|
Command: |
Verify a PIN from interchange using the IBM 3624 method. |
|
Notes: |
The decimalisation table can be stored in user storage and referenced in the same way as keys. For base software 2.0 and later, the decimalisation table will be encrypted as the default state, However for backward compatibility the console CS command may be used to configure the HSM unit for plaintext decimalisation tables. It is recommended that encrypted decimalisation tables are used whenever possible. The plaintext decimalisation table of 16 digits must contain at least 8 different digits, with no digit occurring more than 4 times. If this condition is not met, Error Code 25 is returned. Checking of the table is the default condition, but may be disabled using the CS console command. Disabling of the check is not recommended. If a double or triple length PVK is used, Error Code 02 is returned as a warning but processing continues verifying the PIN using TDES in place of DES. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value EA. |
|
ZPK |
16H or |
The ZPK under which the PIN block is encrypted; encrypted under LMK pair 06-07. |
|
PVK |
16H or |
The PVK encrypted under LMK pair 14-15. |
|
Maximum PIN length |
2 N |
Value 12. |
|
PIN block |
16 H |
The PIN block encrypted under the ZPK. |
|
PIN block format code |
2 N |
One of the valid format codes. |
|
Check length |
2 N |
The minimum PIN length. |
|
Account number |
12 N |
The 12 right-most digits of the account number, excluding the check digit. |
|
Decimalisation table |
16 N or 16 H |
· 16H if Configure Security is set for Encrypted decimalisation tables · 16N if Configure Security is set for Plaintext decimalisation tables |
|
PIN validation data |
12 A |
User-defined data consisting of hexadecimal characters and the character N, which indicates to the HSM where to insert the last 5 digits of the account number. |
|
Offset |
12 H |
IBM offset value, left-justified and padded with F. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
Field |
Length & Type |
Details |
|
RESPONSE MESSAGE |
||
|
Message header |
m A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value EB. |
|
Error code |
2 N |
00 : No errors 01 : Verification failure 02 : Warning PVK not single length 10 : ZPK parity error 11 : PVK parity error 12 : No keys or table loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 20 : PIN block error 21 : Invalid user storage index 23 : Invalid PIN block format code 24 : PIN is fewer than 4 or more than 12 digits 25 : Decimalisation table error |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |