FIPS-PIV card invalid attempt FIPS-PIV Credential Not Valid.

Issue

Presenting FIPS-PIV credential at the door results in Invalid Attempt, FIPS-PIV Credential not valid.

Product Line

Andover Continuum

Environment

CyberStation

ACX5740

CX9680

Cause

Either the credential number or the Individual Credential Issue field (or both) has a value of zero.

Continuum does not allow zero in the credential number for any of the supported FIPS-201 card format types (FIPS-75, FULL-FASCN etc)

Continuum does not allow zero in the Individual Credential Series (ICI) field for any FIPS-201card format  type that includes the ICI field such as FULL FASCN

The card may have not been programmed correctly.

Resolution

1. Upgrade controller firmware. The controller FW has been updated to allow zero in the Individual Credential Series (ICI) field. Credential number ZERO remains INVALID.

CX9680 version 2.100048 or greater.

ACX57xx version 1.100052 or greater.

2. Use FIPS-PIV credentials that have non zero values in the credential number and the individual credential issue.

OR

3. In the PIVReaderFormat system variable in the controller, configure the format specifying that the field (or fields) be ignored. ****

**** IMPORTANT

Be aware that ignoring a field such as the Individual Credential Issue (ICI) may result in an otherwise invalid card to be granted access. For example, if a card with ICI set to 1 is lost and replaced with a card with ICI set to 2 but with all other FASCN field identical, the controller will grant access to both cards if configured to ignore the ICI field.

For example, for a reader that outputs a 200 bit FULL FASC-N card signal configure the door like this...

And set the PIVReaderFormat like this

SS-Agency+System+Credential+SF+SF+PI-OC-OI-POA-ES-LRC (Note the SF token instructing the controller to skip the field when performing the card validation)

NOTE:

When the door configuration changes the controller automatically resets PIVReaderFormat based on the value of the door's card format, to keep the value of PIVReaderFormat at the proper custom value it is necessary to create a PE program in the controller.

The program should be triggered by the PIVReaderFormat system variable.