FIPS 201 PIV Profiles (Service Bureau)

Note:  

  • For Gemalto PIV profile (that is, card with Gemalto PIV applet v1.20), it is necessary to obtain a Gemalto PIV card with configuration “USG 010”.

  • For Oberthur PIV profile, ActivID CMS 4.0 SP2 expects Cosmo card with BAP# 81758.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.2, use BAP #087282.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.5, use BAP #087420 / #087424 / #087465.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.4.0, use BAP #087434.

  • For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.1, use BAP #087484

  • For PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048 profile, PIN is numeric only.

These profiles activate the PIV cards personalized by the card manufacturer service bureau. The card activation Card activation refers to the unlocking of an application or GlobalPlatform locked card. This operation is usually associated with batch issuance and help desk operations. In the context of PIV, card activation implies PIN authentication to the PIV card to “activate” privileged operations. In the context of BMS, card activation refers to the tasks required to complete the issuance of a card after its receipt from the service bureau that produced it process consists of:

  • Injecting and generating the PKI credentials (PKI 1024 or 2048),

  • Swapping the Card Manager keys,

  • Swapping the PIV Card Administrator key (9B), and

  • Setting up the PIV Local PIN for the user and setting up the PUK.

PIV FIPS201 SB Activation Java Card – OT 2.3.2 – 2048

PIV2 Activation Profile with OT End-Point applets v2.3.2 (SP 800-73-3). Card with Oberthur PIV applet v2.3.2.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One PIV 2.3.2 on Cosmo v7

Description

OT 7.0 128K FIPS PIV 2.3.2 Sample Stack with PIV TEST Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

SD Manufacturer Key Set

KMC_SD_OCS_PIV_TEST_AES_OPSC_1_ENC

KMC_SD_OCS_PIV_TEST_AES_OPSC_1_MAC

KMC_SD_OCS_PIV_TEST_AES_OPSC_1_KEK

CM / SD Diversification

GP211

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_TRIPLE

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000061

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000070

ContactLogicalDescription

000000003C

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000070

ContactlessLogicalDescription

000000003C

Description

OT 7.0 128K FIPS PIV 2.3.2 Sample Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

SD Manufacturer Key Set

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_ENC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_MAC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_KEK

CM / SD Diversification

GP211

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_TRIPLE

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000061

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000071

ContactLogicalDescription

000000003D

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

000000003D

Description

OT 7.0 128K FIPS PIV 2.3.2 Full Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

SD Manufacturer Key Set

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_ENC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_MAC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_KEK

CM / SD Diversification

GP211

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_TRIPLE

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000061

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

0000000071

ContactLogicalDescription

000000003D

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000071

ContactlessLogicalDescription

000000003D

PIV FIPS201 SB Activation Java Card – OT 2.3.5 / 2.4.0 – 2048

PIV2 Activation Profile with OT End-Point applets v2.3.5 / 2.4.0 (SP 800-73-4). Card with Oberthur PIV applet v2.3.5 or v2.4.0.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One PIV 2.3.5 on Cosmo v8

Description

OT 8.0 FIPS PIV 2.3.5 Sample Stack with PIV SB TEST Key

Card specification

PIV 2.3.5 AES 256

PIV 2.3.5 AES 128

Key length supported

256-bit Keys

128-bit Keys

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_KEK

KMC_CM_OCS_PIV_SB_TEST_AES_16_1_ENC

KMC_CM_OCS_PIV_SB_TEST_AES_16_1_MAC

KMC_CM_OCS_PIV_SB_TEST_AES_16_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

PIV_OCS_CARD_ADMIN_KEY_SB_AES_16

Initial 9B Key AlgoID

0C

08

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000081

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000112

ContactLogicalDescription

0000000052

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000112

ContactlessLogicalDescription

0000000052

Description

OT 8.0 FIPS PIV 2.3.5 Sample Stack with PIV SB PROD Key

Card specification

PIV 2.3.5 AES 256

PIV 2.3.5 AES 128

Key length supported

256-bit Keys

128-bit Keys

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_KEK

KMC_CM_OCS_PIV_SB_PROD_AES_16_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_16_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_16_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

PIV_OCS_CARD_ADMIN_KEY_SB_AES_16

Initial 9B Key AlgoID

0C

08

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000081

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000113

ContactLogicalDescription

0000000052

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000113

ContactlessLogicalDescription

0000000052

Description

OT 8.0 FIPS PIV 2.3.5 Full Stack with PIV SB PROD Key

Card specification

PIV 2.3.5 AES 256

PIV 2.3.5 AES 128

Key length supported

256-bit Keys

128-bit Keys

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_KEK

KMC_CM_OCS_PIV_SB_PROD_AES_16_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_16_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_16_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

PIV_OCS_CARD_ADMIN_KEY_SB_AES_16

Initial 9B Key AlgoID

0C

08

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000081

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

0000000113

ContactLogicalDescription

0000000052

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000113

ContactlessLogicalDescription

0000000052
Oberthur ID-One PIV 2.4.0 on Cosmo v8

Description

OT 8.0 FIPS PIV 2.4.0 Sample Stack with PIV SB TEST Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000081

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000112

ContactLogicalDescription

0000000053

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000112

ContactlessLogicalDescription

0000000053

Description

OT 8.0 FIPS PIV 2.4.0 Sample Stack with PIV SB PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000081

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000113

ContactLogicalDescription

0000000053

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000113

ContactlessLogicalDescription

0000000053

Description

OT 8.0 FIPS PIV 2.4.0 Full Stack with PIV SB PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000081

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

0000000113

ContactLogicalDescription

0000000053

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000113

ContactlessLogicalDescription

0000000053

PIV FIPS201 SB Activation Java Card - IDEMIA ID-One PIV 2.4.1 - 2048

PIV2 Activation Profile with IDEMIA End-Point applets v2.4.1 (SP800-73-4). Card with IDEMIA PIV applet v2.4.1.

Supported Devices

Supported Pre-Issuance IDs

IDEMIA ID-One PIV 2.4.1 on Cosmo v8.1 (BAP 087484)

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Sample Stack with PIV SB TEST Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_TEST_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000112

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000112

ContactlessLogicalDescription

0000000056

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Sample Stack with PIV SB PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000113

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000113

ContactlessLogicalDescription

0000000056

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Full Stack with PIV SB PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_SB_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

0000000113

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000113

ContactlessLogicalDescription

0000000056