Ask Security Questions for Self Service Card Unlock

No

Whether the holder’s security phrase is used when unlocking a card.

See the Self-service PIN reset authentication section in the Operator's Guide.

Manage PIV 9E key on supported devices

No

Updates the PIV 9E Key, if it is supported by the device. The card symmetric 9E key is diversified from the 9B Master Key, and is changed to the customer master key during card issuance, and using the factory master key when the card is erased.

Set this option to Yes to update the PIV 9E key on supported devices during issuance and erasure. Set this option to No to prevent any attempt to update the PIV 9E key on issuance or erasure.

Number of security questions for operator authentication

1

The number of security phrases the user is required to provide when an operator asks them; for example, during the Authenticate Person or Unlock Credential workflows.

See section 3.3.1, Setting the number of security phrases required to authenticate.

Number of security questions to register

2

The number of security phrases to enroll for a user in the Change Security Phrases or Change My Security Phrases workflows.

See section 3.3.1, Setting the number of security phrases required to authenticate.

Offline Unlock Method

Challenge

Challenge – a dialogue between the holder and the helpdesk, passing challenges and responses to identify the holder and the device.

Witness – another holder must witness the request.

None – offline unlocking not possible.

Used for Giesecke & Devrient cards.

Security Officer PIN Type

Random

Random – Generate a random SOPIN and set it on the card to be initialized (higher security).

Factory – Leave the default SOPIN on the card (low security).

Transport PIN

12549856

Default PIN for canceled cards. If you are using on-device PIN policies, you must set the transport PIN to match the PIN policy in the card properties file.