FIPS 201 CIV Profiles (Third-Party Applets)
CIV – OT 2.3.5 / 2.4.0 – 2048
CIV Profile with OT End-Point applets v2.3.5 / 2.4.0. Card with Oberthur PIV applet v2.3.5 or v2.4.0.
-
Profile aligned with NIST SP 800-73-3, for Commercial Identity Verification (CIV) cards: similar card edge as PIV for US Government employees, but for the commercial world, without any trust to the US Federal bridge.
-
Supports SP 800-73-3 objects, including PIV Discovery, Iris, Key History and Key Management Key objects. It can accommodate 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).
-
CHUID, Printed Information, PKI AUTHENTICATE objects are mandatory. All other objects are optional.
-
Compatible with Apple Mac TokenD
-
Only for Oberthur PIV cards with PIV applet v2.3.5 or v2.4.0.
-
In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:
-
For the pre-issuance Card AES 128: MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)
-
For the pre-issuance Card AES 256: MK_CM_ACE_AES_32_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_32 (32-byte AES keys)
|
Supported Devices
|
Supported Pre-Issuance IDs
|
| Oberthur ID-One PIV 2.3.5 on Cosmo v8 |
 5_OCS_PIV_235_TEST_OPSC_1
|
Description
|
OT 8.0 FIPS PIV 2.3.5 Sample Stack with PIV TEST Key
|
|
Card specification
|
PIV 2.3.5 AES 256
|
PIV 2.3.5 AES 128
|
|
Key length supported
|
256-bit Keys
|
128-bit Keys
|
|
CM Manufacturer Key Set
|
KMC_CM_OCS_PIV_TEST_AES_32_1_ENC
KMC_CM_OCS_PIV_TEST_AES_32_1_MAC
KMC_CM_OCS_PIV_TEST_AES_32_1_KEK
|
KMC_CM_OCS_PIV_TEST_AES_16_1_ENC
KMC_CM_OCS_PIV_TEST_AES_16_1_MAC
KMC_CM_OCS_PIV_TEST_AES_16_1_KEK
|
|
CM Diversification
|
GPSCP03
|
|
Key Set Version / Index
|
0x01/0x00
|
|
Initial 9B key Label
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_16
|
|
Initial 9B Key AlgoID
|
0C
|
08
|
|
Logical Scheme
|
2
|
|
ManufacturerID
|
Oberthur-01
|
|
CardProductID
|
0000000081
|
|
PhysicalDescriptionID
|
0000000005
|
|
PackageConfigID
|
0000000002
|
|
ContactRequirementID
|
0000000007
|
|
ContactKeyConfigID
|
0000000110
|
|
ContactLogicalDescription
|
0000000052
|
|
ContactlessRequirementID
|
0000000007
|
|
ContactlessKeyConfigID
|
0000000110
|
|
ContactlessLogicalDescription
|
0000000052
|
5_OCS_PIV_235_PROD_OPSC_1
|
Description
|
OT 8.0 FIPS PIV 2.3.5 Sample Stack with PIV PROD Key
|
|
Card specification
|
PIV 2.3.5 AES 256
|
PIV 2.3.5 AES 128
|
|
Key length supported
|
256-bit Keys
|
128-bit Keys
|
|
CM Manufacturer Key Set
|
KMC_CM_OCS_PIV_PROD_AES_32_1_ENC
KMC_CM_OCS_PIV_PROD_AES_32_1_MAC
KMC_CM_OCS_PIV_PROD_AES_32_1_KEK
|
KMC_CM_OCS_PIV_PROD_AES_16_1_ENC
KMC_CM_OCS_PIV_PROD_AES_16_1_MAC
KMC_CM_OCS_PIV_PROD_AES_16_1_KEK
|
|
CM Diversification
|
GPSCP03
|
|
Key Set Version / Index
|
0x01/0x0
|
|
Initial 9B key Label
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_16
|
|
Initial 9B Key AlgoID
|
0C
|
08
|
|
Logical Scheme
|
2
|
|
ManufacturerID
|
Oberthur-01
|
|
CardProductID
|
0000000081
|
|
PhysicalDescriptionID
|
0000000005
|
|
PackageConfigID
|
0000000002
|
|
ContactRequirementID
|
0000000007
|
|
ContactKeyConfigID
|
0000000111
|
|
ContactLogicalDescription
|
0000000052
|
|
ContactlessRequirementID
|
0000000007
|
|
ContactlessKeyConfigID
|
0000000111
|
|
ContactlessLogicalDescription
|
0000000052
|
100_OCS_PIV_235_PROD_OPSC_1
|
Description
|
OT 8.0 FIPS PIV 2.3.5 Full Stack with PIV PROD Key
|
|
Card specification
|
PIV 2.3.5 AES 256
|
PIV 2.3.5 AES 128
|
|
Key length supported
|
256-bit Keys
|
128-bit Keys
|
|
CM Manufacturer Key Set
|
KMC_CM_OCS_PIV_PROD_AES_32_1_ENC
KMC_CM_OCS_PIV_PROD_AES_32_1_MAC
KMC_CM_OCS_PIV_PROD_AES_32_1_KEK
|
KMC_CM_OCS_PIV_PROD_AES_16_1_ENC
KMC_CM_OCS_PIV_PROD_AES_16_1_MAC
KMC_CM_OCS_PIV_PROD_AES_16_1_KEK
|
|
CM Diversification
|
GPSCP03
|
|
Key Set Version / Index
|
0x01/0x0
|
|
Initial 9B key Label
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_16
|
|
Initial 9B Key AlgoID
|
0C
|
08
|
|
Logical Scheme
|
2
|
|
ManufacturerID
|
Oberthur-01
|
|
CardProductID
|
0000000081
|
|
PhysicalDescriptionID
|
0000000005
|
|
PackageConfigID
|
0000000001
|
|
ContactRequirementID
|
0000000007
|
|
ContactKeyConfigID
|
0000000111
|
|
ContactLogicalDescription
|
0000000052
|
|
ContactlessRequirementID
|
0000000007
|
|
ContactlessKeyConfigID
|
0000000111
|
|
ContactlessLogicalDescription
|
0000000052
|
|
| Oberthur ID-One PIV 2.4.0 on Cosmo v8 |
5_OCS_PIV_240_TEST_OPSC_1
|
Description
|
OT 8.0 FIPS 2.4.0 Sample Stack with PIV TEST Key
|
|
CM Manufacturer Key Set
|
KMC_CM_OCS_PIV_TEST_AES_32_1_ENC
KMC_CM_OCS_PIV_TEST_AES_32_1_MAC
KMC_CM_OCS_PIV_TEST_AES_32_1_KEK
|
|
CM Diversification
|
GPSCP03
|
|
Key Set Version / Index
|
0x01/0x00
|
|
Initial 9B key Label
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
|
|
Initial 9B Key AlgoID
|
0C
|
|
Logical Scheme
|
2
|
|
ManufacturerID
|
Oberthur-01
|
|
CardProductID
|
0000000081
|
|
PhysicalDescriptionID
|
0000000005
|
|
PackageConfigID
|
0000000002
|
|
ContactRequirementID
|
0000000007
|
|
ContactKeyConfigID
|
0000000110
|
|
ContactLogicalDescription
|
0000000053
|
|
ContactlessRequirementID
|
0000000007
|
|
ContactlessKeyConfigID
|
0000000110
|
|
ContactlessLogicalDescription
|
0000000053
|
5_OCS_PIV_240_PROD_OPSC_1
|
Description
|
OT 8.0 FIPS PIV 2.4.0 Sample Stack with PIV PROD Key
|
|
CM Manufacturer Key Set
|
KMC_CM_OCS_PIV_PROD_AES_32_1_ENC
KMC_CM_OCS_PIV_PROD_AES_32_1_MAC
KMC_CM_OCS_PIV_PROD_AES_32_1_KEK
|
|
CM Diversification
|
GPSCP03
|
|
Key Set Version / Index
|
0x01/0x0
|
|
Initial 9B key Label
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
|
|
Initial 9B Key AlgoID
|
0C
|
|
Logical Scheme
|
2
|
|
ManufacturerID
|
Oberthur-01
|
|
CardProductID
|
0000000081
|
|
PhysicalDescriptionID
|
0000000005
|
|
PackageConfigID
|
0000000002
|
|
ContactRequirementID
|
0000000007
|
|
ContactKeyConfigID
|
0000000111
|
|
ContactLogicalDescription
|
0000000053
|
|
ContactlessRequirementID
|
0000000007
|
|
ContactlessKeyConfigID
|
0000000111
|
|
ContactlessLogicalDescription
|
0000000053
|
100_OCS_PIV_240_PROD_OPSC_1
|
Description
|
OT 8.0 FIPS PIV 2.4.0 Full Stack with PIV PROD Key
|
|
CM Manufacturer Key Set
|
KMC_CM_OCS_PIV_PROD_AES_32_1_ENC
KMC_CM_OCS_PIV_PROD_AES_32_1_MAC
KMC_CM_OCS_PIV_PROD_AES_32_1_KEK
|
|
CM Diversification
|
GPSCP03
|
|
Key Set Version / Index
|
0x01/0x0
|
|
Initial 9B key Label
|
PIV_OCS_CARD_ADMIN_KEY_SB_AES_32
|
|
Initial 9B Key AlgoID
|
0C
|
|
Logical Scheme
|
2
|
|
ManufacturerID
|
Oberthur-01
|
|
CardProductID
|
0000000081
|
|
PhysicalDescriptionID
|
0000000005
|
|
PackageConfigID
|
0000000001
|
|
ContactRequirementID
|
0000000007
|
|
ContactKeyConfigID
|
0000000111
|
|
ContactLogicalDescription
|
0000000053
|
|
ContactlessRequirementID
|
0000000007
|
|
ContactlessKeyConfigID
|
0000000111
|
|
ContactlessLogicalDescription
|
0000000053
|
|
