FIPS 201 PIV Profiles (Service Bureau)

Device Profile Name

Profile Description

Unique Identifier
(stored in the card)

Supported Devices

Supported Pre-Issuance IDs

Comments

PIV FIPS201 SB Activation Java Card – OT 2.3.2 – 2048

PIV2 Activation Profile with OT End-Point applets v2.3.2 (SP 800-73-3)

N/A

Oberthur ID-One PIV 2.3.2 on Cosmo v7

5_OCS_PIV_232_SB_TEST_OPSC_1
5_OCS_PIV_232_SB_PROD_OPSC_1
100_OCS_PIV_232_SB_PROD_OPSC_1

Card with Oberthur PIV applet v2.3.2

PIV FIPS201 SB Activation Java Card – OT 2.3.5 / 2.4.0 – 2048

PIV2 Activation Profile with OT End-Point applets v2.3.5 / 2.4.0 (SP 800-73-4)

N/A

Oberthur ID-One PIV 2.3.5 on Cosmo v8

 

Oberthur ID-One PIV 2.4.0 on Cosmo v8

5_OCS_PIV_235_SB_TEST_OPSC_1
5_OCS_PIV_235_SB_PROD_OPSC_1
100_OCS_PIV_235_SB_PROD_OPSC_1

 

5_OCS_PIV_240_SB_TEST_OPSC_1
5_OCS_PIV_240_SB_PROD_OPSC_1
100_OCS_PIV_240_SB_PROD_OPSC_1

Card with Oberthur PIV applet v2.3.5 or v2.4.0

PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048

PIV2 Activation Profile with IDEMIA End-Point applets v2.4.1 (SP800-73-4

N/A

IDEMIA ID-One PIV 2.4.1 on Cosmo v8.1

5_IDEMIA_PIV_241_SB_TEST_OPSC_1
5_IDEMIA_PIV_241_SB_PROD_OPSC_1
100_IDEMIA_PIV_241_SB_PROD_OPSC_1

Card with IDEMIA PIV applet v2.4.1
Note:  

  • For Gemalto PIV profile (that is, card with Gemalto PIV applet v1.20), it is necessary to obtain a Gemalto PIV card with configuration “USG 010”.

  • For Oberthur PIV profile, ActivID CMS 4.0 SP2 expects Cosmo card with BAP# 81758.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.2, use BAP #087282.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.5, use BAP #087420 / #087424 / #087465.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.4.0, use BAP #087434.

  • For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.1, use BAP #087484

  • For PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048 profile, PIN is numeric only.

This section applies to the profiles listed above.

These profiles activate the PIV cards personalized by the card manufacturer service bureau. The card activation In the context of ActivID, card activation refers to the unlocking of an application or GlobalPlatform locked card. This operation is usually associated with batch issuance and help desk operations. In the context of PIV, card activation implies PIN authentication to the PIV card to “activate” privileged operations. process consists of:

  • Injecting and generating the PKI credentials (PKI 1024 or 2048),

  • Swapping the Card Manager keys,

  • Swapping the PIV Card Administrator key (9B), and

  • Setting up the PIV Local PIN for the user and setting up the PUK.