ActivID Applet v2-based Profiles

Note: These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.

Device Profile Name	Profile Description	Unique Identifier (stored in the card)	Supported Devices	Supported Pre-Issuance IDs	Comments
FIPS 140-2 Level 3 Profiles
64K SC (FIPS Level 3)	Profile for 64K cards with secure channel access rights and compliant with FIPS 140 Level 3	201000000000000000000068	Oberthur ID-One Cosmo v5.2 64K		Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
64K SC v1.1 (FIPS Level 3) GEMPLUS FIPS v2	Profile for GEMPLUS 64K FIPS V2 Fast ATR cards with secure channel access rights and compliant with FIPS 140 Level 3	201000000000000000000085	Gemplus 64K FIPS v2 (fast ATR)		Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
64K SC v1.2 (FIPS Level 3)	64K 1024 SC FIPS 140 L3 Profile (ENTERPRISE) with Applet 2.5.1 BN4	20100000000000000000009F	Axalto Cyberflex Access 64K v2C Gemplus 64K Standard Version Gemplus 64K FIPS v2 (fast ATR) G&D SmartCafe 64K Tiger FIPS 1024-bits G&D SmartCafe 64K Tiger FIPS 2048-bits Oberthur ID-One Cosmo v5.2 64K	AXALTO_V2C_VOPISK GEM_GXP_PRO_64K_STD_OP202 GEM_GXP_PRO_64K_FIPSv2_GEMPLUS_OP202 GND_FIPS1024_VOP_ISK_3F GND_2048_VOP_ISK_3F OBE_COSMO_V52D_VOPISK_FF	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
GSC-IS Compliant Profiles
64K SC (GSC-IS 2.1)	Profile for 64K cards compliant with GSC-IS 2.1, with secure channel access rights	201000000000000000000069	Oberthur ID-One Cosmo v5.2 64K		Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
64K SC v1.1 (GSC-IS 2.1)	Profile for GEMPLUS 64K Standard version cards compliant with GSC-IS 2.1, with secure channel access rights	20100000000000000000007E	Gemplus 64K Standard Version		Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
64K SC v1.1 (GSC-IS 2.1) GEMPLUS FIPS v2	Profile for GEMPLUS 64K FIPS V2 Fast ATR cards compliant with GSC-IS 2.1, with secure channel access rights	201000000000000000000086	Gemplus 64K FIPS v2 (fast ATR)		Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
64K SC v1.2 (GSC-IS 2.1)	64K 1024 SC GSCS-IS v2.1 Profile (GOVERNMENT) with Applet 2.5.1 BN4	2010000000000000000000A0	Axalto Cyberflex Access 64K v1 SM 4.1 Axalto Cyberflex Access 64K v2C Gemplus 64K Standard Version Gemplus 64K FIPS v2 (fast ATR) G&D SmartCafe 64K Tiger FIPS 2048-bits G&D SmartCafe Expert v3.2 80K G&D SmartCafe Expert v3.2 144K Oberthur ID-One Cosmo v5.2 64K	SLB_ACC_V4_64K_OP AXALTO_V2C_VOPISK GEM_GXP_PRO_64K_STD_OP202 GEM_GXP_PRO_64K_FIPSv2_GEMPLUS_OP202 GND_2048_VOP_ISK_3F GND_80K_GDA_GENERIC_TEST_OPSC_1 GND_80K_GDA_GENERIC_PROD_OPSC_1 GND_144K_GDA_GENERIC_TEST_OPSC_1 GND_144K_GDA_GENERIC_PROD_OPSC_1 OBE_COSMO_V52D_VOPISK_FF	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
72K/80K/128K/144K Generic Profile v2
Generic 72-80K PIN SC Java Card – AI 1024-2048	Standard Profile with ActivID Applet v2.6.2b	2011000000000000000000F7	G&D SmartCafe Expert v3.2 72K G&D SmartCafe Expert v3.2 80K Gemalto TOP IM Gemalto TOP DM GX4 FIPS NXP JCOP31 v2.4.1 R0 Oberthur ID-One Cosmo v7.0-n 80K	GND_72K_GDA_GENERIC_TEST_OPSC_1 GND_72K_GDA_GENERIC_PROD_OPSC_1 GND_80K_GDA_GENERIC_TEST_OPSC_1 GND_80K_GDA_GENERIC_PROD_OPSC_1 GEM_GX4_TOPIM_GEMA_GENERIC_TEST_OPSC_1 GEM_GX4_TOPIM_GEMA_GENERIC_PROD_OPSC_1 GEM_GCX4_OP202 GEM_GX4_TOPDM_GEMA_GENERIC_PROD_OPSC_1 NXP_JCOP_31_NXP_GENERIC_TEST_OPSC_1 NXP_JCOP_31_NXP_GENERIC_PROD_OPSC_1 OCS70_80K_OCS_GENERIC_TEST_OPSC_1 OCS70_80K_OCS_GENERIC_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. ActivID Applet v2.6.2b based
Generic 72-80K PIN SC Java Card – AI 1024-2048 (2)	Standard Profile with ActivID Applet v2.6.2b	2011000000000000000000FA	G&D SmartCafe Expert v3.2 80K Gemalto TOP IM Gemalto TOP DM GX4 FIPS NXP JCOP31 v2.4.1 R0	GND_80K_GDA_GENERIC_TEST_OPSC_1 GND_80K_GDA_GENERIC_PROD_OPSC_1 GEM_GX4_TOPIM_GEMA_GENERIC_TEST_OPSC_1 GEM_GX4_TOPIM_GEMA_GENERIC_PROD_OPSC_1 GEM_GCX4_OP202 GEM_GX4_TOPDM_GEMA_GENERIC_PROD_OPSC_1 NXP_JCOP_31_NXP_GENERIC_TEST_OPSC_1 NXP_JCOP_31_NXP_GENERIC_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. ActivID Applet v2.6.2b based
Generic 72-80K PIN SC Java Card – AI 1024-2048 (3)	Standard Profile with ActivID Applet v2.6.2b, 3 PKI SC, 3 PKI PIN	201100000000000000000108	HID Crescendo JCOP v2.4.1 R2	HID_CRESC_JCOP_241R2_GEN_TEST_OPSC_1 HID_CRESC_JCOP_241R2_GEN_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. ActivID Applet v2.6.2b based

64K SC v1.2 (FIPS Level 3)

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

PKI/SKI download done on the server
6 PKI’s 1024-bit keys with certificates from any CA
Support of PIN encryption with SMA (Secure Messaging Anonymous)
Support BOOTDISKCRYPT credentials
SKI synchronous and asynchronous
This profile is not supported on ActivKey Display

Generic 72-80K PIN SC Java Card – AI 1024-2048

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

4 PKI (1024/2048-bit keys) download done on the server
4 PKI (1024/2048-bit keys) download done on the client
GC standard configuration
SKI download by the server
CA Root certificate downloadable by the server

Generic 72-80K PIN SC Java Card – AI 1024-2048 (2)

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

7 PKI download done on the server
1 PKI download done on the client
GC standard configuration
SKI download by the server
Multiple CA Trust Chain(s) certificate downloadable from the ActivID CMS server ^(*)

^(*) A specific container is created in the profile to store the certificate trust chain(s). A new ActivID CMS static credential collection plug-in, CaCerts, is used to load all the CA certificates (.p7b or .cer files) onto the smart card.

Note: Trust Chain length is limited to around 9 KB after compression.

The certificate chains are imported from all p7b and cer files present in a specific folder, specified in the device profile as “cacert_path”:

Copy

<p:staticcredentialplugin name="CaCerts" type="CaCertsV2Plugin">
            <p:params>
                        <p:param name="CA cert" type="String" key="cacert_path" visible="false">
                                    <p:value>../cacerts</p:value>
                        </p:param>
            </p:params>
</p:staticcredentialplugin>

The cacert_path can be an absolute path (for example, /cms_conf/CA_certificates_for_profile_1) or a relative path. Relative paths are relative to the ActivID CMS installation folder (for example, Program Files\HID Global\Credential Management System\tomcat). Therefore, for example, ../cacerts would lead to C:\Program Files\HID Global\Credential Management System\cacerts.

For multiple trust chains, different trust chains can be specified for different device policies by duplicating the section <p:staticcredentialplugin name="CaCerts" type="CaCertsV2Plugin"> found in the profile and by editing each cacert_path.

In this case, the staticcredentialplugin name must be unique whereas the value of the staticcredentialplugin name must be changed.

For example, the second name could be CaCerts2 – this name will be reused when defining a new device policy, corresponding to the new CA cert source folder.