Documentation | ActivID^® Credential Management System v5.13

You are here: Home >

FIPS 201 PIV Profiles (ActivID Applets, Face to Face Issuance)

Note: These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.

Device Profile Name	Profile Description	Unique Identifier (stored in the card)	Supported Devices	Supported Pre-Issuance IDs	Comments
PIV FIPS201 F2F Java Card – AI 1024-2048	Standard PIV+ Profile with ActivID Applet v2.6.2 (All PKI 2048 except last extended PKI 1024-bit)	2011000000000000000000E5	Oberthur ID-One Cosmo v5.2D 64K Fast ATR with AI PIV EP applet Gemalto GemCombi'Xpresso R4 E72 PK Standard with AI PIV EP applet G&D SmartCafe Expert v3.2 144K with AI PIV EP applet	5_OCS_AI_PIV_TEST_OPSC_1 5_OCS_AI_PIV_PROD_OPSC_1 100_OCS_AI_PIV_PROD_OPSC_1 5_OCS_PIV_TEST_OPSC_1 5_OCS_PIV_PROD_OPSC_1 100_OCS_PIV_PROD_OPSC_1 5_GEM_AI_PIV_TEST_OPSC_2 5_GEM_AI_PIV_PROD_OPSC_2 100_GEM_AI_PIV_PROD_OPSC_2 5_GEM_PIV_TEST_OPSC_1 5_GEM_PIV_PROD_OPSC_1 100_GEM_PIV_PROD_OPSC_1 5_GDA_AI_PIV_TEST_OPSC_1 5_GDA_AI_PIV_PROD_OPSC_1 100_GDA_AI_PIV_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Cards with ActivID Applets v2.6.2a packages preloaded (ASClib, ACA, GC/PKI, PIV Personal Identity Verification (technical standard of "HSPD-12") and SKI).
PIV FIPS201 F2F Java Card – AI 1024-2048 (2)	Standard PIV+ Profile with ActivID Applet v2.6.2 (All PKI 2048 except PIV AUTH, CARD AUTH: 1024-bit)	2011000000000000000000E7	Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK Oberthur ID-One Cosmo v5.2D 64K Fast ATR with AI PIV EP applet Gemalto GemCombi'Xpresso R4 E72 PK Standard with PIV application Gemalto GemCombi'Xpresso R4 E72 PK Standard with AI PIV EP applet G&D SmartCafe Expert v3.2 144K with AI PIV EP applet	5_OCS_AI_PIV_TEST_OPSC_1 5_OCS_AI_PIV_PROD_OPSC_1 100_OCS_AI_PIV_PROD_OPSC_1 5_OCS_PIV_TEST_OPSC_1 5_OCS_PIV_PROD_OPSC_1 100_OCS_PIV_PROD_OPSC_1 5_GEM_AI_PIV_TEST_OPSC_2 5_GEM_AI_PIV_PROD_OPSC_2 100_GEM_AI_PIV_PROD_OPSC_2 5_GEM_PIV_TEST_OPSC_1 5_GEM_PIV_PROD_OPSC_1 100_GEM_PIV_PROD_OPSC_1 5_GDA_AI_PIV_TEST_OPSC_1 5_GDA_AI_PIV_PROD_OPSC_1 100_GDA_AI_PIV_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Cards with either ActivID Applets v2.6.2a packages preloaded (ASClib, ACA, GC/PKI, PIV and SKI) or loaded with Gemalto PIV applet SafeSite v1.20 or loaded with Oberthur PIV applet v1.08.
PIV FIPS201 F2F Java Card – AI 2048	PIV2 Profile with ActivID Applet v2.6.2	2011000000000000000000FF	Gemalto GemCombi'Xpresso R4 E72 PK Standard with PIV application	5_GEM_PIV_TEST_OPSC_1 5_GEM_PIV_PROD_OPSC_1 100_GEM_PIV_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Cards loaded with Gemalto PIV applet SafeSite v1.20 ActivID Applets v2.6.2 based
PIV FIPS201 F2F Java Card – AI 2048 (2)	Standard PIV2 Profile with ActivID Applet v2.6.2 with renamed PKI containers	201100000000000000000106	Gemalto GemCombi'Xpresso R4 E72 PK Standard with PIV application	5_GEM_PIV_TEST_OPSC_1 5_GEM_PIV_PROD_OPSC_1 100_GEM_PIV_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Replaces “PIV FIPS201 F2F Java Card – AI 2048” profile cards. The only difference is the name of PKI extensions that are now PKI1/PKI2 instead of PKI5/PKI6. ActivID Applets v2.6.2 based.
PIV - Crescendo C2300 FIPS	PIV profile for Crescendo C2300 FIPS with Applet v3 (SP800-73-4)	201100000000000000000139	Crescendo C2300 FIPS (JCOP 3 SecID P60 CS) preloaded with ActivID Applet 3.0	HID_CRESC_2300_FIPS_DEFAULT HID_CRESC_2300_FIPS_CUSTOM	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Replaced by PIV / CIV - Crescendo FIPS profile. Cards with ActivID Applets v3.0 packages preloaded (ASClib, ACA, HMAClib and PIVEXT). Profile based on ActivID Applets 3.0.
FIPS 201 PIV Profiles (ActivID Applets, Face to Face Issuance)	PIV Profile for Crescendo Key FIPS with Applet v3 (SP800-73-4)	20110000000000000000014B	Crescendo Key FIPS (JCOP 3 SecID P60 CS) preloaded with ActivID Applet 3.0	HID_CRESC_KEY_FIPS_DEFAULT	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Replaced by PIV / CIV - Crescendo FIPS profile. USB Keys with token button with ActivID Applets v3.0 packages preloaded (ASClib, ACA, HMAClib and PIVEXT). Profile based on ActivID Applets 3.0.

Note:

For ActivID PIV+ profiles (preloaded with ActivID Applet packages v2.6.2a), the following default configurations are supported by ActivID CMS:
- Oberthur: BAP #85034
- Gemalto: C1022470
- G&D SmartCafe v3.2 144K: CONFIGURATION3

For ActivID PIV+ profiles (preloaded with ActivID Applet packages v2.6.2b), the following default configuration is supported by ActivID CMS:
- G&D SmartCafe v3.2 144K with ActivID Applet v2.6.2b [CONFIGURATION4]
- G&D SmartCafe v5.0 144K with ActivID Applet v2.6.2b [CONFIGURATION40]
- For the other configuration (non-PIV), this card is requested in [CONFIGURATION1]
- G&D Smart Café Expert v3.2 80K is delivered in [CONFIGURATION25]

PIV FIPS201 F2F Java Card – AI 1024-2048

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Full set of PIV buffers loaded by ActivID CMS
4 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS
2 2048-bit keys PKI Objects loaded by ActivID CMS
1 1024-bit keys PKI Object loaded by ActivID CMS
1 synchronous SKI Object loaded by ActivID CMS

PIV FIPS201 F2F Java Card – AI 1024-2048 (2)

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Full set of PIV buffers loaded by ActivID CMS
2 2048-bit keys PIV PKI Objects (PIV Digital Signature, PIV Key Management Key) loaded by ActivID CMS
2 1024-bit keys PIV PKI Objects (PIV Authentication, PIV Card Authentication) loaded by ActivID CMS
3 2048-bit keys PKI Objects loaded by ActivID CMS
1 synchronous SKI Object loaded by ActivID CMS

PIV FIPS201 F2F Java Card – AI 2048

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Full set of PIV buffers loaded by ActivID CMS
4 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS
2 2048-bit keys PKI Objects loaded by ActivID CMS. The name in the ActivID CMS Device Policy is PKI5/PKI6

PIV FIPS201 F2F Java Card – AI 2048 (2)

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Full set of PIV buffers loaded by ActivID CMS
4 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS
2 2048-bit keys PKI Objects loaded by ActivID CMS. The name in the ActivID CMS Device Policy is PKI1/PKI2

PIV - Crescendo C2300 FIPS

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

14 keys PIV PKI Objects (PIV Authentication, PIV Digital Signature PIN Always, PIV Key Management Key, PIV Card Authentication (RSA 2048, ECC 256 or ECC 384), and 10 Retired Key Management Keys) loaded by ActivID CMS

Note: In the current version of ActivID CMS, ECC keys can only be used with Card Authentication applications for the Microsoft CA. In addition, ECC certificates only support the ECDSA_256 and ECDSA_384 algorithms.
PIV EP Buffer Objects, except Iris object
NIST SP 800-73-4 Support
PIN Numeric Only
In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:
- MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

PIV - Crescendo Key FIPS

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

14 keys PIV PKI Objects (PIV Authentication, PIV Digital Signature PIN Always, PIV Key Management Key, PIV Card Authentication (RSA 2048, ECC 256 or ECC 384), and 10 Retired Key Management Keys) loaded by ActivID CMS

Note: In the current version of ActivID CMS, ECC keys can only be used with Card Authentication applications for the Microsoft CA. In addition, ECC certificates only support the ECDSA_256 and ECDSA_384 algorithms.
PIV EP Buffer Objects, except Iris object
NIST SP 800-73-4 Support
PIN Numeric Only
In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:
- MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

Topics on this page

Contact HID Global

611 Center Ridge Drive

Austin, TX 78753 U.S.A.

(800) 237-7769

(512) 776-9000

Technical Support

Customer Service

Customer Portal

Documentation Center

| |