FIPS 201 PIV Profiles (Service Bureau)
Device Profile Name |
Profile Description |
Unique Identifier |
Supported Devices |
Supported Pre-Issuance IDs |
Comments |
---|---|---|---|---|---|
PIV2 Activation Profile with OCS End-Point applets v1.08 |
N/A |
Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK |
5_OCS_PIV_SB_TEST_OPSC_1
|
Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
Card with Oberthur PIV Personal Identity Verification (technical standard of "HSPD-12") applet v1.08
|
|
PIV2 Activation Profile with OCS End-Point applets v1.08 |
N/A |
Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK |
5_OCS_PIV_SB_TEST_OPSC_1
|
Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
Card with Oberthur PIV applet v1.08
|
|
PIV2 Activation Profile with OCS End-Point applets v1.08 |
N/A |
Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK |
5_OCS_PIV_SB_TEST_OPSC_1
|
Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
Card with Oberthur PIV applet v1.08
|
|
PIV2 Activation Profile for Gemalto SafesITe applets v1.20 |
N/A |
Gemalto GemCombi'Xpresso R4 E72 PK Standard with PIV application |
5_GEM_PIV_SB_TEST_OPSC_1
|
Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
Card With Gemalto PIV applet SafeSite v1.20
|
|
PIV2 Activation Profile for Gemalto applets V1.55 (SP 800-73-3) |
N/A |
Gemalto TOP DL GX4 FIPS with PIV application |
5_GEM_PIV_1_55_TEST_OPSC_1
|
Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.
Card with Gemalto PIV applet v1.55
|
For Gemalto PIV profile (that is, card with Gemalto PIV applet v1.20), it is necessary to obtain a Gemalto PIV card with configuration “USG 010”.
For Oberthur PIV profile, ActivID CMS 4.0 SP2 expects Cosmo card with BAP# 81758.
For Oberthur PIV profiles with Oberthur PIV applet 2.3.2, use BAP #087282.
For Oberthur PIV profiles with Oberthur PIV applet 2.3.5, use BAP #087420 / #087424 / #087465.
For Oberthur PIV profiles with Oberthur PIV applet 2.4.0, use BAP #087434.
For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.1, use BAP #087484
For PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048 profile, PIN is numeric only.
PIV FIPS201 Activation Java Cards
This section applies to the profiles listed above.
These profiles activate the PIV cards personalized by the card manufacturer service bureau. The card activation In the context of ActivID, card activation refers to the unlocking of an application or GlobalPlatform locked card. This operation is usually associated with batch issuance and help desk operations. In the context of PIV, card activation implies PIN authentication to the PIV card to “activate” privileged operations. process consists of:
-
Injecting and generating the PKI credentials (PKI 1024 or 2048),
-
Swapping the Card Manager keys,
-
Swapping the PIV Card Administrator key (9B), and
-
Setting up the PIV Local PIN for the user and setting up the PUK.