Installation and configuration for IDEMIA smart cards

5.4 Installation and configuration for IDEMIA smart cards

This section provides any information required when installing the middleware for smart cards or configuring smart cards through either their middleware or through MyID.

5.4.1 PIN characters for PIV cards

The SP800-73 PIV specification requires that PIV cards use numeric-only PINs. It is possible to configure MyID to use non-numeric PIN characters for some PIV cards, although some smart cards will fail to issue; for example the Oberthur ID-One PIV (v2.3.4), Oberthur ID-One PIV (v2.3.5), and Oberthur ID-One PIV (v2.4.0).

Make sure you set up the credential profile correctly; in the PIN Characters section of the Credential Profiles workflow, set number to be Mandatory, and uppercase letters, lowercase letters, and symbols to Not Allowed.

5.4.2 Serial numbers for IDEMIA PIV cards

ID-One PIV cards have a serial number which consists of the IIN and CIN.

Oberthur ID-One PIV v2.3.2 and v2.3.4 cards arrive from the factory with a serial number (IIN and CIN) already prepersonalized on the cards. When ordering cards from IDEMIA the customer would specify the IIN, and IDEMIA would create a unique CIN for each card.

Oberthur ID-One PIV v2.3.5 and Oberthur ID-One PIV v2.4.0 cards arrive without a serial number. MyID will create a serial number (IIN and CIN) during personalization.

MyID generates a CIN for each card, but the IIN (the first part of the serial number) is taken from a configuration value in MyID.

Important: On any MyID system that is intended to issue ID-One PIV v2.3.5 or v2.4.0 cards, you must configure MyID with the required IIN value.

To configure the IIN value to be personalized on ID-One PIV v2.3.5 or v2.4.0 cards, in the Operation Settings workflow, on the Devices tab, set the Serial Number IIN to the required value. The default is 0123456789.

When MyID issues an Oberthur ID-One PIV v2.3.5 card or Oberthur ID-One PIV v2.4.0 card, this IIN, and a generated CIN value, will be personalized on the card.

If the card already has a serial number (if it has already been issued by MyID), the serial number will not be repersonalized. Therefore any cards previously issued by MyID will keep the IIN with which they were previously personalized.

IDEMIA ID-One PIV 2.4.1 on Cosmo V8.1 cards use the IDEMIA CUID (personalized by IDEMIA at the factory) for the serial number, except for cases where IIN and CIN are present on the card already; in which case MyID uses the IIN and CIN as the serial number. MyID does not personalize IIN and CIN during personalization for IDEMIA ID‑One PIV 2.4.1 on Cosmo V8.1 cards.