FIPS 201 PIV Profiles (Service Bureau)

Note: These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.

Device Profile Name

Profile Description

Unique Identifier
(stored in the card)

Supported Devices

Supported Pre-Issuance IDs

Comments

PIV FIPS201 SB Activation Java Card – OCS

PIV2 Activation Profile with OCS End-Point applets v1.08

N/A

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

5_OCS_PIV_SB_TEST_OPSC_1
5_OCS_PIV_SB_PROD_OPSC_1
100_OCS_PIV_SB_PROD_OPSC_1
5_OCS_PIV_SDK_OPSC_1

Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.

 

Card with Oberthur PIV Personal Identity Verification (technical standard of "HSPD-12") applet v1.08

 

PIV FIPS201 SB Activation Java Card – OCS 1024/2048

PIV2 Activation Profile with OCS End-Point applets v1.08

N/A

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

5_OCS_PIV_SB_TEST_OPSC_1
5_OCS_PIV_SB_PROD_OPSC_1
100_OCS_PIV_SB_PROD_OPSC_1
5_OCS_PIV_SDK_OPSC_1

Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.

 

Card with Oberthur PIV applet v1.08

 

PIV FIPS201 SB Activation Java Card – OCS 2048

PIV2 Activation Profile with OCS End-Point applets v1.08

N/A

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

5_OCS_PIV_SB_TEST_OPSC_1
5_OCS_PIV_SB_PROD_OPSC_1
100_OCS_PIV_SB_PROD_OPSC_1
5_OCS_PIV_SDK_OPSC_1

Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.

 

Card with Oberthur PIV applet v1.08

 

PIV FIPS201 SB Activation Java Card – Gemalto

PIV2 Activation Profile for Gemalto SafesITe applets v1.20

N/A

Gemalto GemCombi'Xpresso R4 E72 PK Standard with PIV application

5_GEM_PIV_SB_TEST_OPSC_1
5_GEM_PIV_SB_PROD_OPSC_1
100_GEM_PIV_SB_PROD_OPSC_1
5_GEM_PIV_SDK_OPSC_1

Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.

 

Card With Gemalto PIV applet SafeSite v1.20

 

PIV FIPS201 SB Java Card – Gemalto 1.55 – 2048

PIV2 Activation Profile for Gemalto applets V1.55 (SP 800-73-3)

N/A

Gemalto TOP DL GX4 FIPS with PIV application

5_GEM_PIV_1_55_TEST_OPSC_1
5_GEM_PIV_1_55_PROD_OPSC_1
100_GEM_PIV_1_55_PROD_OPSC_1
5_GEM_PIV_1_55_SB_TEST_OPSC_1
5_GEM_PIV_1_55_SB_PROD_OPSC_1
100_GEM_PIV_1_55_SB_PROD_OPSC_1

Deprecated: Cannot be used to create a new device policy but existing profile policies are still supported.

 

Card with Gemalto PIV applet v1.55

 

Note:  
  • For Gemalto PIV profile (that is, card with Gemalto PIV applet v1.20), it is necessary to obtain a Gemalto PIV card with configuration “USG 010”.

  • For Oberthur PIV profile, ActivID CMS 4.0 SP2 expects Cosmo card with BAP# 81758.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.2, use BAP #087282.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.5, use BAP #087420 / #087424 / #087465.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.4.0, use BAP #087434.

  • For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.1, use BAP #087484

  • For PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048 profile, PIN is numeric only.

PIV FIPS201 Activation Java Cards

This section applies to the profiles listed above.

These profiles activate the PIV cards personalized by the card manufacturer service bureau. The card activation In the context of ActivID, card activation refers to the unlocking of an application or GlobalPlatform locked card. This operation is usually associated with batch issuance and help desk operations. In the context of PIV, card activation implies PIN authentication to the PIV card to “activate” privileged operations. process consists of:

  • Injecting and generating the PKI credentials (PKI 1024 or 2048),

  • Swapping the Card Manager keys,

  • Swapping the PIV Card Administrator key (9B), and

  • Setting up the PIV Local PIN for the user and setting up the PUK.