS-201 PIV standard and can be secured with a self-signed or trusted 3rd party PKI certificate.
- Any standard FIPS-201 card reader can read a PIV card in low security mode. IDFACTORS Readers also cryptographically validate the PKI certificate, assuring it was issued by a trusted source and has not been tampered with.
How it Works:
EXOPACS COMPONENTS
IDFACTORS PIV Door Access Readers support both Wiegand and OSDP and include a native cryptographic PKI challenge-response to the CAK and check of the digital signature on the certificate, authenticating the card is genuine.
Readers are available in 1-Factor, 2-Factor and 3-Factor BIO models.
PACSIDTM Credentials are PIV-capable and include a FIPS-201 applet with a Public Key Certificate and an embedded FASCN, GUID and/or a legacy card identifier.
EXOPACSTM Card Transformer is a highly functional desktop workstation that can read Prox or Mag-stripe legacy cards and seamlessly create a PIV-I or PACSID card bearing the identifier data from the legacy card.
Replicating the legacy identifier on the PACSID Card eliminates the tedious process of re-enrolling the user with a new identifier. The card creation process takes just seconds.
The Transformer can be loaded with a self-signed or trusted 3rd-party PKI signing certificate, ensuring only cards issued by the Transformer are granted access.
The Transformer can operate stand-alone to create PACSID duplicates of legacy card identifiers as well. Alternatively, it can be connected to the EXOPACS Manager Application for additional functionality that includes creating PIV-I cards, enrolling PIV-capable cards into a PACS and validating PIV card status via OCSP.- Creating new PIV-I cards,
- Transforming legacy Prox and Mag-stripe cards to PACSID cards
- Enrolling cards into a PACS including non-PII information and PIV certificate status
- Validating PIV certificate status of Government-issued PIV credentials by OCSP.
with PACSID Credential
FIPS-201 Contactless Reader
Manages PIV, PIV-I and PACSID Cards
OSDP and EXOPACSTM
OSDP defines a secure, 2-way communication protocol between access readers and controllers. It is a clear upgrade over Wiegand.
OSDP requires replacement of the PACS hardware and software, which can be too expensive for customers on a limited budget.
Those system owners may want to consider EXOPACS, which can significantly de-risk the security profile of a PACS using legacy cards, whether the system is Wiegand or OSDP based.
By moving to PACSID cards and authenticating readers on critical doors, rogue cards will be detected and rejected, greatly improving security on a manageable budget. And the expense of OSDP can be deferred. ChatGPT arrived at the same conclusion by stating “cards can be lost, stolen or duplicated more easily than readers can be tampered with.”
