Auxiliary Authentication Module (AAM)


Overview

Beginning in Access It! Universal.NET 6.2, support has been added to run an Auxiliary Authentication Module (AAM) within the EP/LP-4502 Controllers. This engine may be used for the purpose of doing extended authentication against credentials. This is very useful in properly authenticating Personal Identity Verification (PIV) and similar credentials related to FICAM.

Support for the AAM is only available within the EP-4502 and LP-4502.
Only 16 readers can be supported by a single EP-4502 using the AAM.

Required Components

The following components are required to complete the integration.

  • Access It!® Universal.NET min s/w v6.2.0.1
  • HID pivClass Workstation  (tested with s/w v1.4.2.0)
  • HID pivClass PACS Service Administration (tested with s/w v1.4.2.0)
  • One of the following controllers:
    • EP-4502 min f/w 1.257
    • LP-4502 min f/w 1.257
  • EP/LP pivCLASS firmware add-on min f/w 5.4.126
  • HID pivCLASS reader configured for half-duplex OSDP communication

HID pivCLASS software

The HID pivCLASS software is a separate application from the Access It! Universal.NET. The HID pivCLASS workstation is used to enroll credentials into the Access It! Universal.NET database and the pivCLASS PACS Service Administration is used to communicate to the EP/LP-4502's AAM. Prior to configuring the EP/LP controller, the HID pivCLASS service administration must be pre-programmed to accept a connection from the EP/LP's MAC address. 

EP/LP-4502 Configuration

pivCLASS firmware add-on

The Panel Utility is required to download the necessary firmware file. To obtain the firmware required for the pivCLASS firmware add-on contact RS2 Technical Support.

  1. On the EP/LP-4502 set S1 - Configuration DIP Switch DIP 2 ON
  2. Apply power to the EP/LP-4502 controller
  3. Manually configure a computer to 192.168.0.100
  4. Using a crossover cable, connect computer to the on-board NIC of the EP/LP-4502
  5. Open the Panel Utility (Start | Programs | Access It! Universal.NET | Client Utilities)
  6. Click the Attach button
  7. Select model EP/LP-4502 96MB
  8. Select Comm Type TCP/IP
  9. Select Address 0
  10. Enter IP Address 192.168.0.251
  11. Select TCP Port 3001
  12. Click OK
    Once connected, the lower right icon will report Online
  13. Select Download SCP Firmware
  14. Navigate to the pivCLASS firmware add-on file
  15. Click Open
  16. Wait 90 seconds for firmware download to complete
  17. Click Detach
  18. Power down EP/LP-4502

EP Web Browser

  1. On the EP/LP-4502 set S1 - Configuration DIP Switch DIP 2 ON
  2. On the EP/LP-4502 set S1 - Configuration DIP Switch DIPs 1, 3 & 4 OFF
  3. Apply power to the EP/LP-4502 controller
  4. Manually configure a computer to 192.168.0.100
  5. Using a crossover cable, connect computer to the on-board NIC of the EP/LP-4502
  6. Open a web browser and navigate to 192.168.0.251
  7. On the EP/LP-4502 set S1 - Configuration DIP Switch DIP 1 ON
  8. Click Click Here to Login
  9. Click Continue to this website (not recommended).
  10. Enter a Username of admin
  11. Enter a Password of password
  12. Click Network from the left hand menu
  13. Under the section Interface 1, select Use Static IP configuration:
    • IP Address: <Set accordingly>
    • Subnet Mask: <Set accordingly>
    • Default Gateway: <Set accordingly>
  14. Click Accept
  15. Click Host Comm from the left hand menu
  16. Within the Data Security drop list, select TLS if Available
  17. Click Accept
  18. Click Auto-Save from the left hand menu
  19. Set the Card Database Size accordingly
  20. Click the pivCLASS Embedded Auth from the left hand menu
  21. Enter the IP Address of the machine hosting the HID pivCLASS PACS Service
  22. Enter port number used by the HID pivCLASS PACS Service
    Default port used is 10200
  23. Select (check) the Encrypt Communication using TLS/SSL if needed by the HID pivCLASS PACS Service
  24. Click Test Communication to verify settings
  25. Click Apply Setting from the left hand menu
  26. Click Apply, Reboot button
  27. Wait 60 seconds for EP/LP controller to reboot
  28. Remove power from the EP/LP controller
  29. Set all S1 - Configuration DIP Switch DIPs OFF
  30. Apply power to the EP/LP controller

Access It! Universal.NET

  1. Within Access It! Universal.NET, create a new IP Server Channel
  2. Within Access It! Universal.NET, create a new EP/LP-4502 with the specified amount of memory from the web configuration
  3. Select the Aux authentication module type of pivCLASS Embedded Auth (HID)
  4. Configure the Comm tab to use the new Channel and the IP address added within the the web configuration
  5. Click OK
  6. Click Save

Reader Configuration

  1. Within Access It! Universal.NET, edit a reader installed under the EP/LP-4502
  2. Within the Reader Settings tab select the Reader type of OSDP
  3. Within the Reader Settings tab select the default Authentication check to be used
  4. Click Save

Additional Information

Aside from a the default mode configured within the reader settings tab, the Authentication checks can also be set through Tasks or by sending a direct command to the reader.

Beginning with Access It! Universal.NET 7.0 the ability to use custom assurance profiles has been added. To add a new format, the database table ReaderAssuranceProfiles must be added to using the ProfileID from the pivClass server.


  • 685
  • 21-Jun-2019
  • 922 Views