|
Command: |
Verify a PIN using the IBM method. |
|
Notes: |
The command performs the same function as DA and EA, plus it computes the PIN pad key.The PIN block is assumed to be in the ANSI X9.8 format; no source PIN block format codes are required. The decimalisation table will be encrypted as the default state, However for backward compatibility the console CS command may be used to configure the HSM unit for plaintext decimalisation tables. It is recommended that encrypted decimalisation tables are used whenever possible. The plaintext decimalisation table of 16 digits must contain at least 8 different digits, with no digit occurring more than 4 times. If this condition is not met, Error Code 25 is returned. Checking of the table is the default condition, but may be disabled using the CS console command. Disabling of the check is not recommended. If a double or triple length PVK is used, Error Code 02 is returned as a warning but processing continues verifying the PIN using TDES in place of DES. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value CK. |
|
*BDK |
32H or 1A+32H |
The *BDK encrypted under LMK pair 28-29. |
|
PVK |
16H or |
The PVK encrypted under LMK pair 14-15 |
|
KSN descriptor |
3 H |
The descriptor for the KSN (in the next field). |
|
Key serial number |
12 - 20 H |
The KSN supplied by the PIN pad. |
|
Source encrypted block |
16 H |
Encrypted PIN block received from the POS PIN terminal. |
|
Check length |
2 N |
The minimum PIN length. |
|
Account number |
12 N |
The 12 right-most digits of the primary account number (PAN), excluding the check digit. |
|
Decimalisation table |
16 N or 16 H |
Table for converting encrypted characters to decimal digits. 16H if Configure Security is set for Encrypted decimalisation tables 16N if Configure Security is set for Plaintext decimalisation tables |
|
PIN validation |
12 A |
User-defined data consisting of hexadecimal characters, and the letter N, which indicates where the HSM is to insert the last five digits of the account number specified in the Host request message (the digits must be left-justified). |
|
Offset |
12 H |
The IBM offset value, left-justified and padded with “F”.
|
|
Field |
Length & Type |
Details |
|
End message delimiter |
1 C |
Present only if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value CL. |
|
Error code |
2 N |
00 : No errors 01 : Verification failure 02 : Warning PVK not single length 10 : *BDK parity error 11 : PVK parity error 12 : No keys loaded in user storage 15 : Error in input data 27 : *BDK not double length |
|
End message delimiter |
1 C |
Present only if present in the command message. |
|
Message trailer |
n A |
Present only if present in the command message. |