FIPS 201 PIV Profiles (Service Bureau)

Note: These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.

Device Profile Name	Profile Description	Unique Identifier (stored in the card)	Supported Devices	Supported Pre-Issuance IDs	Comments
PIV FIPS201 SB Activation Java Card – OCS	PIV2 Activation Profile with OCS End-Point applets v1.08	N/A	Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK	5_OCS_PIV_SB_TEST_OPSC_1 5_OCS_PIV_SB_PROD_OPSC_1 100_OCS_PIV_SB_PROD_OPSC_1 5_OCS_PIV_SDK_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Card with Oberthur PIV Personal Identity Verification (technical standard of "HSPD-12") applet v1.08
PIV FIPS201 SB Activation Java Card – OCS 1024/2048	PIV2 Activation Profile with OCS End-Point applets v1.08	N/A	Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK	5_OCS_PIV_SB_TEST_OPSC_1 5_OCS_PIV_SB_PROD_OPSC_1 100_OCS_PIV_SB_PROD_OPSC_1 5_OCS_PIV_SDK_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Card with Oberthur PIV applet v1.08
PIV FIPS201 SB Activation Java Card – OCS 2048	PIV2 Activation Profile with OCS End-Point applets v1.08	N/A	Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK	5_OCS_PIV_SB_TEST_OPSC_1 5_OCS_PIV_SB_PROD_OPSC_1 100_OCS_PIV_SB_PROD_OPSC_1 5_OCS_PIV_SDK_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Card with Oberthur PIV applet v1.08
PIV FIPS201 SB Activation Java Card – Gemalto	PIV2 Activation Profile for Gemalto SafesITe applets v1.20	N/A	Gemalto GemCombi'Xpresso R4 E72 PK Standard with PIV application	5_GEM_PIV_SB_TEST_OPSC_1 5_GEM_PIV_SB_PROD_OPSC_1 100_GEM_PIV_SB_PROD_OPSC_1 5_GEM_PIV_SDK_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Card With Gemalto PIV applet SafeSite v1.20
PIV FIPS201 SB Java Card – Gemalto 1.55 – 2048	PIV2 Activation Profile for Gemalto applets V1.55 (SP 800-73-3)	N/A	Gemalto TOP DL GX4 FIPS with PIV application	5_GEM_PIV_1_55_TEST_OPSC_1 5_GEM_PIV_1_55_PROD_OPSC_1 100_GEM_PIV_1_55_PROD_OPSC_1 5_GEM_PIV_1_55_SB_TEST_OPSC_1 5_GEM_PIV_1_55_SB_PROD_OPSC_1 100_GEM_PIV_1_55_SB_PROD_OPSC_1	Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported. Card with Gemalto PIV applet v1.55

Note:

For Gemalto PIV profile (that is, card with Gemalto PIV applet v1.20), it is necessary to obtain a Gemalto PIV card with configuration “USG 010”.
For Oberthur PIV profile, ActivID CMS 4.0 SP2 expects Cosmo card with BAP# 81758.
For Oberthur PIV profiles with Oberthur PIV applet 2.3.2, use BAP #087282.
For Oberthur PIV profiles with Oberthur PIV applet 2.3.5, use BAP #087420 / #087424 / #087465.
For Oberthur PIV profiles with Oberthur PIV applet 2.4.0, use BAP #087434.
For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.1, use BAP #087484
For PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048 profile, PIN is numeric only.

PIV FIPS201 Activation Java Cards

This section applies to the profiles listed above.

These profiles activate the PIV cards personalized by the card manufacturer service bureau. The card activation In the context of ActivID, card activation refers to the unlocking of an application or GlobalPlatform locked card. This operation is usually associated with batch issuance and help desk operations. In the context of PIV, card activation implies PIN authentication to the PIV card to “activate” privileged operations. process consists of:

Injecting and generating the PKI credentials (PKI 1024 or 2048),
Swapping the Card Manager keys,
Swapping the PIV Card Administrator key (9B), and
Setting up the PIV Local PIN for the user and setting up the PUK.