Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 Encrypted_PIN_Translate

Encrypted_PIN_Translate (CSNBPTR)

Platform/

Product

OS/2 AIX Win NT/

2000

OS/400

IBM 4758-2/23 X X X X

The Encrypted_PIN_Translate verb can change PIN block encryption, and

optionally format a PIN into a different PIN-block format. You can use this verb in

an interchange-network application, or to change the PIN block to conform to the

format and encryption key used in a PIN-verification database. The verb also

supports derived Unique Key Per Transaction (UKPT) PIN-block encryption (ANSI

X9.24) for both input and output PIN blocks.

Supported PIN-block formats:

 IBM 3624

 ISO-0 (equivalent to ANSI X9.8, VISA-1, and ECI-1 formats).

 ISO-1 (same as the ECI-4 format)

 ISO-2.

The verb operates in one of two modes:

 In translate mode the verb decrypts a PIN block using an input key that you

supply, or that is derived from other information that you supply. The cleartext

information is then encrypted using an output key that you supply, or that is

derived from other information that you supply. The cleartext is not examined.

 In reformat mode the verb performs the translate-mode functions and in

addition processes the cleartext information. Following rules that you specify,

the PIN is recovered from the input cleartext PIN-block and formatted into an

output PIN-block for encryption.

To use this verb, specify:

 The mode of operation with a keyword in the rule array: TRANSLAT or

REFORMAT

 Optionally, the method of PIN extraction with a rule-array keyword

 Optionally, unique-key-per-transaction processing (UKPT) on input and/or

output with rule array keywords: UKPTIPIN, UKPTOPIN, or UKPTBOTH

 Input and output PIN-block encrypting keys, or the base key(s) used to derive

the PIN-block enciphering keys

 Input and output PIN profiles, which for UKPT processing are extended with the

“current key serial number” (CKSN). See “PIN Profile” on page 8-10,“Current

Key Serial Number” on page 8-11 , and “UKPT Calculation Methods” on

page E-13.

 Input and output PAN data as required by the selected PIN-block formats

 An output PIN-block sequence number as required by the selected PIN-block

format, or specify a value of 99999.

The verb does the following:

 Decrypts the input PIN-block by using the supplied IPINENC key in ECB mode,

or derives the decryption key using the specified KEYGENKY key and current

Chapter 8. Financial Services Support Verbs 8-37

previous next