Installer Quick Guide
Welcome,
We at IDFACTORS have worked hard to make the installation task easy because we understand you may be dealing with an impatient customer or a challenging environment. We make it our business to ship Readers configured to the installation, but there are times when we just do not get the needed information. We are here to help.
This short GUIDE will help you to understand and install an IDFACTORS Reader. If you have installed HSDP-12 access systems that use the PIV or CAC card, you probably know the information provided herein. If not, the below will be of value for a successful installation.
How to install an IDFACTORS Reader
Reader connections are provided on both a screw terminal block and an RJ-45 socket suitable for a pre-terminated cable (shown in the diagram below). The terminal block is detachable for easy wiring.
A brief Introduction to CAC and PIV Cards
The CAC and PIV are identical when it comes to physical access. Each contains a FIPS-201 applet with a few secured features like public key certificates and a biometric template. There is also a unique identifier for physical access called the FASC-N (the Federal Agency Smart Credential Number).
The FASC-N is a 32-digit decimal number of which the first 16-digits are unique and represent the agency, department and person that issued a Card. It is commonly used in PACS as the personal identifier. It is vital that any access system using the CAC or PIV be able to process a minimum of 64-bits to assure the full FASCN can be processed. Most modern access systems are capable of 200 bits.
How CAC and PIV Cards Work
These cards are issued by the Federal Government to employees and “permanent” contractors. The card has a secure chip and can be used in both Contactless and Contact modes.
Contactless use requires the card be held about 1” from the reader for about 1 second. Note it takes a bit more time than other less secure cards because more data is being read.
Contact use requires the card to be inserted into the reader with the chip up and facing you.
NOTE 1: The owner of every CAC or PIV card selected a PIN to “unlock” their card for computer access. Federal standards require the same PIN be used for door access. The PIN is sent from the Access Reader directly to the card. A user Pin stored in the System Panel does not meet Government Guidance. However, IDFACTORS Readers can be set to support this non-approved use case.
NOTE 2: Since the PIN is sent directly to the card, it can only be used when the CAC or PIV is inserted into the Reader’s Contact Connector.
NOTE 3: The CAC card “locks” after 3 incorrect PIN attempts. PIV cards behave similarly and lock after 4 to 6 incorrect PINs. IDFACTORS Readers will not submit a PIN if there is only one attempt left on the card’s PIN retry counter. The retry counter is automatically reset after a good PIN entry. See Error Table below.
How IDFACTORS Readers Work
1-Factor Readers do not have a keypad. They can be ordered as Contact-only, Contactless only, or Dual Interface (work both Contact and Contactless which is great for redundancy).
2-Factor Readers have a keypad and are preferred for higher security because the user must know the PIN to “unlock” their card. The 2-Factor Readers can be configured to operate in 1-Factor mode or in 2-Factor mode. Note that IDFACTORS 2-Factor Readers are shipped from the factory in the more secure 2-Factor Mode at the request of the Government.
If the Reader is to operate in 2-Factor mode, skip directly to Paragraph X below.
Setting the Reader to 1-Factor Mode
The security mode can be changed to 1-Factor in 2 ways:
- Using the IDFACTORS ReaderConfig application, from the Command Line type CMD>SM 1F
- Alternatively, the MODE input on the reader’s signal connector can be used to change to 1-Factor by adding a strap wire between positions 1 and 2 on the terminal block.
The MODE input also allows the mode to be controlled via a signal from the PACS panel. This enables the mode to be dynamically switched according to security levels defined by the time of day, day of the week, or threat level.
Testing the Reader – Access System Interface
Now that you have the Reader set to the desired security mode and Wiegand format, you can test the functionality. Note that you will need a CAC, PIV or PIV Compatible card and you must know the PIN to the card, which will be 4 to 8 digits. Proprietary proximity and contactless smart cards will not work! Also note that the test card must be enrolled into the PACS system and authorized for access in order for the door to open.
Once you have a card, do the following:
- For 1-Factor contact, insert the card into the contact slot (chip up and facing you) and you should see the Green LED flash briefly and the door open
- For 1-Factor contactless, hold the card about ½ inch from the front of the Reader and you should see the Yellow LED turn on for about 1-second and you should see the Green LED flash briefly and the door open.
- For 2-Factor Readers, insert the card into the contact slot (chip up and facing you) and you will see the Yellow LED turn on. Enter the PIN, then press ETR and the Green LED should flash briefly and the door open. Note the Yellow LED will flash as PIN is entered.
If you do not have success, do not immediately blame the Reader. Experience has shown us that it could be the Test Card, the settings in the access system or wiring somewhere in the panel. First check the following:
- If the Green LED on the Reader flashed Green (and beeped) then the Card was read successfully and the FASCN was sent to the access system panel. If the door did not open, then the panel wiring needs to be checked and the Wiegand format in the system needs to be checked against the Reader format using ReaderConfig.
- If the LEDs on the Reader exhibit a different LED sequence, check the table below to see if the cause can be determined:
