Configuring Device Policies

Device policies enable organizations to enforce uniform applications and device policies on a per-user-group basis. A device policy defines the information used to personalize applications on a device during device issuance or device update.

In the device profile, you can define and personalize the application types that are contained on a device. Some examples of application types are:

• PIN Personal Identification Number,

• PKI PKI describes the laws, policies, standards, and software that regulate or manipulate certificates and public and private keys.,

• SKI Symmetric Key Infrastructure,

• Generic Container A Generic Container (GC) applet is used to store static data on devices. The applet treats all data as opaque or generic and never attempts to assign any meaning to the data with which it is dealing.,

• OATH Open Authentication , and

• VCI Virtual Contact Interface.

A specific container is created in the device profile to store the certificate trust chain(s), which are imported from .p7b and .cer files present in a folder specified in the device profile as cacert_path. For details about configuring certificate trust chains, refer to the HID ActivID Credential Management System Device Profiles and Hardware Devices Technical Note.

Define the device policy on the Policies page. Each device can have only one policy at a given time. For example, for a PKI application you can define:

• Name of the CA The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networks environment. who will issue the digital certificate,

• Certificate Template to be issued, and

• Size of the PKI keys associated with the certificate.

Topics in this section: