FIPS 201 CIV Profiles (Third-Party Applets)

CIV – OT 2.3.5 / 2.4.0 – 2048

CIV Profile with OT End-Point applets v2.3.5 / 2.4.0. Card with Oberthur PIV applet v2.3.5 or v2.4.0.

  • Profile aligned with NIST SP 800-73-3, for Commercial Identity Verification (CIV) cards: similar card edge as PIV for US Government employees, but for the commercial world, without any trust to the US Federal bridge.

  • Supports SP 800-73-3 objects, including PIV Discovery, Iris, Key History and Key Management Key objects. It can accommodate 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • CHUID, Printed Information, PKI AUTHENTICATE objects are mandatory. All other objects are optional.

  • Compatible with Apple Mac TokenD

  • Only for Oberthur PIV cards with PIV applet v2.3.5 or v2.4.0.

  • In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

    • For the pre-issuance Card AES 128: MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

    • For the pre-issuance Card AES 256: MK_CM_ACE_AES_32_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_32 (32-byte AES keys)

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One PIV 2.3.5 on Cosmo v8
Oberthur ID-One PIV 2.4.0 on Cosmo v8