Device Profiles

Your organization might opt to issue multiple kinds of identities such as smart cards, security keys, and digital identities on mobile devices. Each type of device supported by the Unifyia platform offers authentication and encryption methods, ensuring safe and secure platform access. Before issuance, it's necessary to establish a profile, meaning configuring the device management keys for each identity type. These keys facilitate the management of card applications and data, enabling operators to allocate specific devices to users. Each device comes with default manufacturer keys. It is essential to replace the manufacturer (factory) keys with the customer keys to ensure security and risk mitigation.

Supported Identity Types

The following is the list of the authenticators for which the platform supports creation of device profiles.

  • Personal Identity Verification (PIV) based smart devices
    • IDEMIA - ID-One PIV v2.4.1 on Cosmo V8.1
    • IDEMIA - ID-One PIV v2.4.2 on Cosmo V8.2
    • IDEMIA - ID-One PIV v2.3.4 on Cosmo V7
    • G&D SCE 7.0 with PIV Applet V1.0
    • Thales IDPrime PIV v3.0
    • ZTPass on NXP P71D600
    • Yubico - YubiKey 5 Series
    • Yubico - YubiKey 4 Series
    • Arculus AuthentiKey
    • Swissbit - Swissbit iShield Key
  • Mobile Identities (Requires Unifyia ID Wallet App)
  • ID Card

Required Keys and Their Length for Product Models

Refer to the table below to understand the required keys and their key lengths for the supported product models.

Product Model Required Keys Key Length
One PIV V2.4.1 on Cosmo V8.1
  • Manufacturer Master Key
  • Manufacturer Admin Key
  • Customer Master Key
  • 64 Characters
  • 64 Characters
  • 64 Characters
One PIV V2.4.2 on Cosmo V8.2
  • Manufacturer Master Key
  • Manufacturer Admin Key
  • Customer Master Key
  • 64 Characters
  • 64 Characters
  • 64 Characters
One PIV V2.3.4 on Cosmo V7
  • Manufacturer Master Key
  • Manufacturer Admin Key
  • Customer Master Key
  • Customer Admin Key
  • 32 Characters
  • 32 Characters
  • 32 Characters
  • 32 Characters
G+D SCE 7.0 with PIV Applet V1.0
  • Manufacturer Master Key
  • Manufacturer Admin Key
  • Customer Master Key
  • Customer Admin Key
  • 96 Characters
  • 32 Characters
  • 96 Characters
  • 32 Characters
Thales IDPrime PIV v3.0
  • Manufacturer Master Key
  • Manufacturer Admin Key
  • Customer Master Key
  • Customer Admin Key
  • 32 Characters
  • 32 Characters
  • 32 Characters
  • 32 Characters
ZTPass on NXP P71D600
  • Manufacturer Master Key
  • Manufacturer Admin Key
  • Customer Master Key
  • Customer Admin Key
  • 96 Characters
  • 32 Characters
  • 96 Characters
  • 32 Characters
Yubikey 5
  • Manufacturer Admin Key
  • Customer Admin Key
  • 48 Characters
  • 48 Characters
Yubikey 4
  • Manufacturer Admin Key
  • Customer Admin Key
  • 48 Characters
  • 48 Characters
Arculus AuthentiKey
  • Manufacturer Admin Key
  • Customer Admin Key
  • 32 Characters
  • 32 Characters
Swissbit iShield Key
  • Manufacturer Admin Key
  • Customer Admin Key
  • 32 Characters
  • 32 Characters
Mobile Identities
(on Unifyia ID Wallet) 		Not required
ID Card Not required

Supported Functions

The device profile feature in the platform allows you to do the following:

  • Add a device profile for the below-listed categories
  • Additional configurations:
    • Provision to clear containers during issuance
    • Set PIN retry limit
    • Set PUK retry limit
  • Control which interfaces (such as USB, NFC) and applications (such PIV, FIDO2, OTP) are enabled for a particular device profile.
  • Lock the selected interfaces and applications with a lock key.
  • Option to save the keys in database or HSM.
  • Provision to diversify keys using Key Ceremony
  • Provision to enable factory reset when the keys are stored in HSM. The keys stored in the HSM cannot be retrived during factory reset. When factory reset is enabled, the platform encrypts and stores the Manufacturer Master and/or Admin keys (factory keys) in the database using the tenant key associated with the selected HSM. These keys are later used during the factory reset of the device.
  • Edit a device profile
  • Delete a device profile

Manage Device Profiles

Warning! You cannot edit/delete a device profile once it is assigned to a workflow and the associated users are issued devices.
  1. Navigate to Configuration > Device Profile. The list of all the device profiles added is displayed.
  2. To edit a device profile, select the Pencil icon. Edit the information as required. Select Update to save the data or Cancel to exit the process.
  3. To delete a device profile, select the Bin icon. Select Yes to confirm or No to exit the process.

Back Next
On this page