Enabling PIV Card With VCI Capabilities Using a Pairing Code

Overview

Virtual Contact Interface (VCI) is a secure messaging protocol defined by the PIV standard. It enables the use of a PIV card over a contactless interface, replicating the familiar experience of using a contact reader. Without VCI, the functionality of a standard PIV card over contactless is limited.

Important:

  • Starting from version 8.0.0, ActivClient now offers support for Virtual Contact Interface (VCI).

  • Supported contactless cards compatible with VCI:

    • Idemia ID-One Cosmo v8.1 with PIV 2.4.1

    • Idemia ID-One Cosmo v8.2 with PIV 2.4.2

Establishing Secure Messaging

VCI initiates a secure messaging session between the card and computer (middleware). This session relies on a certificate stored on the card. Optionally, it can include verification of a Pairing Code, an 8-digit number known to the cardholder.

The Pairing Code is not as confidential as a PIN and can be printed on the card or provided in a PIN letter. The computer is expected to cache the Pairing Code for pairing purposes.

The Pairing Code can also be read from the card via the contact interface, requiring the entry of a PIN. See Accessing the Pairing Code.

Activation With ActivClient User Console

This procedure requires you to launch the ActivClient User Console.

When an VCI-enabled card is placed on a contactless interface, the ActivClient User Console requests the entry of the Pairing Code. If the user possesses the Pairing Code, they can input it, and it will be cached.

Subsequently, the card functions as if it were a contact card, mimicking the familiar user experience.

Accessing the Pairing Code

The following procedure outlines the steps to access the Pairing Code on dual-interface cards, ensuring secure and controlled access to this information:

  1. Ensure you have a dual-interface PIV card, as this procedure applies specifically to this card type.

  2. Insert your dual-interface card into the contact slot of the card reader.

  3. Launch the ActivClient User Console on your computer or device.

  4. Navigate to Tools > View Pairing Code.

  5. The action triggers a prompt requesting your PIN. Enter your PIN as required.

  6. After successful PIN entry, a window will appear displaying the Pairing Code.

    Note: You will also be presented with an option to cache the Pairing Code for future use.

  7.