Supported Device Profiles

The profiles described in this section are available from the drop-down “Device Profile” list when an operator is creating a new device policy using the ActivID CMS Operator Portal. Generally, the most recent profiles should be used when issuing new devices. Older profiles could be selected, but might not be supported in upcoming ActivID CMS versions.

Starting with ActivID CMS 5.8, profiles indicated as deprecated in this document cannot be used to create new device policies (and are no longer available in the “Device Profile” drop-down list); however, any existing policies based on these profiles are still currently supported.

The profiles are organized into categories and a description is available for each profile. Here is an explanation of the terms used to describe these profiles:

“Client” refers to ActivID ActivClient. It means the corresponding objects are set with a “PIN” access control rule.
“Server” refers to ActivID CMS where the access control rule is Global Platform Secure Messaging.
PIN (Personal Identification Number) is used to protect access to the card.
PKI refers to Public Key Infrastructure with support of RSA 1024- or 2048-bit keys.
SKI refers to Secret Key Infrastructure used to generate One-Time Passwords (compatible with ActivID Authentication servers).
BOOTDISKCRYPT credentials are used by software vendors offering boot authentication and disk encryption products. Only two generic containers A Generic Container (GC) applet is used to store static data on devices. The applet treats all data as opaque or generic and never attempts to assign any meaning to the data with which it is dealing. (GC) are made available to these vendors. The third container used by HP Protect Tools is not included, unless specified otherwise.

Note:

The number of objects listed for the profiles in this section is indicative only. The configuration of the certificate authority (CA) might affect the size of user certificates and reduce the number of certificates that can be stored in each profile.
PIV Personal Identity Verification (technical standard of "HSPD-12") objects issued by ActivID CMS can be accessed by any PIV middleware. Other objects (such as PKI or SKI objects) are only accessible with ActivID ActivClient.

Note about Automatic Device Creation Mode

Before a device can be issued, it must be created in the ActivID CMS logistic and content database.

Two methods are possible for this operation, depending on the configuration of the Enable Automatic Import of Unknown Cards option. This option can be changed in the Issuance Portal by selecting the Configuration tab, then the Customization tab, and then the Miscellaneous topic.

If this option is disabled (typically on a production system), you must use the Exchange Manager to load the cards with a batch (.xml) file from the Card Manufacturer.

This batch file is created by the Card Manufacturer and contains the CUID of each card and the Identifiers defining the pre-issuance ID to be associated with each card.

KeyConfigID,
CardRequirementsID,
CardProductID,
PhysicalDescriptionID,
LogicalDescriptionID,
PackageConfigID.

These IDs are part of the definition of the new pre-issuance ID (for example, 5_OCS_PIV_TEST_OPSC_1).

The person who requests the cards from the Card Manufacturer has to provide these IDs.

With these IDs in the Batch (.xml) file, the Exchange Manager creates the card with the matching logistic pre-issuance ID.

Depending on the logical scheme (1 or 2) used to define the card Pre-Issuance ID, the format of the data to be provided changes:

Logical Scheme 1 (Contact Only):

Example of batch IDs for the HID_CRESC_JCOP_241R2_GEN_TEST_OPSC_1 Pre-Issuance ID, which can be found on the ActivID CMS disk in “.\BDD Samples\BD-FREE-LOGICALSCHEME1.xml”:

Copy

<BatchConfiguration>
     <KeyConfigID>0000000092</KeyConfigID>
     <CardRequirementsID>0000000004</CardRequirementsID>
     <CardProductID>0000000070</CardProductID>
     <PhysicalDescriptionID>000000000B</PhysicalDescriptionID>
     <LogicalDescriptionID>0000000040</LogicalDescriptionID>
     <PackageConfigID>FREE</PackageConfigID>
</BatchConfiguration>

Logical Scheme 2 (Contact AND Contactless):

DEFAULT Pre-Issuance ID, which can be found on the ActivID CMS disk in “.\BDD Samples \BD-FREE-LOGICALSCHEME2.xml”:

Copy

<BatchConfiguration>
     <ProductConfiguration>
          <CardProductID>0000000082</CardProductID>
          <PhysicalProductConfiguration>
               <PhysicalDescriptionID>0000000005</PhysicalDescriptionID>
          </PhysicalProductConfiguration>
          <CardChipConfiguration>
               <HybridCardConfiguration>
                    <ContactChipConfiguration>
                         <RequirementsID>0000000007</RequirementsID>
                         <KeyConfigID> VOP_ISK_AES_16</KeyConfigID>
                         <LogicalDescriptionID>0000000054</LogicalDescriptionID>
                    </ContactChipConfiguration>
                    <ContactlessChipConfiguration>
                         <RequirementsID>0000000007</RequirementsID>
                         <KeyConfigID> VOP_ISK_AES_16</KeyConfigID>
                         <LogicalDescriptionID>0000000054</LogicalDescriptionID>
                    </ContactlessChipConfiguration>
               </HybridCardConfiguration>
          </CardChipConfiguration>
     </ProductConfiguration>
     <PackageConfigID>FREE</PackageConfigID>
</BatchConfiguration>

Depending on the logical scheme (1 or 2) used to define the card Pre-Issuance ID, the “BatchDeliveryData” must be updated according to the number of cards to be provided:

Example for 5 cards for the 5_OCS_PIV_240_TEST_OPSC_1 Pre-Issuance ID, which can be found in ...\BDD Samples \BD-5-LOGICALSCHEME2.xml on Disk:

Copy

<BatchDeliveryData>
        <BatchUID>1</BatchUID>
        <CardNb>5</CardNb>
        <ShippingOrganization>FedEx</ShippingOrganization>
        <TrackingNumber></TrackingNumber>
        <CardDataList>
            <CardData name="4820502B000000000001">
                <HybridData>
                    <StackID>1</StackID>
                    <BatchSN>1</BatchSN>
                    <ContactSpecificData>
                    <CUID>4820502B000000000001</CUID>    <CPLCData>9F7F2A4820502B8231803000630252000000010000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactSpecificData>
                    <ContactlessSpecificData>
                 <UID>4820502B000000000001</UID>
        <CPLCData>9F7F2A4820502B8231803000630252000000010000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactlessSpecificData>
                </HybridData>
            </CardData>
            <CardData name="4820502B000000000002">
                <HybridData>
                    <StackID>1</StackID>
                    <BatchSN>2</BatchSN>
                    <ContactSpecificData>
                        <CUID>4820502B000000000002</CUID>
    <CPLCData>9F7F2A4820502B8231803000630252000000020000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactSpecificData>
                    <ContactlessSpecificData>
                         <UID>4820502B000000000002</UID>
    <CPLCData>9F7F2A4820502B8231803000630252000000020000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactlessSpecificData>
                </HybridData>
            </CardData>
            <CardData name="4820502B000000000003">
                <HybridData>
                    <StackID>1</StackID>
                    <BatchSN>3</BatchSN>
                    <ContactSpecificData>
                        <CUID>4820502B000000000003</CUID>    <CPLCData>9F7F2A4820502B8231803000630252000000030000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactSpecificData>
                    <ContactlessSpecificData>
                         <UID>4820502B000000000003</UID>    <CPLCData>9F7F2A4820502B8231803000630252000000030000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactlessSpecificData>
                </HybridData>
            </CardData>
            <CardData name="4820502B000000000004">
                <HybridData>
                    <StackID>1</StackID>
                    <BatchSN>4</BatchSN>
                    <ContactSpecificData>
                        <CUID>4820502B000000000004</CUID>    <CPLCData>9F7F2A4820502B8231803000630252000000040000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactSpecificData>
                    <ContactlessSpecificData>
                         <UID>4820502B000000000004</UID>    <CPLCData>9F7F2A4820502B8231803000630252000000040000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactlessSpecificData>
                </HybridData>
            </CardData>
            <CardData name="4820502B000000000005">
                <HybridData>
                    <StackID>1</StackID>
                    <BatchSN>5</BatchSN>
                    <ContactSpecificData>
                        <CUID>4820502B000000000005</CUID>    <CPLCData>9F7F2A4820502B8231803000630252000000050000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactSpecificData>
                    <ContactlessSpecificData>
                         <UID>4820502B000000000005</UID>    <CPLCData>9F7F2A4820502B8231803000630252000000050000143202521433025214340252000000001435025200000000</CPLCData>
                    </ContactlessSpecificData>
                </HybridData>
            </CardData>
        </CardDataList>    
</BatchDeliveryData>

If this option is enabled (typically on a test system), the cards are created ‘Automatically’ by ActivID CMS with a default pre-issuance ID (that is, the one associated with your card ATR in the ATR2Product.properties file).

Topics in this section: