Command: CS (Configure Security). The HSM must be in the Secure state.
Function: To set the security configuration of the HSM and some processing parameters. CS converts all lower-case alpha values to upper case for display purposes, except for the Card issuer Password. Operation is menu-driven, as shown in the examples. The security settings can optionally be saved to a Smartcard.
Inputs: PIN
length [4-12]: a one or two-digit number in the range 4 to 12
Echo [oN/ofF]: N or F
Atalla ZMK variant support [oN/ofF]: N or F
Racal or Australian transaction key? [R/A]: R or A
User storage key length [S/D/T]: S, D or T
Erase LMKs? [Y/N]:
confirm Y or N
Select clear PINs? [Y/N]:
Y or N
Enable ZMK translate command? [Y/N]: Y or N
Enable X9.17 for import? [Y/N]:
Y or N
Enable X9.17 for export? [Y/N]:
Y or N
Solicitation batch size [1-1024]: a one to four-digit number, range 1 to
1024
Enable single-DES [Y/N]: Y or N
Single/double length ZMKs [S/D]: S or D (Single or Double) Encrypted/Plaintext
decimalisation table [E/P]: E <Return>
Enable decimalisation table checks? [Y/N]: Y or N
PIN encryption algorithm: A or B (Visa method or Racal Method)
Card/password authorisation [C/P]: C or P (Card or Password)
Card issuer password [ENTER = no change]: 8 alphanumeric printable characters
Save SECURITY settings to Smartcard? [Y/N]: Y or N
Outputs: Prompts according to the settings chosen (see examples below).
Errors: Invalid entry.
Card
not formatted to save/retrieve HSM settings.
Attempt with another card? [Y/N]:
The default values for the parameters are:
|
Parameter |
Default value |
|
PIN length |
4 |
|
Echo |
Off |
|
Atalla ZMK variant support |
Off |
|
Racal or Australian transaction key |
Racal |
|
User storage key length |
Single |
|
Enable single-DES |
Yes |
|
Select clear PINs |
No |
|
Enable ZMK translate command |
No |
|
Enable X9.17 for import |
No |
|
Enable X9.17 for export |
No |
|
Solicitation batch size |
1024 |
|
ZMK length |
Single |
|
PIN encryption algorithm |
A (Visa method) |
|
Card/password authorisation |
Card |
|
Card issuer password |
GUARDATA |
|
Encrypted\Plaintext decimalisation table |
Encrypted |
|
Enable decimalisation table checks |
Yes |
Example 1:
Secure> CS <Return>
PIN Length [4-12]: 4 <Return>
Echo [oN/ofF]: N < Return >
Atalla ZMK variant support [oN/ofF]: F <Return>
Racal or Australian transaction key [R/A]: R <Return>
User storage key length [S/D/T]: S <Return>
LMKs must be erased before remaining parameters can be set.
Erase LMKs? [Y/N]: N <Return>
Save SECURITY settings to smart card? [Y/N]: N <Return>
Example 2:
Secure > CS <Return>
PIN length [4-12]: 4 <Return>
Echo [oN/ofF]: F <Return>
Atalla ZMK variant support [oN/ofF]: F <Return>
Racal or Australian transaction key? [R/A]: R <Return>
User storage key length [S/D/T]: T <Return>
LMKs must be erased before remaining parameters can be set.
Erase LMKs? [Y/N]: Y <Return>
Select clear PINs? [Y/N]: N <Return>
Enable ZMK translate command? [Y/N]: N <Return>
Enable X9.17 for import? [Y/N]: N <Return>
Enable X9.17 for export? [Y/N]: N <Return>
Solicitation batch size [1-1024]: 1024 <Return>
Enable Single DES [Y/N]: Y <Return>
Single/double length ZMKs [S/D]: S <Return>
Encrypted/Plaintext decimalisation table [E/P]: E <Return>
Enable decimalisation table checks? [Y/N]: Y <Return>
PIN encryption algorithm [A/B]: A <Return>
Card/password authorisation [C/P]: C <Return>
Card issuer password [Enter = no change]: <Return>
Save SECURITY settings to smart card? [Y/N]: Y <Return>
Insert card and press ENTER: <Return>
SECURITY settings saved to the smart card.