9.2 Credential profile setup for PIN generation
You can configure MyID to generate PINs when issuing smart cards
For details of the available options in the credential profile, see the PIN Settings section in section 11.3.1, Credential profile options.
You are recommended to set the PIN Settings and PIN Characters options in the credential profile to match the required PIN policy for the device. The options available depend on the card type you are using; you may not be able to change some options on all card types, as they are set at manufacture, but you are recommended to make sure the options match the generated PINs to prevent any conflict with the PIN rules on the card.
The PIN generators use the following PIN characters:
-
EdeficePinGenerator – generates numeric-only PINs. You must set the PIN Characters options in the credential profile to numeric only.
-
EdeficePolicyPinGenerator – generates PINs conforming to the PIN Characters options in the credential profile.
-
RandomPinGenerator – by default, generates numeric-only PINs.
9.2.1 PIN generation for issuance
For smart card issuance, set the Issue With option to Server Generated PIN, then select the options you want to use in the credential profile to specify server-side PIN generation.
For example, to use a known algorithm to generate a repeatable 8-digit PIN, set the following options:
-
Issue With – Server Generated PIN
-
Length – 8
-
PIN Algorithm – EdeficePinGenerator or EdeficePolicyPinGenerator
-
Protected Key – select the key you added for PIN generation; see section 9.1, Adding a PIN generation key.
-
Select PIN Mailing Document – optionally, select the HTML template you want to use to generate the PIN mailer. The generated PIN is not displayed on screen, so you may want to send the cardholder a PIN mailer.
You can use the known algorithm to generate the PIN on another system using the protected key and the card serial number, and provide the PIN to the cardholder
To use a random server-generated 8-digit PIN, set the following options:
-
Issue With – Server Generated PIN
-
Length – 8
-
PIN Algorithm – RandomPinGenerator
Note: A PIN generated using the RandomPinGenerator is displayed on screen only during the Issue Card workflow; if you are using any other workflow to issue the card, you must
9.2.2 PIN generation for reset
To generate PINs when resetting a smart card's PIN using the Reset Card PIN workflow, from the Reset PIN to Secure Value option in the PIN Settings section of the credential profile, select EdeficePinGenerator, EdeficePolicyPinGenerator, or RandomPinGenerator.
For example, to use a known algorithm to generate a repeatable 8-digit PIN, set the following options:
-
Length – 8
-
Reset PIN to Secure Value – EdeficePinGenerator or EdeficePolicyPinGenerator
-
Reset PIN Protected Key – select the key you added for PIN generation; see section 9.1, Adding a PIN generation key.
-
Select PIN Reset Document – optionally, select the HTML template you want to use to generate the PIN mailer. The generated PIN is not displayed on screen, so you may want to send the cardholder a PIN mailer. Alternatively, you can use the known algorithm to generate the PIN on another system using the protected key and the card serial number, and provide the PIN to the cardholder that way.
See section 9.3, EdeficePinGenerator PIN generation algorithm or section 9.4, EdeficePolicyPinGenerator PIN generation algorithm for details of using the algorithm to generate the PINs.
To use a random server-generated 8-digit PIN, set the following options:
-
Length – 8
-
Reset PIN to Secure Value – RandomPinGenerator
-
Select PIN Reset Document – select the HTML template you want to use to generate the PIN mailer.
Note: A PIN generated using the RandomPinGenerator is not displayed on screen; you must select an HTML template from the Select PIN Reset Document option, and print the mailing document resetting the PIN.