9.2 Credential profile setup for PIN generation

You can configure MyID to generate PINs when issuing smart cards, and also optionally to regenerate a PIN when resetting the card PIN using the Reset Card PIN workflow; see the Resetting a card's PIN section in the Operator's Guide.

For details of the available options in the credential profile, see the PIN Settings section in section 11.3.1, Credential profile options.

Note: You are recommended to set the PIN Settings and PIN Characters options in the credential profile to match the PINs that the PIN generation algorithm will produce. The options available depend on the card type you are using; you may not be able to change some options on all card types, as they are set at manufacture, but you are recommended to make sure the options match the generated PINs to prevent any conflict with the PIN rules on the card.

9.2.1 PIN generation for issuance

For smart card issuance, set the Issue With option to Server Generated PIN, then select the options you want to use in the credential profile to specify server-side PIN generation.

For example, to use a known algorithm to generate a repeatable 8-digit PIN, set the following options:

• Issue With – Server Generated PIN

• Length – 8

• PIN Algorithm – EdeficePinGenerator

• Protected Key – select the key you added for PIN generation; see section 9.1, Adding a PIN generation key.

• Select PIN Mailing Document – optionally, select the HTML template you want to use to generate the PIN mailer. The generated PIN is not displayed on screen, so you may want to send the cardholder a PIN mailer.

You can use the known algorithm to generate the PIN on another system using the protected key and the card serial number, and provide the PIN to the cardholder that way as an alternative to using a PIN mailer. See section 9.3, EdeficePinGenerator PIN generation algorithm for details of using the algorithm to generate the PINs.

To use a random server-generated 8-digit PIN, set the following options:

• Issue With – Server Generated PIN

• Length – 8

• PIN Algorithm – RandomPinGenerator

Note: A PIN generated using the RandomPinGenerator is displayed on screen only during the Issue Card workflow; if you are using any other workflow to issue the card, you must either select the Email PIN option in the credential profile, and configure MyID to send email notifications, or select an HTML template from the Select PIN Mailing Document option in the credential profile, and print the mailing document when collecting the card.

9.2.2 PIN generation for reset

To generate PINs when resetting a smart card's PIN using the Reset Card PIN workflow, from the Reset PIN to Secure Value option in the PIN Settings section of the credential profile, select either EdeficePinGenerator or RandomPinGenerator.

For example, to use a known algorithm to generate a repeatable 8-digit PIN, set the following options:

• Length – 8

• Reset PIN to Secure Value – EdeficePinGenerator

• Reset PIN Protected Key – select the key you added for PIN generation; see section 9.1, Adding a PIN generation key.

• Select PIN Reset Document – optionally, select the HTML template you want to use to generate the PIN mailer. The generated PIN is not displayed on screen, so you may want to send the cardholder a PIN mailer. Alternatively, you can use the known algorithm to generate the PIN on another system using the protected key and the card serial number, and provide the PIN to the cardholder that way.

  See section 9.3, EdeficePinGenerator PIN generation algorithm for details of using the algorithm to generate the PINs.

To use a random server-generated 8-digit PIN, set the following options:

• Length – 8

• Reset PIN to Secure Value – RandomPinGenerator

• Select PIN Reset Document – select the HTML template you want to use to generate the PIN mailer.

  Note: A PIN generated using the RandomPinGenerator is not displayed on screen; you must select an HTML template from the Select PIN Reset Document option, and print the mailing document resetting the PIN.