FIPS 201 PIV Profiles (Third-Party Applets, Face to Face)

Important:
These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.
Note:

  • For Gemalto PIV profile (that is, the card with Gemalto PIV applet v1.20), it is necessary to obtain a Gemalto PIV card with configuration “USG 010”.

  • For Oberthur PIV profile, ActivID CMS 4.0 SP2 expects Cosmo card with BAP# 81758.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.2, use BAP #087282.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.3.5, use BAP #087420 / #087424 / #087465.

  • For Oberthur PIV profiles with Oberthur PIV applet 2.4.0, use BAP #087434.

  • For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.1, use BAP #087484.

  • For IDEMIA PIV profiles with IDEMIA PIV applet 2.4.2, use BAP #087584.

PIV FIPS201 F2F Java Card – Gemalto

PIV2 Profile with Gemalto SafesITe applets v1.20

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Can accommodate 1024 and 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • Only for Gemalto PIV cards.

Supported Devices

Supported Pre-Issuance IDs

Gemalto TOP DM GX4 FIPS Standard

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000067

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000067

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

GEMPLUS_ENC

GEMPLUS_MAC

GEMPLUS_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000074

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000074

ContactlessLogicalDescription

0000000022

PIV FIPS201 F2F Java Card – Gemalto 1.55 – 2048

PIV2 Profile with Gemalto applets V1.55 (SP 800-73-3)

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Supports SP 800-73-3 objects, including PIV Discovery, Iris, Key History and Key Management Key objects. It can accommodate 2048-bit keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • Only for Gemalto PIV cards with PIV applet v1.55.

Supported Devices

Supported Pre-Issuance IDs

Gemalto TOP DL GX4 FIPS v1
with PIV application

Description

Gemplus GCX4 PIV 1.55 Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

 0000000067

ContactLogicalDescription

0000000048

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000067

ContactlessLogicalDescription

0000000048

Description

Gemplus GCX4 PIV 1.55 Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000048

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000048

Description

Gemplus GCX4 PIV 1.55 Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068 

ContactLogicalDescription

0000000048

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068 

ContactlessLogicalDescription

0000000048

PIV FIPS201 F2F Java Card – OCS

PIV2 Profile with OCS End-Point applets v1.08

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Can accommodate 1024-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • Only for Oberthur PIV cards.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000052

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000056

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV SDK Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SDK_OPSC_1_ENC

KMC_CM_OCS_PIV_SDK_OPSC_1_MAC

KMC_CM_OCS_PIV_SDK_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000058

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000058

ContactlessLogicalDescription

0000000020

PIV FIPS201 F2F Java Card – OCS 1024-2048

PIV2 Profile with OCS End-Point applets v1.08

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Can accommodate 1024 and 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • Only for Oberthur PIV cards.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000052

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000056

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV SDK Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SDK_OPSC_1_ENC

KMC_CM_OCS_PIV_SDK_OPSC_1_MAC

KMC_CM_OCS_PIV_SDK_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000058

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000058

ContactlessLogicalDescription

0000000020

PIV FIPS201 F2F Java Card – OCS 2048

PIV2 Profile with OCS End-Point applets v1.08

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Can accommodate 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • Only for Oberthur PIV cards.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000052

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000056

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV SDK Key

Manufacturer Key Set

KMC_CM_OCS_PIV_SDK_OPSC_1_ENC

KMC_CM_OCS_PIV_SDK_OPSC_1_MAC

KMC_CM_OCS_PIV_SDK_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000058

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000058

ContactlessLogicalDescription

0000000020

PIV FIPS201 F2F Java Card - IDEMIA ID-One PIV 2.4.1 - 2048

PIV2 Profile with IDEMIA End-Point applets v2.4.1 (SP800-73-4)

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Supports SP 800-73-3 objects, including PIV Discovery, Iris, Key History and Key Management Key objects. It can accommodate 2048-bit PKI keys and the full set of PIV objects is loaded by ActivID CMS (PIV mandatory and optional objects).

  • Only for IDEMIA PIV cards with PIV applet v2.4.1.

  • Replaced by PIV FIPS201 F2F Java Card - IDEMIA ID-One PIV 2.4.X - 2048 profile.

  • PIN is numeric only.

  • In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

    • For the pre-issuance Card AES 128: MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

    • For the pre-issuance Card AES 256: MK_CM_ACE_AES_32_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_32 (32-byte AES keys)

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One PIV 2.4.1 on Cosmo v8.1 (BAP 087484)

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Sample Stack with PIV TEST Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_AES_32_1_ENC

KMC_CM_OCS_PIV_TEST_AES_32_1_MAC

KMC_CM_OCS_PIV_TEST_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000110

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000110

ContactlessLogicalDescription

0000000056

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Sample Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000111

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000111

ContactlessLogicalDescription

0000000056

Description

IDEMIA v8.1 with ID-One PIV 2.4.1 Full Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000083

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

0000000111

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000111

ContactlessLogicalDescription

0000000056

PIV FIPS201 F2F Java Card - IDEMIA ID-One PIV 2.4.2 - 2048

PIV2 Profile with IDEMIA End-Point applets v2.4.2 (SP800-73-4)

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Supports SP 800-73-4 objects, including PIV Discovery, Iris, Key History and Key Management Key objects.

  • Only for IDEMIA PIV cards with PIV applet v2.4.2.

  • Replaced by PIV FIPS201 F2F Java Card - IDEMIA ID-One PIV 2.4.X - 2048 profile.

  • PIN is numeric only.

  • In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

    • For the pre-issuance Card AES 128: MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

    • For the pre-issuance Card AES 256: MK_CM_ACE_AES_32_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_32 (32-byte AES keys)

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One PIV 2.4.2 on Cosmo v8.2 (BAP 087584)

Description

IDEMIA v8.2 with ID-One PIV 2.4.2 Sample Stack with PIV TEST Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_AES_32_1_ENC

KMC_CM_OCS_PIV_TEST_AES_32_1_MAC

KMC_CM_OCS_PIV_TEST_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000088

PhysicalDescriptionID

0000000005

PackageConfigID

FREE

ContactRequirementID

0000000007

ContactKeyConfigID

0000000110

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000110

ContactlessLogicalDescription

0000000056

Description

IDEMIA v8.2 with ID-One PIV 2.4.2 Sample Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_AES_32_1_ENC

KMC_CM_OCS_PIV_PROD_AES_32_1_MAC

KMC_CM_OCS_PIV_PROD_AES_32_1_KEK

CM Diversification

GPSCP03

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_AES_32

Initial 9B Key AlgoID

0C

Logical Scheme

2

ManufacturerID

IDEMIA-01

CardProductID

0000000088

PhysicalDescriptionID

0000000005

PackageConfigID

FREE

ContactRequirementID

0000000007

ContactKeyConfigID

0000000111

ContactLogicalDescription

0000000056

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000111

ContactlessLogicalDescription

0000000056

PIV FIPS201 F2F Java Card – OT 2.3.2 – 2048

PIV2 Profile with OT End-Point applets v2.3.2 (SP 800-73-3)

Important:
This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One PIV 2.3.2 on Cosmo v7

Description

OT 7.0 128K FIPS PIV 2.3.2 Sample Stack with PIV TEST Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

SD Manufacturer Key Set

KMC_SD_OCS_PIV_TEST_AES_OPSC_1_ENC

KMC_SD_OCS_PIV_TEST_AES_OPSC_1_MAC

KMC_SD_OCS_PIV_TEST_AES_OPSC_1_KEK

CM/SD Diversification

GP211

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_TRIPLE

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000061

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000052

ContactLogicalDescription

000000003A

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000052

ContactlessLogicalDescription

000000003A

Description

OT 7.0 128K FIPS PIV 2.3.2 Sample Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

SD Manufacturer Key Set

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_ENC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_MAC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_KEK

CM/SD Diversification

GP211

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_TRIPLE

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000061

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

0000000053

ContactLogicalDescription

000000003B

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000053

ContactlessLogicalDescription

000000003B

Description

OT 7.0 128K FIPS PIV 2.3.2 Full Stack with PIV PROD Key

CM Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

SD Manufacturer Key Set

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_ENC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_MAC

KMC_SD_OCS_PIV_PROD_AES_OPSC_1_KEK

CM/SD Diversification

GP211

Key Set Version / Index

0x01/0x0

Initial 9B key Label

PIV_OCS_CARD_ADMIN_KEY_SB_TRIPLE

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000061

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

0000000053

ContactLogicalDescription

000000003B 

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000053

ContactlessLogicalDescription

000000003B