FIPS 201 CIV Profiles (Third-Party Applets)

Note: These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.

CIV - IDEMIA ID-One PIV 2.4.1 - 2048

CIV Profile with IDEMIA End-Point applets v2.4.10

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Replaced by PIV FIPS201 F2F Java Card - IDEMIA ID-One PIV 2.4.X - 2048 profile.

  • Card with IDEMIA PIV applet v2.4.1.

  • Profile aligned with NIST SP 800-73-4, for Commercial Identity Verification (CIV) cards: similar card edge as PIV for US Government employees, but for the commercial world, without any trust to the US Federal bridge.

  • Supports SP 800-73-4 objects, including PIV Discovery, Iris, Key History and Key Management Key objects. It can accommodate 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • CHUID, Printed Information, PKI AUTHENTICATE objects are mandatory. All other objects are optional.

  • Compatible with Apple Mac TokenD

  • Only for IDEMIA PIV cards with PIV applet v2.4.1

  • PIN Numeric Only

  • In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

    • For the pre-issuance Card AES 128: MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

    • For the pre-issuance Card AES 256: MK_CM_ACE_AES_32_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_32 (32-byte AES keys)

Supported Devices

Supported Pre-Issuance IDs
IDEMIA ID-One PIV 2.4.1 on Cosmo v8.1 (BAP 087484)

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Sample Stack with PIV TEST Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_AES_32_1_ENC

KMC_CM_OCS_PIV_TEST_AES_32_1_MAC

KMC_CM_OCS_PIV_TEST_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000110

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000110

ContactlessLogicalDescription

0000000056

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Sample Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000111

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000111

ContactlessLogicalDescription

0000000056

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Full Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

0000000111

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000111

ContactlessLogicalDescription

0000000056