Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54 PIN_Change/Unblock

authentication_key_identifier_length

The authentication_key_identifier_length parameter points to an integer variable

set to 64. This is the string length of the related key identifier.

authentication_key_identifier

The authentication_key_identifier parameter points to a string variable

containing an internal key-token or a key label of an internal key-token record

in key storage. The internal key-token contains the MAC-MDK key used to

diversify the data to form the authentication value. The control vector for this

key must specify a DKYGENKY key type with DKYL0 (level-0), and DMAC or

DALL permissions. Both halves of this double-length key must be unique. See

Figure C-3 on page C-5.

encryption_key_identifier_length

The encryption_key_identifier_length parameter points to an integer variable set

to 64. This is the string length of the related key identifier.

encryption_key_identifier

The encryption_key_identifier parameter points to a string variable containing

an internal key-token or a key label of an internal key-token record in key

storage. The internal key-token contains the ENC-MDK key used to diversify

the data to form the output PIN-block encryption key. The control vector for

this key must specify a DKYGENKY key type with DKYL0 (level-0), and DMPIN

or DALL permissions. Both halves of this double-length key must be unique.

diversification_data_length

The diversification_data_length parameter points to an integer set to the

byte-length of the data used in the generation of the authentication value and

the PIN-block encryption key. With TDES-XOR use a length of 10 or 18. With

TDESEMV2 and TDESEMV4 use a length of 10, 18, 26 or 34.

diversification_data

The diversification_data parameter points to a string variable. Form the

variable by concatenating two or three values:

Keyword Meaning

Diversification process (one, optional)

TDES-XOR This keyword specifies to diversify the issuer-master-key using

triple DES and an exclusive-OR process. This is the default

process.

TDESEMV2 This keyword specifies to diversify the issuer-master-key using

the EMV tree-based function, branch factor 2. See EMV 4.0

Book 2, Annex A1.3.1, and “VISA and EMV-Related Smart

Card Formats and Processes” on page E-17.

TDESEMV4 This keyword specifies to diversify the issuer-master-key using

the EMV tree-based function, branch factor 4.

Output PIN creation process (one required)

VISAPCU1 This keyword specifies to create the output PIN from the

new-reference PIN and the smart-card-unique, intermediate

key.

VISAPCU2 This keyword specifies to create the output PIN from the

new-reference PIN and the smart-card-unique, intermediate

key, and the current-reference PIN.

Chapter 8. Financial Services Support Verbs 8-55

previous next