Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 Encrypted_PIN_Verify

The verb does the following:

 Decrypts the input PIN-block by using the supplied IPINENC key in ECB mode,

or derives the decryption key using the specified KEYGENKY key and CKSN

and uses ANSI X9.24-specified “special decryption.” The EPINVER bit must be

valued to one in the IPINENC control vector, or the UKPT bit must be valued to

one in the KEYGENKY control vector. See “PIN Profile” on page 8-10 and

“UKPT Calculation Methods” on page E-13.

 Extracts the trial PIN (T-PIN) from the specified PIN-block format using the

method specified by default or by a rule array keyword. If required by the

PIN-block format, PAN data and/or the pad digit will be used in the extraction

process.

 Verifies use of a PINVER or PINGEN key type having the EPINVER bit valued

to one in the control vector of the PIN-verifying key

 Calculates the account-number-based PIN (A-PIN)

 For methods that employ an offset, modifies the A-PIN value with the offset

(O-PIN) value entered in the third element of the data array variable. The

NOOFFSET bit must be valued to zero in the control vector of the PIN-verifying

key when employing the IBM 3624 PIN Offset calculation method.

 Compares the extracted trial (T-PIN) with the possibly modified account PIN

(A-PIN) and reports the results in the return code variable. Return code four

indicates a verification failure while return code zero indicates success.

Restrictions

Some CCA implementations may enforce a specific order of the rule array

keywords with this verb; see product-specific literature.

Previous editions of this manual incorrectly described the CKSN as requiring

space-character padding. Pad the CKSN with four bytes of X'00'.

Format

CSNBPVR

return_code Output Integer

reason_code Output Integer

exit_data_length In/Output Integer

exit_data In/Output String exit_data_length bytes

PIN_encrypting_key_identifier Input String 64 bytes

PIN_verifying_key_identifier Input String 64 bytes

PIN_profile Input String

array

24 or 48 bytes

PAN_data Input String 12 bytes

encrypted_PIN_block Input String 8 bytes

rule_array_count Input Integer one, two, or three

rule_array Input String

array

rule_array_count * 8 bytes

PIN_check_length Input Integer

data_array Input String

array

3 * 16 bytes

Chapter 8. Financial Services Support Verbs

8-43

previous next