For PIN verification and PIN translation, the HSM requires the PIN to be input as a 16-digit PIN block. The HSM supports a number of PIN block formats, each identified by a 2-digit PIN block format code. Formats 34, 35, 41 and 42 are used for EMV PIN change operations and are only available to the KU command.
The HSM supports four methods of PIN verification:
· IBM 3624.
· Diebold Proprietary Algorithm.
· VISA PVV.
· PIN comparison.
For each type, the PIN block is encrypted under a TPK or a ZPK depending on whether it has come from a local ATM (or PIN pad etc.) or from an acquirer. Therefore support is provided for verifying a PIN from a “terminal” or from “interchange”.
The following host commands are available for PIN verification:
· Verify a Terminal PIN Using the IBM Method (DA)
· Verify an Interchange PIN Using the IBM Method (EA)
· Verify a Terminal PIN Using the Diebold Method (CG)
· Verify an Interchange PIN Using the Diebold Method (EG)
· Verify a Terminal PIN Using the VISA Method (DC)
· Verify an Interchange PIN Using the VISA Method (EC)
· Verify a Terminal PIN Using the Comparison Method (BC)
· Verify an Interchange PIN Using the Comparison Method (BE)
Commands are provided to translate PIN blocks from encryption under one key to encryption under another. The commands can also translate the format of a PIN block, with the exception of those that translate to the LMK (where the PIN is not held in a standard format). The host commands available for key translations are as follows:
· Translate a PIN from One ZPK to Another (CC)
· Translate a PIN from TPK to ZPK Encryption (CA)
· Translate a PIN from ZPK to LMK Encryption (JE)
· Translate a PIN from TPK to LMK Encryption (JC)
· Translate a PIN from LMK to ZPK Encryption (JG)
· Translate PIN Algorithm (BQ)