|
Command: |
Validate a MAC on request from a terminal and return the TPK under the LMK and the MAC residue under the LMK. |
|
Notes: |
The command does not accept an all zero account number element of the ‘message text’ field. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value RI. |
|
Terminal key register |
16 H |
Terminal key register encrypted under LMK pair 14-15. |
|
Account number pointer |
2 H |
00 if the account number starts at the first character in the message text field, and one value greater for each subsequent character into the field. The account number is terminated by the first non-numeric character. This is ignored if extended length messages are used but 2 hex digits must still be supplied. |
|
Fields C & D |
16 H |
The C & D fields from the magnetic stripe of a card as defined in the Racal Security Scheme. |
|
PIN block pointer |
2 H |
00 if the PIN block starts at the first character in the message text field, and one value greater for each subsequent character into the field. The PIN block is assumed to be 16 (hexadecimal) characters and is assumed to be formatted according to ANSI X9.8. . This is ignored if extended length messages are used but 2 hex digits must still be supplied. |
|
Message length |
2 H |
Value X’00 to X’A0 (decimal 160) indicating the length of the next field. This field should be set to X'00 and the next field omitted if extended length messages required. |
|
Message text |
n A |
The message to be authenticated as received from the terminal, but excluding the STX, ETX and LRC. The last 8 characters are assumed to be the MAC. An all zero account number cannot be used. Omitted if extended length messages are required. |
|
Delimiter |
1 C |
Optional. Value ";". Only present if extended length messages to be used. |
|
Extended account number pointer |
4 H |
Optional. Only present if extended length messages are to be used. 0000 if the account number starts at the first character in the message text field, and one value greater for each subsequent character into the field. The account number is terminated by the first non-numeric character. |
|
Field |
Length & Type |
Details |
|
Extended PIN block pointer |
4 H |
Optional. Only present if extended length messages are to be used. 0000 if the PIN block starts at the first character in the message text field, and one value greater for each subsequent character into the field. The PIN block is assumed to be 16 (hexadecimal) characters and is assumed to be formatted according to ANSII X9.8. |
|
Extended Message Length |
4 H |
Optional. Only present if extended length messages are to be used. Defines the length of the next field. Maximum value is determined by the maximum size of the HSM input buffer. |
|
Extended Message Text |
n A |
Optional. Only present if extended length messages are to be used. The message to be authenticated as received from the terminal, but excluding the STX, ETX and LRC. The last 8 characters are assumed to be the MAC. An all zero account number cannot be used. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value RJ. |
|
Error code |
2 N |
00 : No errors 01 : MAC verification fail 10 : Key register parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 20 : PIN block does contain valid values 21 : Invalid user storage index 22 : All zero account number used (processing is terminated) 24 : PIN is fewer than 4 or more than 12 digits 80 : Message length error |
|
MAC residue |
8 H |
The MAC residue encrypted under LMK 10. |
|
TPK |
16 H |
The TPK encrypted under LMK pair 14-15. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |