2 Securing Devices

When you install MyID, the settings on the Device Security page of the Security Settings workflow are configured to require you to use customer GlobalPlatform keys and random Security Officer PINs (SOPINs). The system is also configured to display warnings if your system is not securely configured:

The message is:

The system is not configured for production use - check the MyID system security checklist document for further information.

If this warning appears, you must review the settings on the Device Security tab on the Security Settings workflow:

Setting	Default value	Description
Security Officer PIN Type	Random	Random – Generate a random SOPIN and set it on the card to be initialized (higher security). Factory – Leave the default SOPIN on the card (low security).

Setting

Default value

Description

Security Officer PIN Type

Random

Random – Generate a random SOPIN and set it on the card to be initialized (higher security).

Factory – Leave the default SOPIN on the card (low security).

Note: You can also set the requirements for customer GlobalPlatform and PIV 9B keys for each device type supported by your system. If the option is set to Yes, and the card supports the feature, MyID requires the customer key to be configured before issuing devices of this type.

If you change any of the options on this screen away from the default, your system will be potentially insecure, and MyID will display an appropriate warning when logging in to MyID or when issuing a smart card that would be affected.