FIPS 201 PIV Profiles (Service Bureau)

Note: These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.
Note:  

  • For Gemalto PIV profile (that is, card with Gemalto PIV applet v1.20), it is necessary to obtain a Gemalto PIV card with configuration “USG 010”.

  • For Oberthur PIV profile, ActivID CMS 4.0 SP2 expects Cosmo card with BAP# 81758.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.2, use BAP #087282.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.5, use BAP #087420 / #087424 / #087465.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.4.0, use BAP #087434.

  • For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.1, use BAP #087484

  • For PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048 profile, PIN is numeric only.

These profiles activate the PIV cards personalized by the card manufacturer service bureau. The card activation Card activation refers to the unlocking of an application or GlobalPlatform locked card. This operation is usually associated with batch issuance and help desk operations. In the context of PIV, card activation implies PIN authentication to the PIV card to “activate” privileged operations. In the context of BMS, card activation refers to the tasks required to complete the issuance of a card after its receipt from the service bureau that produced it process consists of:

  • Injecting and generating the PKI credentials (PKI 1024 or 2048),

  • Swapping the Card Manager keys,

  • Swapping the PIV Card Administrator key (9B), and

  • Setting up the PIV Local PIN for the user and setting up the PUK.

PIV FIPS201 SB Activation Java Card – OCS

PIV2 Activation Profile with OCS End-Point applets v1.08. Card with Oberthur PIV applet v1.08.

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000070

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000070

ContactlessLogicalDescription

0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000071

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000071

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

 0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV SDK Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SDK_OPSC_1_ENC

KMC_CM_OCS_PIV_SDK_OPSC_1_MAC

KMC_CM_OCS_PIV_SDK_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000058

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000058

ContactlessLogicalDescription

0000000020

PIV FIPS201 SB Activation Java Card – OCS 1024/2048

PIV2 Activation Profile with OCS End-Point applets v1.08. Card with Oberthur PIV applet v1.08.

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000070

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000070

ContactlessLogicalDescription

0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000071

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000071

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

 0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV SDK Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SDK_OPSC_1_ENC

KMC_CM_OCS_PIV_SDK_OPSC_1_MAC

KMC_CM_OCS_PIV_SDK_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000058

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000058

ContactlessLogicalDescription

0000000020

PIV FIPS201 SB Activation Java Card – OCS 2048

PIV2 Activation Profile with OCS End-Point applets v1.08. Card with Oberthur PIV applet v1.08.

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000070

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000070

ContactlessLogicalDescription

0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000071

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_SB_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000071

ContactLogicalDescription

0000000021

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

 0000000021

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV SDK Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SDK_OPSC_1_ENC

KMC_CM_OCS_PIV_SDK_OPSC_1_MAC

KMC_CM_OCS_PIV_SDK_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000058

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000058

ContactlessLogicalDescription

0000000020

PIV FIPS201 SB Activation Java Card – Gemalto

PIV2 Activation Profile for Gemalto SafesITe applets v1.20. Card With Gemalto PIV applet SafeSite v1.20.

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Supported Devices

Supported Pre-Issuance IDs

Gemalto TOP DM GX4 FIPS with PIV application

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_SB_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_SB_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_SB_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000072

ContactLogicalDescription

0000000023

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000072

ContactlessLogicalDescription

0000000023

Description

Gemplus GCX4 PIV Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000073

ContactLogicalDescription

0000000023

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000073

ContactlessLogicalDescription

0000000023

Description

Gemplus GCX4 PIV Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000073 

ContactLogicalDescription

0000000023

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000073 

ContactlessLogicalDescription

0000000023

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

GEMPLUS_ENC

GEMPLUS_MAC

GEMPLUS_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000074

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000074

ContactlessLogicalDescription

0000000022

PIV FIPS201 SB Java Card – Gemalto 1.55 – 2048

PIV2 Activation Profile for Gemalto applets V1.55 (SP 800-73-3). Card with Gemalto PIV applet v1.55.

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Supported Devices

Supported Pre-Issuance IDs

Gemalto TOP DL GX4 FIPS with PIV application

Description

Gemplus GCX4 PIV 1.55 Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

 0000000067

ContactLogicalDescription

0000000048

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000067

ContactlessLogicalDescription

0000000048

Description

Gemplus GCX4 PIV 1.55 Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000048

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000048

Description

Gemplus GCX4 PIV 1.55 Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068 

ContactLogicalDescription

0000000048

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068 

ContactlessLogicalDescription

0000000048

Description

Gemplus GCX4 PIV 1.55 Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_SB_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_SB_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_SB_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000072

ContactLogicalDescription

0000000049

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000072

ContactlessLogicalDescription

0000000049

Description

Gemplus GCX4 PIV 1.55 Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000073

ContactLogicalDescription

0000000049

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000073

ContactlessLogicalDescription

0000000049

Description

Gemplus GCX4 PIV 1.55 Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_SB_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000073 

ContactLogicalDescription

0000000049

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000073 

ContactlessLogicalDescription

0000000049