The HSM provides a variety of functions to implement key management, PIN management (including PIN verification) and Message Authentication Code (MAC) processing.
This section details all the commands available with their responses and possible error codes.
A number of abbreviations are used throughout. They are:
|
L |
: |
Encrypted PIN length. Set at installation. |
|
m |
: |
Message header length. Set at installation. |
|
n |
: |
Variable length field. |
|
A |
: |
Alphanumeric (can include any non-control type) characters. |
|
H |
: |
Hexadecimal character. |
|
N |
: |
Numeric Field. |
|
C |
: |
Control character. |
|
B |
: |
Binary data (byte), X’00 to X’FF. |
For example:
32 H : Indicates that thirty-two hexadecimal characters are required.
m A : Indicates that the Host must send the number of alphanumeric characters that has been set for the message header length.
For convenience, the STX and ETX control characters, which bracket every command and response, are not shown in the details that follow.
In a command to the HSM, any key can be replaced by a reference to internal user storage. In the details that follow, a key is always shown as if it is to be sent with each command; in every case the key can be replaced by the index flag K and a three-digit pointer value.
The HSM can be used in systems where there may be Atalla security equipment at other network nodes. This is achieved by the inclusion of an Atalla variant in those commands that translate a key from/to encryption under a ZMK. This has the effect of modifying the ZMK before it is used to decrypt/encrypt in accordance with the method used by the Atalla equipment. The HSM can support 1 or 2 digit Atalla variants.