|
Command: |
Generate a PIN offset using the IBM method. |
|
Notes: |
The decimalisation table can be stored in user storage and referenced in the same way as keys. The decimalisation table will be encrypted as the default state, However for backward compatibility the console CS command may be used to configure the HSM unit for plaintext decimalisation tables. It is recommended that encrypted decimalisation tables are used whenever possible. The plaintext decimalisation table of 16 digits must contain at least 8 different digits, with no digit occurring more than 4 times. If this condition is not met, Error Code 25 is returned. Checking of the table is the default condition, but may be disabled using the CS console command. Disabling of the check is not recommended. If a double or triple length PVK is used, Error Code 02 is returned as a warning but processing continues generating the offset using TDES in place of DES. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value DE. |
|
PVK |
16H or |
PVK encrypted under LMK pair 14-15; used to generate the offset. |
|
PIN |
L N or LH |
The PIN for which an offset is required; encrypted under LMK pair 02-03. |
|
Check length |
2 N |
The minimum PIN length. |
|
Account number |
12 N |
The 12 right-most digits of the account number, excluding check digit. |
|
Decimalisation table |
16 N or 16 H |
· 16H if Configure Security is set for Encrypted decimalisation tables · 16N if Configure Security is set for Plaintext decimalisation tables |
|
PIN validation data |
12 A |
User-defined data consisting of hexadecimal characters and the character N, which indicates to the HSM where to insert the last 5 digits of the account number. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
Field |
Length & Type |
Details |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value DF. |
|
Error code |
2 N |
00 : No errors 02 : Warning PVK not single length 10 : PVK parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 14: Error in encrypted PIN 15 : Error in input data 21 : Invalid user storage index 25: Decimalisation table error |
|
Offset |
12 N |
The resulting offset value; left-justified and padded with F. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |