FIPS 201 PIV Profiles (ActivID Applets, Face to Face Issuance)

PIV FIPS201 F2F Java Card – AI 1024-2048 (3)

Standard PIV+ Profile with ActivID Applet v2.6.2b. Based on ActivID Applet v2.6.2b; support for additional certificates compared to previous profiles.

• Unique Identifier (stored in the card): 2011000000000000000000EF

• Full set of PIV buffers loaded by ActivID CMS

• 4 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS

• 8 1024/2048-bit keys PKI Objects loaded by ActivID CMS

• 1 synchronous SKI Object loaded by ActivID CMS

Supported Devices	Supported Pre-Issuance IDs
G&D SmartCafe Expert v3.2 144K preloaded with ActivID Applet	GND_144K_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000030 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007C ContactLogicalDescription 0000000033 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007C ContactlessLogicalDescription 0000000033 GND_144K_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000030 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000084 ContactLogicalDescription 0000000033 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000084 ContactlessLogicalDescription 0000000033
G&D SmartCafe Expert v5.0 144K preloaded with ActivID Applet	GND_144K_SCE50_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000067 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007C ContactLogicalDescription 0000000033 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007C ContactlessLogicalDescription 0000000033 GND_144K_SCE50_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000067 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000084 ContactLogicalDescription 0000000033 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000084 ContactlessLogicalDescription 0000000033
Gemalto TOP DL GX4 FIPS preloaded with ActivID Applet	GEM_GCX4_144K_V1_PIV_TEST_OPSC_2 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GEM_PIV_TEST_OPSC_2_ENC KMC_CM_GEM_PIV_TEST_OPSC_2_MAC KMC_CM_GEM_PIV_TEST_OPSC_2_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Gemplus-01 CardProductID 0000000017 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007A ContactLogicalDescription 0000000036 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007A ContactlessLogicalDescription 0000000036 GEM_GCX4_144K_V1_PIV_PROD_OPSC_2 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GEM_PIV_PROD_OPSC_2_ENC KMC_CM_GEM_PIV_PROD_OPSC_2_MAC KMC_CM_GEM_PIV_PROD_OPSC_2_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Gemplus-01 CardProductID 0000000017 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007B ContactLogicalDescription 0000000036 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007B ContactlessLogicalDescription 0000000036
Oberthur ID-One Cosmo v7.0-n 128K preloaded with ActivID Applet	OCS70_128K_OCS_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_OCS_PIV_TEST_OPSC_1_ENC KMC_CM_OCS_PIV_TEST_OPSC_1_MAC KMC_CM_OCS_PIV_TEST_OPSC_1_KEK Diversification GP211 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Oberthur-01 CardProductID 0000000061 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000052 ContactLogicalDescription 0000000034 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000052 ContactlessLogicalDescription 0000000034 OCS70_128K_OCS_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_OCS_PIV_PROD_OPSC_1_ENC KMC_CM_OCS_PIV_PROD_OPSC_1_MAC KMC_CM_OCS_PIV _PROD_OPSC_1_KEK Diversification GP211 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Oberthur-01 CardProductID 0000000061 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000053 ContactLogicalDescription 0000000034 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000053 ContactlessLogicalDescription 0000000034
Oberthur ID-One Cosmo v5.5 128K	OCS55_128K_OCS_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_OCS_PIV_TEST_OPSC_1_ENC KMC_CM_OCS_PIV_TEST_OPSC_1_MAC KMC_CM_OCS_PIV_TEST_OPSC_1_KEK Diversification GP211 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Oberthur-01 CardProductID 0000000069 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000052 ContactLogicalDescription 000000003E ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000052 ContactlessLogicalDescription 000000003E OCS55_128K_OCS_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_OCS_PIV_PROD_OPSC_1_ENC KMC_CM_OCS_PIV_PROD_OPSC_1_MAC KMC_CM_OCS_PIV _PROD_OPSC_1_KEK Diversification GP211 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Oberthur-01 CardProductID 0000000069 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000053 ContactLogicalDescription 000000003E ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000053 ContactlessLogicalDescription 000000003E

PIV FIPS201 F2F Java Card – AI 1024-2048 (4)

Standard PIV+ Profile with ActivID Applet v2.6.2b. Compared to profile (3), this profile only supports 72K-80K cards and exposes 8 PKI slots. Based on ActivID Applet v2.6.2b.

• Unique Identifier (stored in the card): 2011000000000000000000F8

• Full set of PIV buffers loaded by ActivID CMS

• 4 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS

• 3 1024/2048-bit keys PKI Objects loaded by ActivID CMS

• 1 synchronous SKI Object loaded by ActivID CMS

Supported Devices	Supported Pre-Issuance IDs
G&D SmartCafe Expert v3.2 72K preloaded with ActivID Applet	GND_72K_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000064 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 000000007C Contact LogicalDescription 0000000033 Contactless RequirementID 0000000020 Contactless KeyConfigID 000000007C Contactless LogicalDescription 0000000033 GND_72K_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000064 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000084 Contact LogicalDescription 0000000033 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000084 Contactless LogicalDescription 0000000033
G&D SmartCafe Expert v3.2 80K preloaded with ActivID Applet	GND_80K_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000031 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000005 Contact KeyConfigID 000000007C Contact LogicalDescription 0000000033 Contactless RequirementID 0000000005 Contactless KeyConfigID 000000007C Contactless LogicalDescription 0000000033 GND_80K_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000031 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000005 Contact KeyConfigID 0000000084 Contact LogicalDescription 0000000033 Contactless RequirementID 0000000005 Contactless KeyConfigID 0000000084 Contactless LogicalDescription 0000000033
NXP JCOP31 v2.4.1 R0 preloaded with ActivID Applet	NXP_JCOP_31_NXP_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_NXP_PIV_TEST_OPSC_1_ENC KMC_CM_NXP_PIV_TEST_OPSC_1_MAC KMC_CM_NXP_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000089 Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000089 Contactless LogicalDescription 0000000035 NXP_JCOP_31_NXP_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_NXP_PIV_PROD_OPSC_1_ENC KMC_CM_NXP_PIV_PROD_OPSC_1_MAC KMC_CM_NXP_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 000000008A Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 000000008A Contactless LogicalDescription 0000000035
HID Crescendo C1100 (JCOP v2.4.1 R3) preloaded with ActivID Applet (requires custom order)	NXP_JCOP_31_NXP_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_NXP_PIV_TEST_OPSC_1_ENC KMC_CM_NXP_PIV_TEST_OPSC_1_MAC KMC_CM_NXP_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000089 Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000089 Contactless LogicalDescription 0000000035 NXP_JCOP_31_NXP_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_NXP_PIV_PROD_OPSC_1_ENC KMC_CM_NXP_PIV_PROD_OPSC_1_MAC KMC_CM_NXP_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 000000008A Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 000000008A Contactless LogicalDescription 0000000035

PIV FIPS201 F2F Java Card – AI 1024-2048 (6)

Standard PIV+ Profile with ActivID Applet v2.6.2b. Compared to profile (4), this profile sets all objects as optional. It is compatible with Apple Mac TokenD, and supports new cards. Based on ActivID Applet v2.6.2b

• Unique Identifier (stored in the card): 201100000000000000000107

• Full set of PIV buffers loaded by ActivID CMS

• 4 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS

• 3 1024/2048-bit keys PKI Objects loaded by ActivID CMS

• 1 synchronous SKI Object loaded by ActivID CMS

• Compatible with Apple Mac TokenD

• All PIV objects configured as optional

Supported Devices	Supported Pre-Issuance IDs
G&D SmartCafe Expert v3.2 72K preloaded with ActivID Applet	GND_72K_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000064 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 000000007C Contact LogicalDescription 0000000033 Contactless RequirementID 0000000020 Contactless KeyConfigID 000000007C Contactless LogicalDescription 0000000033 GND_72K_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000064 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000084 Contact LogicalDescription 0000000033 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000084 Contactless LogicalDescription 0000000033
G&D SmartCafe Expert v3.2 80K preloaded with ActivID Applet	GND_80K_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000031 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000005 Contact KeyConfigID 000000007C Contact LogicalDescription 0000000033 Contactless RequirementID 0000000005 Contactless KeyConfigID 000000007C Contactless LogicalDescription 0000000033 GND_80K_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000031 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000005 Contact KeyConfigID 0000000084 Contact LogicalDescription 0000000033 Contactless RequirementID 0000000005 Contactless KeyConfigID 0000000084 Contactless LogicalDescription 0000000033
G&D SmartCafe Expert v3.2 72K preloaded with ActivID Applet G&D Mobile Security Card (secure microSD) preloaded with ActivID Applet	GND_80K_SCE50_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000068 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 000000007C Contact LogicalDescription 0000000033 Contactless RequirementID 0000000020 Contactless KeyConfigID 000000007C Contactless LogicalDescription 0000000033 GND_80K_SCE50_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000068 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000084 Contact LogicalDescription 0000000033 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000084 Contactless LogicalDescription 0000000033
Gemalto TOP DL GX4 FIPS preloaded with ActivID Applet	GEM_GCX4_144K_V1_PIV_TEST_OPSC_2 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GEM_PIV_TEST_OPSC_2_ENC KMC_CM_GEM_PIV_TEST_OPSC_2_MAC KMC_CM_GEM_PIV_TEST_OPSC_2_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Gemplus-01 CardProductID 0000000017 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007A ContactLogicalDescription 0000000036 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007A ContactlessLogicalDescription 0000000036 GEM_GCX4_144K_V1_PIV_PROD_OPSC_2 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GEM_PIV_PROD_OPSC_2_ENC KMC_CM_GEM_PIV_PROD_OPSC_2_MAC KMC_CM_GEM_PIV_PROD_OPSC_2_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Gemplus-01 CardProductID 0000000017 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007B ContactLogicalDescription 0000000036 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007B ContactlessLogicalDescription 0000000036
NXP JCOP31 v2.4.1 R0 preloaded with ActivID Applet	NXP_JCOP_31_NXP_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_NXP_PIV_TEST_OPSC_1_ENC KMC_CM_NXP_PIV_TEST_OPSC_1_MAC KMC_CM_NXP_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000089 Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000089 Contactless LogicalDescription 0000000035 NXP_JCOP_31_NXP_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_NXP_PIV_PROD_OPSC_1_ENC KMC_CM_NXP_PIV_PROD_OPSC_1_MAC KMC_CM_NXP_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 000000008A Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 000000008A Contactless LogicalDescription 0000000035
HID Crescendo C1100 (JCOP v2.4.1 R3) preloaded with ActivID Applet (requires custom order)	NXP_JCOP_31_NXP_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_NXP_PIV_TEST_OPSC_1_ENC KMC_CM_NXP_PIV_TEST_OPSC_1_MAC KMC_CM_NXP_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000089 Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000089 Contactless LogicalDescription 0000000035 NXP_JCOP_31_NXP_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_NXP_PIV_PROD_OPSC_1_ENC KMC_CM_NXP_PIV_PROD_OPSC_1_MAC KMC_CM_NXP_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID NXP-01 CardProductID 0000000066 PhysicalDescriptionID 000000000A PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 000000008A Contact LogicalDescription 0000000035 Contactless RequirementID 0000000020 Contactless KeyConfigID 000000008A Contactless LogicalDescription 0000000035

PIV FIPS201 F2F Java Card – AI 1024-2048 (7)

Standard PIV+ Profile (800-73-3) with ActivID Applet v2.7.

• Unique Identifier (stored in the card): 20110000000000000000010D

• NIST SP 800-73-3 Support

• 21 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 17 Retired Key Management Keys) loaded by ActivID CMS

• PIV EP Buffer Objects, including Iris, Key History

• Synchronous SKI Object: Download by the server

• Offline / Online Unlock done via XAUTH

• Compatible with Apple Mac TokenD

• All PIV objects configured as optional

Supported Devices	Supported Pre-Issuance IDs
Oberthur ID-One Cosmo v7.0-n 128K preloaded with ActivID Applet	OCS70_128K_OCS_PIV_TEST_OPSC_1_APP27 Description Cards with 2.7 Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_OCS_PIV_TEST_OPSC_1_ENC KMC_CM_OCS_PIV_TEST_OPSC_1_MAC KMC_CM_OCS_PIV_TEST_OPSC_1_KEK Diversification GP211 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Oberthur-01 CardProductID 0000000061 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000052 ContactLogicalDescription 0000000041 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000052 ContactlessLogicalDescription 0000000041 OCS70_128K_OCS_PIV_PROD_OPSC_1_APP27 Description Cards with 2.7 Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_OCS_PIV_PROD_OPSC_1_ENC KMC_CM_OCS_PIV_PROD_OPSC_1_MAC KMC_CM_OCS_PIV _PROD_OPSC_1_KEK Diversification GP211 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Oberthur-01 CardProductID 0000000061 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000053 ContactLogicalDescription 0000000041 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000053 ContactlessLogicalDescription 0000000041
G&D SmartCafe Expert v3.2 144K preloaded with ActivID Applet	GND_144K_SCE32_GDA_PIV_TEST_OPSC_1_APP27 Description Cards with 2.7 Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000030 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007C ContactLogicalDescription 0000000040 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007C ContactlessLogicalDescription 0000000040 GND_144K_SCE32_GDA_PIV_PROD_OPSC_1_APP27 Description Cards with 2.7 Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000030 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000084 ContactLogicalDescription 0000000040 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000084 ContactlessLogicalDescription 0000000040
G&D SmartCafe Expert v5.0 144K preloaded with ActivID Applet	GND_144K_SCE50_GDA_PIV_TEST_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GDA_PIV_TEST_OPSC_1_ENC KMC_CM_GDA_PIV_TEST_OPSC_1_MAC KMC_CM_GDA_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000067 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007C ContactLogicalDescription 0000000033 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007C ContactlessLogicalDescription 0000000033 GND_144K_SCE50_GDA_PIV_PROD_OPSC_1 Description Cards with 2.6.2B Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GDA_PIV_PROD_OPSC_1_ENC KMC_CM_GDA_PIV_PROD_OPSC_1_MAC KMC_CM_GDA_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID GDA-01 CardProductID 0000000067 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000084 ContactLogicalDescription 0000000033 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000084 ContactlessLogicalDescription 0000000033
Gemalto TOP DL GX4 FIPS preloaded with ActivID Applet	GEM_GCX4_144K_V1_PIV_TEST_OPSC_2_APP27 Description Cards with 2.7 Applets Pre-loaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_GEM_PIV_TEST_OPSC_2_ENC KMC_CM_GEM_PIV_TEST_OPSC_2_MAC KMC_CM_GEM_PIV_TEST_OPSC_2_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Gemplus-01 CardProductID 0000000017 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007A ContactLogicalDescription 0000000042 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007A ContactlessLogicalDescription 0000000042 GEM_GCX4_144K_V1_PIV_PROD_OPSC_2_APP27 Description Cards with 2.7 Applets Pre-loaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_GEM_PIV_PROD_OPSC_2_ENC KMC_CM_GEM_PIV_PROD_OPSC_2_MAC KMC_CM_GEM_PIV_PROD_OPSC_2_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID Gemplus-01 CardProductID 0000000017 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 000000007B ContactLogicalDescription 0000000042 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 000000007B ContactlessLogicalDescription 0000000042
HID pivCLASS v1.0 (JCOP v2.4.2 R0) preloaded with ActivID Applet)	HID_CRESC_JCOP_242_PIV_TEST_OPSC_1_APP27 Description Test Cards Manufacturer Key Set KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000095 Contact LogicalDescription 0000000043 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000095 Contactless LogicalDescription 0000000043 HID_CRESC_JCOP_242_PIV_PROD_OPSC_1_APP27 Description Cards with 2.7 Applets Preloaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000096 Contact LogicalDescription 0000000043 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000096 Contactless LogicalDescription 0000000043

PIV FIPS201 F2F Java Card – AI 1024-2048 (8)

Standard PIV+ Profile (800-73-3) with ActivID Applet v2.7.1

• Unique Identifier (stored in the card): 201100000000000000000116

• NIST SP 800-73-3 Support

• 20 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 16 Retired Key Management Keys) loaded by ActivID CMS

• PIV EP Buffer Objects, including Iris, Key History

• Synchronous SKI Object: Download by the server

• Offline / Online Unlock done via XAUTH

• FIPS 140-2 L2 Compliant Profile

• Compatible with Apple Mac TokenD

• All PIV objects configured as optional

Supported Devices

Supported Pre-Issuance IDs

HID pivCLASS v1.0 (JCOP v2.4.2 R0) preloaded with ActivID Applet)

HID_CRESC_JCOP_242_PIV_TEST_OPSC_1_APP271 Description Cards with 2.7.1 Applets Preloaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000095 Contact LogicalDescription 0000000047 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000095 Contactless LogicalDescription 0000000047 HID_CRESC_JCOP_242_PIV_PROD_OPSC_1_APP271 Description Cards with 2.7.1 Applets Preloaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000096 Contact LogicalDescription 0000000047 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000096 Contactless LogicalDescription 0000000047

PIV FIPS201 F2F Java Card – AI 1024-2048 (9)

Standard PIV+ Profile (800-73-3) with ActivID Applet v2.7.1 with 4 PKI PIN. Similar to (8) but with 4 PIN-protected PKI. Not FIPS 140 compliant.

• Unique Identifier (stored in the card): 201100000000000000000124

• NOT recommended for PIV deployments with FIPS 140 requirements

• NIST SP 800-73-3 Support

• 16 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 12 Retired Key Management Keys) loaded by ActivID CMS

• 4 1024/2048-bit keys PKI objects loaded by client

• PIV EP Buffer Objects, including Iris, Key History

• Synchronous SKI Object: Download by the server

• Offline / Online Unlock done via XAUTH

• Profile is not FIPS 140 compliant due to the 4 PIN protected PKI

• Compatible with Apple Mac TokenD

• All PIV objects configured as optional

Supported Devices

Supported Pre-Issuance IDs

HID pivCLASS v1.0 (JCOP v2.4.2 R0) preloaded with ActivID Applet)

HID_CRESC_JCOP_242_PIV_TEST_OPSC_1_APP271 Description Cards with 2.7.1 Applets Preloaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000095 Contact LogicalDescription 0000000047 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000095 Contactless LogicalDescription 0000000047 HID_CRESC_JCOP_242_PIV_PROD_OPSC_1_APP271 Description Cards with 2.7.1 Applets Preloaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000096 Contact LogicalDescription 0000000047 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000096 Contactless LogicalDescription 0000000047

PIV FIPS201 F2F Java Card – AI 1024-2048 (10)

Standard PIV+ Profile (800-73-3) with ActivID Applet v2.7.1. Similar to (8) with improved Win 8/10 compatibility.

• Unique Identifier (stored in the card): 2011FD000000000000000001

• NIST SP 800-73-3 Support

• 20 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 16 Retired Key Management Keys) loaded by ActivID CMS

• PIV EP Buffer Objects, including Iris, Key History

• Synchronous SKI Object: Download by the server

• Offline / Online Unlock done via XAUTH

• FIPS 140-2 L2 Compliant Profile

• Compatible with Apple Mac TokenD

• All PIV objects configured as optional

• For pivCLASS, improved compatibility with Microsoft PIV mini driver on Windows 8 and 10

Supported Devices

Supported Pre-Issuance IDs

HID pivCLASS v1.0 (JCOP v2.4.2 R0) preloaded with ActivID Applet)

HID_CRESC_JCOP_242_PIV_TEST_OPSC_1_APP271 Description Cards with 2.7.1 Applets Preloaded and with PIV TEST Keys Manufacturer Key Set KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000095 Contact LogicalDescription 0000000047 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000095 Contactless LogicalDescription 0000000047 HID_CRESC_JCOP_242_PIV_PROD_OPSC_1_APP271 Description Cards with 2.7.1 Applets Preloaded and with PIV PROD Keys Manufacturer Key Set KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_ENC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_MAC KMC_CM_HIDCRESC_PIV_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000071 PhysicalDescriptionID 0000000005 PackageConfigID FREE Contact RequirementID 0000000007 Contact KeyConfigID 0000000096 Contact LogicalDescription 0000000047 Contactless RequirementID 0000000007 Contactless KeyConfigID 0000000096 Contactless LogicalDescription 0000000047

PIV FIPS201 F2F Java Card – AI 1024-2048 – C1100

Profile for Crescendo C1100 aligned with NIST SP 800-73-3, but no FIPS 140 certification and no contactless interface

• Unique Identifier (stored in the card): 2011FD000000000000000002

• NIST SP 800-73-3 Support

• 6 1024/2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 2 Retired Key Management Keys) loaded by ActivID CMS

• 6 1024/2048-bit keys PKI Objects loaded by ActivID CMS

• PIV EP Buffer Objects, including Iris, Key History

• Synchronous SKI Object: Download by the server

• Offline / Online Unlock done via XAUTH

• FIPS 140-2 L2 Compliant Profile

• Compatible with Apple Mac TokenD

• All PIV objects configured as optional

Supported Devices

Supported Pre-Issuance IDs

HID Crescendo C1100 (JCOP v2.4.1 R3)

HID_CRESC_C1100_GEN_TEST_OPSC_1 Description Test Cards Manufacturer Key Set KMC_CM_HIDCRESC_GENERIC_TEST_OPSC_1_ENC KMC_CM_HIDCRESC_GENERIC_TEST_OPSC_1_MAC KMC_CM_HIDCRESC_GENERIC_TEST_OPSC_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000074 PhysicalDescriptionID 000000000B PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000092 Contact LogicalDescription 0000000040 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000092 Contactless LogicalDescription 0000000040 HID_CRESC_C1100_GEN_PROD_OPSC_1 Description Production Cards Manufacturer Key Set KMC_CM_HIDCRESC_GENERIC_PROD_OPSC_1_ENC KMC_CM_HIDCRESC_GENERIC_PROD_OPSC_1_MAC KMC_CM_HIDCRESC_GENERIC_PROD_OPSC_1_KEK Diversification OP202 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000074 PhysicalDescriptionID 000000000B PackageConfigID FREE Contact RequirementID 0000000020 Contact KeyConfigID 0000000093 Contact LogicalDescription 0000000040 Contactless RequirementID 0000000020 Contactless KeyConfigID 0000000093 Contactless LogicalDescription 0000000040

PIV FIPS201 F2F Java Card – AI 2048 Crescendo 144K FIPS

PIV profile, with extended PKI, for Crescendo 144K FIPS. Cards with ActivID Applets v2.7.3 packages preloaded (ASClib, ACA, GC/PKI, PIV and SMA V3).

• Unique Identifier (stored in the card): 201100000000000000000131

• 9 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 5 Retired Key Management Keys) loaded by ActivID CMS

• 7 2048-bit keys PKI Objects loaded by ActivID CMS

• PIV EP Buffer Objects, except Iris

• PIV AUTHENTICATION, CHUID Card Holder Unique Identifier, and Security Object are mandatory. All other objects are optional.

• Printed Information buffer is optional but is recommended and required for compatibility with the Mac TokenD / PIV Mini Driver.

• In addition to the card pre-issuance keys, the following keys must be present in the HSM A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system. for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

  • MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK (16-byte AES keys)

  • MK_ID_ACE_UNLCK_1_TRIPLE (24-byte DES keys)

Supported Devices

Supported Pre-Issuance IDs

Crescendo 144K FIPS (G&D SCE 7.0 144K) preloaded with ActivID Applet

HID_CRESC_144K_FIPS_DEFAULT Description HID Crescendo 144K FIPS Cards with Default Key and Applets 2.7.3 Pre-loaded Manufacturer Key Set VOP_ISK_AES_16_1_ENC VOP_ISK_AES_16_1_MAC VOP_ISK_AES_16_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID VOP_ISK_AES_16 ContactLogicalDescription 0000000054 ContactlessRequirementID 0000000007 ContactlessKeyConfigID VOP_ISK_AES_16 ContactlessLogicalDescription 0000000054 HID_CRESC_144K_FIPS_CUSTOM Description HID Crescendo 144K FIPS (Dual Interface) Cards with CUSTOM Key and Applets 2.7.3 Pre-loaded Manufacturer Key Set KMC_CM_HIDCRESC_CUST_AES_16_1 Diversification GPSCP03 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000118 ContactLogicalDescription 0000000054 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000118 ContactlessLogicalDescription 0000000054

PIV FIPS201 F2F Java Card – AI 2048 Crescendo PIV

PIV profile, with extended PKI, for Crescendo PIV. Cards with ActivID Applets v2.7.5 packages preloaded (ASClib, ACA, GC/PKI, PIV and SMA V3).

• Unique Identifier (stored in the card): 201100000000000000000135

• 9 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication, 5 Retired Key Management Keys) loaded by ActivID CMS

• 7 2048-bit keys PKI Objects loaded by ActivID CMS

• PIV EP Buffer Objects, except Iris

• PIV AUTHENTICATION, CHUID, and Security Object are mandatory. All other objects are optional.

• Printed Information buffer is optional but is recommended and required for compatibility with the MAC Tokend / PIV Mini Driver.

• PIN Numeric Only

• In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

  • For the pre-issuance Card AES 128: MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK (16-byte AES keys)

  • For the pre-issuance Card AES 256: MK_CM_ACE_AES_32_OPSC_1_ENC, _MAC, _KEK (32-byte AES keys)

  • MK_ID_ACE_UNLCK_1_TRIPLE (24-byte DES keys)

Supported Devices

Supported Pre-Issuance IDs

Crescendo PIV (G&D SCE 7.0 144K) preloaded with ActivID Applet 2.7.5

HID_CRESC_PIV_DEFAULT Description HID Crescendo PIV (Dual Interface) Cards with Default Key and Applets 2.7.5 Pre-loaded Manufacturer Key Set VOP_ISK_AES_16_1_ENC VOP_ISK_AES_16_1_MAC VOP_ISK_AES_16_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID VOP_ISK_AES_16 ContactLogicalDescription 0000000055 ContactlessRequirementID 0000000007 ContactlessKeyConfigID VOP_ISK_AES_16 ContactlessLogicalDescription 0000000055 HID_CRESC_PIV_CUSTOM Description HID Crescendo PIV (Dual Interface) Cards with CUSTOM Key and Applets 2.7.5 Pre-loaded Manufacturer Key Set KMC_CM_HIDCRESC_CUST_AES_16_1 Diversification GPSCP03 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000118 ContactLogicalDescription 0000000055 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000118 ContactlessLogicalDescription 0000000055 HID_CRESC_PIV_32_DEFAULT Description HID Crescendo PIV (Dual Interface) Cards with Default Key and Applets 2.7.5 Pre-loaded Manufacturer Key Set VOP_ISK_AES_32_1_ENC VOP_ISK_AES_32_1_MAC VOP_ISK_AES_32_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID VOP_ISK_AES_32 ContactLogicalDescription 0000000055 ContactlessRequirementID 0000000007 ContactlessKeyConfigID VOP_ISK_AES_32 ContactlessLogicalDescription 0000000055 HID_CRESC_PIV_32_CUSTOM Description HID Crescendo PIV (Dual Interface) Cards with CUSTOM Key and Applets 2.7.5 Pre-loaded Manufacturer Key Set KMC_CM_HIDCRESC_CUST_AES_32_1 Diversification GPSCP03 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000123 ContactLogicalDescription 0000000055 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000123 ContactlessLogicalDescription 0000000055 HID_CRESC_PIV_32_DEFAULT_2 Description HID Crescendo PIV (Dual Interface) Cards with Default Key and Applets 2.7.5 Pre-loaded Manufacturer Key Set VOP_ISK_AES_32_1_ENC VOP_ISK_AES_32_1_MAC VOP_ISK_AES_32_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000008 ContactKeyConfigID VOP_ISK_AES_32 ContactLogicalDescription 0000000055 HID_CRESC_PIV_32_CUSTOM_2 Description HID Crescendo PIV (Dual Interface) Cards with CUSTOM Key and Applets 2.7.5 Pre-loaded Manufacturer Key Set KMC_CM_HIDCRESC_CUST_AES_32_1 Diversification GPSCP03 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000082 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000008 ContactKeyConfigID 0000000123 ContactLogicalDescription 0000000055

PIV / CIV - Crescendo FIPS

PIV / CIV profile for Crescendo 2300 FIPS and Crescendo Key FIPS.

• Unique Identifier (stored in the card): 201100000000000000000150

• Devices with ActivID Applets v3.0 packages preloaded (ASClib, ACA, HMAClib and PIVEXT)

• Profile based on ActivID Applets 3.0

• 14 keys PIV PKI Objects (PIV Authentication, PIV Digital Signature PIN Always, PIV Key Management Key, PIV Card Authentication (RSA 2048, ECC 256 or ECC 384), and 10 Retired Key Management Keys) loaded by ActivID CMS

  Note: In the current version of ActivID CMS, ECC keys can only be used with Card Authentication applications for the Microsoft CA. In addition, ECC certificates only support the ECDSA_256 and ECDSA_384 algorithms.

• PIV EP Buffer Objects, except Iris object

• NIST SP 800-73-4 Support

• Minimum PIN Length 6 / Maximum PIN Length 8

• PIN Numeric Only

• In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

  • MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

Supported Devices	Supported Pre-Issuance IDs
Crescendo C2300 FIPS (JCOP 3 SecID P60 CS) preloaded with ActivID Applet 3.0	HID_CRESC_2300_FIPS_DEFAULT Description HID Crescendo 2300 FIPS (Dual Interface) Cards with Default Key and Applets 3.0 Pre-loaded Manufacturer Key Set VOP_ISK_AES_16_1_ENC VOP_ISK_AES_16_1_MAC VOP_ISK_AES_16_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000084 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID VOP_ISK_AES_16 ContactLogicalDescription 0000000058 ContactlessRequirementID 0000000007 ContactlessKeyConfigID VOP_ISK_AES_16 ContactlessLogicalDescription 0000000058 HID_CRESC_2300_FIPS_CUSTOM Description HID Crescendo 2300 FIPS (Dual Interface) Cards with CUSTOM Key and Applets 3.0 Pre-loaded Manufacturer Key Set KMC_CM_HIDCRESC_CUST_AES_16_1 Diversification GPSCP03 Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000084 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000118 ContactLogicalDescription 0000000058 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000118 ContactlessLogicalDescription 0000000058
Crescendo Key FIPS (JCOP 3 SecID P60 CS) preloaded with ActivID Applet 3.0	HID_CRESC_KEY_FIPS_DEFAULT Description HID Crescendo Key FIPS with Default Key and Applets 3.0 Pre-loaded Manufacturer Key Set VOP_ISK_AES_16_1_ENC VOP_ISK_AES_16_1_MAC VOP_ISK_AES_16_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000089 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID VOP_ISK_AES_16 ContactLogicalDescription 0000000058 ContactlessRequirementID 0000000007 ContactlessKeyConfigID VOP_ISK_AES_16 ContactlessLogicalDescription 0000000058

Crescendo 4000

PIV profile for Crescendo 4000.

• Unique Identifier (stored in the card): 201100000000000000000153

• Devices with ActivID Applets v4.0 packages preloaded (ASCLib, CRYPTOLib, ACA, PIVEXT, OATH and FIDO)

• Profile based on ActivID Applets 4.0

• 24 keys PIV PKI Objects (PIV Authentication, PIV Digital Signature PIN Once, PIV Card Authentication, PIV Encryption, and 20 Retired Key Management Keys) loaded by CMS

• PIV EP Buffer Objects: Discovery Object, CHUID, CCC, Printed Information, Key History Object, Facial Image, Iris, Fingerprints, Security Object

• FIDO (CTAP2 / U2F support)^(*) Can be disabled in the policy

• PIN can be shared between PIV and FIDO applet

• Minimum PIN Length 4 / Maximum PIN Length 25

  Note: If the Maximum PIN Length is set to a value greater than 8, then the card will not be usable with the Microsoft PIV Minidriver, whatever the PIN-shared configuration, nor with FIDO when the PIN is shared between PIV and FIDO. To manage PINs with more than 8 characters, this profile requires ActivClient 7.4.1 (or higher) and HID Crescendo 2300 Mini Driver 1.2 (or higher).

• PIN can be configured to be Alphanumeric or Numeric Only.

  Note: If the Maximum PIN Length is set to a value greater than 8, then the PIN cannot be configured as Numeric Only.

• Contactless firewall can be enabled / disabled in the policy (when disabled, the PIV / OATH operations can be done with a contactless reader).

• OATH HOTP, TOTP and OCRA support

• In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

  • MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

^(*) During a recycle operation (that is, card re-issuance), the FIDO credentials are reset.

Supported Devices

Supported Pre-Issuance IDs

Crescendo C4000 (JCOP 4.5 SecID P60 CS)

HID_CRESC_4000_DEFAULT Description HID Crescendo 4000 (Dual Interface) Cards with Default Key and Applets 4.0 Pre-loaded Manufacturer Key Set VOP_ISK_AES_16_1_ENC VOP_ISK_AES_16_1_MAC VOP_ISK_AES_16_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000094 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID VOP_ISK_AES_16 ContactLogicalDescription 0000000067 ContactlessRequirementID 0000000007 ContactlessKeyConfigID VOP_ISK_AES_16 ContactlessLogicalDescription 0000000067 HID_CRESC_4000_CUSTOM Description HID Crescendo 4000 (Dual Interface) Cards with CUSTOM Key and Applets 4.0 Pre-loaded Manufacturer Key Set KMC_CM_HIDCRESC_CUST_AES_16_1 Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000094 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000118 ContactLogicalDescription 0000000067 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000118 ContactlessLogicalDescription 0000000067

Crescendo 4000 FIPS

PIV profile for Crescendo 4000 FIPS.

• Unique Identifier (stored in the card): 201100000000000000000154

• Devices with ActivID Applets v4.0 packages preloaded (ASCLib, CRYPTOLib, ACA, PIVEXT, OATH and FIDO)

• Profile based on ActivID Applets 4.0

• 24 keys PIV PKI Objects (PIV Authentication, PIV Digital Signature PIN Always, PIV Card Authentication, PIV Encryption, and 20 Retired Key Management Keys) loaded by CMS

• PIV EP Buffer Objects: Discovery Object, CHUID, CCC, Printed Information, Key History Object, Facial Image, Iris, Fingerprints, Security Object

• FIDO (CTAP2 / U2F support)^(*) Can be disabled in the policy

• PIN is shared between PIV and FIDO applet

• Minimum PIN Length 6 / Maximum PIN Length 8

• PIN can be configured to be Alphanumeric or Numeric Only.

• OATH HOTP, TOTP and OCRA support

• In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

  • MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

^(*) During a recycle operation (that is, card re-issuance), the FIDO credentials are reset.

Supported Devices

Supported Pre-Issuance IDs

Crescendo C4000 FIPS (JCOP 4.5 SecID P60 CS)

HID_CRESC_4000_FIPS_DEFAULT Description HID Crescendo 4000 FIPS (Dual Interface) Cards with Default Key and Applets 4.0 Pre-loaded Manufacturer Key Set VOP_ISK_AES_16_1_ENC VOP_ISK_AES_16_1_MAC VOP_ISK_AES_16_1_KEK Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000096 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID VOP_ISK_AES_16 ContactLogicalDescription 0000000067 ContactlessRequirementID 0000000007 ContactlessKeyConfigID VOP_ISK_AES_16 ContactlessLogicalDescription 0000000067 HID_CRESC_4000_FIPS_CUSTOM Description HID Crescendo 4000 FIPS (Dual Interface) Cards with CUSTOM Key and Applets 4.0 Pre-loaded Manufacturer Key Set KMC_CM_HIDCRESC_CUST_AES_16_1 Diversification NONE Key Set Version / Index 0x01/0x00 Logical Scheme 2 ManufacturerID HID-01 CardProductID 0000000096 PhysicalDescriptionID 0000000005 PackageConfigID FREE ContactRequirementID 0000000007 ContactKeyConfigID 0000000118 ContactLogicalDescription 0000000067 ContactlessRequirementID 0000000007 ContactlessKeyConfigID 0000000118 ContactlessLogicalDescription 0000000067