|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
When a cardholder is given the option of selecting a PIN, he/she returns a form containing a PIN selection and a reference number. For security reasons, the only connection between the PIN and the cardholder’s account is this reference number which is a cryptographic representation of the last 10 digits of the account number (excluding the account number check digit).
The HSM processes these values and returns the encrypted PIN and the last 10 digits of the account number (excluding check digit). The Host can match the account number digits and store the encrypted PIN for subsequent processing (for verification purposes or the creation of PIN offsets etc.).
Because the reference number is the only link to the cardholder’s PIN, there must be a means of validating the data that is manually entered. There is no way to validate the PIN except through dual entry procedures or through the visual comparison of the value entered and the value recorded on the mailer form.
The 12-digit reference number, unlike the PIN, can be validated by a Host program. This reference number is a 10-digit number, followed by two check digits. The check digits can be validated during or after data entry.
The data is batch processed using Host commands. The number of records entered must be greater than or equal to the minimum batch size set when the HSM is configured. Each batch consists of at least one logical record. Each logical record contains a 12-digit reference number (obtained from the returned solicitation mailer) and the cardholder-selected PIN.
When the batch has been loaded to internal memory, the HSM encrypts the PINs under LMK pair 02-03, and decrypts the reference numbers, yielding a value which contains the 10 right-most digits of the account number (excluding the check digit). The PIN and 10 digits of the account number are returned to the Host.
The algorithm for validating the two check digits of a reference number is as follows:
The first of the two check digits is calculated as:
MOD 10 [10 - MOD 10 (Y)]
where Y is the sum of the products obtained by multiplying the 3rd to the 10th digits of the reference number by the following weights:
|
Digit |
Weight |
|
3 |
9 |
|
4 |
7 |
|
5 |
8 |
|
6 |
6 |
|
7 |
7 |
|
8 |
9 |
|
9 |
6 |
|
10 |
8 |
The second check digit is calculated as:
MOD 10 [10 - MOD 10 (Z)]
where Z is the sum of the following:
f(digit 1) + digit 2 + f(digit 3) + digit 4 +f(digit 5)
+ digit 6 + f(digit 7) + digit 8 +
f(digit 9) + digit 10 + f(first check digit)
The value of f(digit n) is determined as follows:
|
Digit |
f(digit n) |
|
0 |
0 |
|
1 |
2 |
|
2 |
4 |
|
3 |
6 |
|
4 |
8 |
|
5 |
1 |
|
6 |
3 |
|
7 |
5 |
|
8 |
7 |
|
9 |
9 |
The MOD 10 (n) operation yields a value that is the remainder after dividing n by 10. This remainder is the same as the low-order digit on n.
The following example illustrates the validation of the reference number 936125183702, where 0 is the first check digit and 2 is the second check digit.
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
9 |
3 |
6 |
1 |
2 |
5 |
1 |
8 |
3 |
7 |
0 |
2 |
The HSM provides the following Host commands to support solicitation data entry:
· Load solicitation data to user storage.
· Final load of solicitation data and start processing.
· Enable solicitation data entry at the Console.
· Disable solicitation data entry at the Console.
· Response to solicitation data entry at the Console.
