FIPS 201 CIV Profiles (Third-Party Applets)

CIV – OT 2.3.5 / 2.4.0 – 2048

CIV Profile with OT End-Point applets v2.3.5 / 2.4.0. Card with Oberthur PIV applet v2.3.5 or v2.4.0.

Profile aligned with NIST National Institute of Standards and Technology SP 800-73-3, for Commercial Identity Verification (CIV) cards: similar card edge as PIV for US Government employees, but for the commercial world, without any trust to the US Federal bridge.
Supports SP 800-73-3 objects, including PIV Discovery, Iris, Key History and Key Management Key objects. It can accommodate 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).
CHUID Card Holder Unique Identifier, Printed Information, PKI AUTHENTICATE objects are mandatory. All other objects are optional.
Compatible with Apple Mac TokenD
Only for Oberthur PIV cards with PIV applet v2.3.5 or v2.4.0.
In addition to the card pre-issuance keys, the following keys must be present in the HSM A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system. for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:
- For the pre-issuance Card AES 128: MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)
- For the pre-issuance Card AES 256: MK_CM_ACE_AES_32_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_32 (32-byte AES keys)

Supported Devices

Supported Pre-Issuance IDs

5_OCS_PIV_235_TEST_OPSC_1

Description	OT 8.0 FIPS PIV 2.3.5 Sample Stack with PIV TEST Key
Card specification	PIV 2.3.5 AES 256	PIV 2.3.5 AES 128
Key length supported	256-bit Keys	128-bit Keys
CM Manufacturer Key Set	KMC_CM_OCS_PIV_TEST_AES_32_1_ENC KMC_CM_OCS_PIV_TEST_AES_32_1_MAC KMC_CM_OCS_PIV_TEST_AES_32_1_KEK	KMC_CM_OCS_PIV_TEST_AES_16_1_ENC KMC_CM_OCS_PIV_TEST_AES_16_1_MAC KMC_CM_OCS_PIV_TEST_AES_16_1_KEK
CM Diversification	GPSCP03
Key Set Version / Index	0x01/0x00
Initial 9B key Label	PIV_OCS_CARD_ADMIN_KEY_SB_AES_32	PIV_OCS_CARD_ADMIN_KEY_SB_AES_16
Initial 9B Key AlgoID	0C	08
Logical Scheme	2
ManufacturerID	Oberthur-01
CardProductID	0000000081
PhysicalDescriptionID	0000000005
PackageConfigID	0000000002
ContactRequirementID	0000000007
ContactKeyConfigID	0000000110
ContactLogicalDescription	0000000052
ContactlessRequirementID	0000000007
ContactlessKeyConfigID	0000000110
ContactlessLogicalDescription	0000000052

5_OCS_PIV_235_PROD_OPSC_1

Description	OT 8.0 FIPS PIV 2.3.5 Sample Stack with PIV PROD Key
Card specification	PIV 2.3.5 AES 256	PIV 2.3.5 AES 128
Key length supported	256-bit Keys	128-bit Keys
CM Manufacturer Key Set	KMC_CM_OCS_PIV_PROD_AES_32_1_ENC KMC_CM_OCS_PIV_PROD_AES_32_1_MAC KMC_CM_OCS_PIV_PROD_AES_32_1_KEK	KMC_CM_OCS_PIV_PROD_AES_16_1_ENC KMC_CM_OCS_PIV_PROD_AES_16_1_MAC KMC_CM_OCS_PIV_PROD_AES_16_1_KEK
CM Diversification	GPSCP03
Key Set Version / Index	0x01/0x0
Initial 9B key Label	PIV_OCS_CARD_ADMIN_KEY_SB_AES_32	PIV_OCS_CARD_ADMIN_KEY_SB_AES_16
Initial 9B Key AlgoID	0C	08
Logical Scheme	2
ManufacturerID	Oberthur-01
CardProductID	0000000081
PhysicalDescriptionID	0000000005
PackageConfigID	0000000002
ContactRequirementID	0000000007
ContactKeyConfigID	0000000111
ContactLogicalDescription	0000000052
ContactlessRequirementID	0000000007
ContactlessKeyConfigID	0000000111
ContactlessLogicalDescription	0000000052

100_OCS_PIV_235_PROD_OPSC_1

Description	OT 8.0 FIPS PIV 2.3.5 Full Stack with PIV PROD Key
Card specification	PIV 2.3.5 AES 256	PIV 2.3.5 AES 128
Key length supported	256-bit Keys	128-bit Keys
CM Manufacturer Key Set	KMC_CM_OCS_PIV_PROD_AES_32_1_ENC KMC_CM_OCS_PIV_PROD_AES_32_1_MAC KMC_CM_OCS_PIV_PROD_AES_32_1_KEK	KMC_CM_OCS_PIV_PROD_AES_16_1_ENC KMC_CM_OCS_PIV_PROD_AES_16_1_MAC KMC_CM_OCS_PIV_PROD_AES_16_1_KEK
CM Diversification	GPSCP03
Key Set Version / Index	0x01/0x0
Initial 9B key Label	PIV_OCS_CARD_ADMIN_KEY_SB_AES_32	PIV_OCS_CARD_ADMIN_KEY_SB_AES_16
Initial 9B Key AlgoID	0C	08
Logical Scheme	2
ManufacturerID	Oberthur-01
CardProductID	0000000081
PhysicalDescriptionID	0000000005
PackageConfigID	0000000001
ContactRequirementID	0000000007
ContactKeyConfigID	0000000111
ContactLogicalDescription	0000000052
ContactlessRequirementID	0000000007
ContactlessKeyConfigID	0000000111
ContactlessLogicalDescription	0000000052

5_OCS_PIV_240_TEST_OPSC_1

Description	OT 8.0 FIPS 2.4.0 Sample Stack with PIV TEST Key
CM Manufacturer Key Set	KMC_CM_OCS_PIV_TEST_AES_32_1_ENC KMC_CM_OCS_PIV_TEST_AES_32_1_MAC KMC_CM_OCS_PIV_TEST_AES_32_1_KEK
CM Diversification	GPSCP03
Key Set Version / Index	0x01/0x00
Initial 9B key Label	PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
Initial 9B Key AlgoID	0C
Logical Scheme	2
ManufacturerID	Oberthur-01
CardProductID	0000000081
PhysicalDescriptionID	0000000005
PackageConfigID	0000000002
ContactRequirementID	0000000007
ContactKeyConfigID	0000000110
ContactLogicalDescription	0000000053
ContactlessRequirementID	0000000007
ContactlessKeyConfigID	0000000110
ContactlessLogicalDescription	0000000053

5_OCS_PIV_240_PROD_OPSC_1

Description	OT 8.0 FIPS PIV 2.4.0 Sample Stack with PIV PROD Key
CM Manufacturer Key Set	KMC_CM_OCS_PIV_PROD_AES_32_1_ENC KMC_CM_OCS_PIV_PROD_AES_32_1_MAC KMC_CM_OCS_PIV_PROD_AES_32_1_KEK
CM Diversification	GPSCP03
Key Set Version / Index	0x01/0x0
Initial 9B key Label	PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
Initial 9B Key AlgoID	0C
Logical Scheme	2
ManufacturerID	Oberthur-01
CardProductID	0000000081
PhysicalDescriptionID	0000000005
PackageConfigID	0000000002
ContactRequirementID	0000000007
ContactKeyConfigID	0000000111
ContactLogicalDescription	0000000053
ContactlessRequirementID	0000000007
ContactlessKeyConfigID	0000000111
ContactlessLogicalDescription	0000000053

100_OCS_PIV_240_PROD_OPSC_1

Description	OT 8.0 FIPS PIV 2.4.0 Full Stack with PIV PROD Key
CM Manufacturer Key Set	KMC_CM_OCS_PIV_PROD_AES_32_1_ENC KMC_CM_OCS_PIV_PROD_AES_32_1_MAC KMC_CM_OCS_PIV_PROD_AES_32_1_KEK
CM Diversification	GPSCP03
Key Set Version / Index	0x01/0x0
Initial 9B key Label	PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
Initial 9B Key AlgoID	0C
Logical Scheme	2
ManufacturerID	Oberthur-01
CardProductID	0000000081
PhysicalDescriptionID	0000000005
PackageConfigID	0000000001
ContactRequirementID	0000000007
ContactKeyConfigID	0000000111
ContactLogicalDescription	0000000053
ContactlessRequirementID	0000000007
ContactlessKeyConfigID	0000000111
ContactlessLogicalDescription	0000000053