30.2 Device Security page (Security Settings)
Setting |
|
Default value |
Yes |
Description |
Displays a warning on the login screen if the system is not securely configured and an attempt is made to issue credentials. If you want to run MyID with secure settings disabled (for example, for test or demonstration systems) contact customer support to discuss your requirements, quoting reference SUP-273. |
Further information |
Cannot be edited |
Setting |
|
Default value |
Yes |
Description |
Whether the installation supports Java applets. If you do not have this option set, you will be unable to write customer GlobalPlatform keys to your cards. |
Further information |
Setting |
|
Default value |
No |
Description |
Updates the PIV 9E Key, if it is supported by the device. The card symmetric 9E key is diversified from the 9B Master Key, and is changed to the customer master key during card issuance, and using the factory master key when the card is erased. Set this option to Yes to update the PIV 9E key on supported devices during issuance and erasure. Set this option to No to prevent any attempt to update the PIV 9E key on issuance or erasure. |
Further information |
|
Setting |
|
Default value |
Yes |
Description |
If this is set to Yes but the Security Officer PIN Type is set to Factory, cards cannot be issued. |
Further information |
|
Setting |
|
Default value |
Random |
Description |
Random – Generate a random SOPIN and set it on the card to be initialized (higher security). Factory – Leave the default SOPIN on the card (low security). |
Further information |
|
Setting |
|
Default value |
No |
Description |
When set to No, restricts the list of devices on this page to the smart cards known to support GlobalPlatform or PIV 9B keys. When set to Yes, displays all devices known to MyID. |
Further information |
|
Note: You can also set the requirements for customer GlobalPlatform and PIV 9B keys for each device type supported by your system. If the option is set to Yes, and the card supports the feature, MyID requires the customer key to be configured before issuing devices of this type.
If you change any of the options on this screen away from the default, your system will be potentially insecure, and MyID will display an appropriate warning when logging in to MyID or when issuing a smart card that would be affected. See section 28.4, System security for more information.
The Securing Devices section in the System Security Checklist document contains important information on securing your system.