The following table summarizes the new and changed callable services for ICSF FMID HCR77B0. For complete reference information on these callable services, refer to z/OS Cryptographic Services ICSF Application Programmer's Guide.
| Callable service | Release | Description |
|---|---|---|
| Field Level Decipher | HCR77B0 | New: Decrypt database fields, preserving the format of the fields using the VISA Format Preserving Encryption algorithm. |
| Field Level Encipher | HCR77B0 | New: Encrypt database fields, preserving the format of the fields using the VISA Format Preserving Encryption algorithm. |
| FPE Decipher | HCR77B0 | New: Decrypt payment card data using Visa Data Secure Platform (Visa DSP) processing. |
| FPE Encipher | HCR77B0 | New: Encrypt payment card data using Visa Data Secure Platform (Visa DSP) processing. |
| FPE Translate | HCR77B0 | New: Translate payment card data from encryption under one key to encryption under another key using Visa Data Secure Platform (Visa DSP) processing. |
| ICSF Multi-Purpose Service | HCR77B0 | New: Validate the keys in the active CKDS or PKDS. |
| Key Data Set List | HCR77B0 | New: Generate a list of labels or handles that match a label filter and metadata search criteria in an active key data set. |
| Key Data Set Metadata Read | HCR77B0 | New: Read metadata for a record in an active key data set. |
| Key Data Set Metadata Write | HCR77B0 | New: Add, delete, and change metadata for a list of records in an active key data set. |
| PKCS #11 One-way hash generate | HCR77B0 | Changed: Legacy hash rules added. |
| PKCS11 One-way hash, sign, or verify | HCR77B0 | Changed: Legacy hash rules added. |
| Authentication Parameter Generate | HCR77A1 | New: Generate an authentication parameter (AP) and return it encrypted under a supplied encrypting key. |
| ICSF Query Facility 2 | HCR77A1 | New: Provides information on the cryptographic environment as currently known by ICSF. |
| Recover PIN From Offset | HCR77A1 | New: Calculate an encrypted customer-entered PIN from a PIN generating key, account information, and an offset, returning the PIN properly formatted and encrypted under a PIN encryption key. |
| Symmetric Key Export with Data | HCR77A1 | New: Export a symmetric key encrypted using an RSA key, inserted in a PKCS#1 block type 2, with some extra data supplied by the application. |
Cipher Text Translate2 |
HCR77A0 | New: Translates the user-supplied ciphertext from one key to another key. |
| Control Vector Generate | HCR77A0 | Changed:
|
| Diversified Key Generate2 | HCR77A0 | New: Derive keys using a key-generating key. |
| DK Deterministic PIN Generate | HCR77A0 | New: Generate a PIN using a secret key. |
| DK Migrate PIN | HCR77A0 | New: Generate a PIN reference value (PRW) for an existing IOS-1 PIN block. |
| DK PAN Translate | HCR77A0 | New: Modify the PAN of an account while keeping the same PIN. |
| DK PIN Change | HCR77A0 | New: Allow a customer to select a personal PIN. |
| DK PIN Verify | HCR77A0 | New: Verify an ISO-1 PIN. |
| DK PAN Modify in Transaction | HCR77A0 | New: This service is used to obtain a new PIN reference value (PRW) for an existing PIN when the account information has changed. |
| DK PRW Card Number Update | HCR77A0 | New: Generate a PIN reference value (PRW) when a replacement card is being issued. |
| DK PRW CMAC Generate | HCR77A0 | New: Generate a message authentication code (MAC) over specific values involved in an account number change transaction. |
| DK Random PIN Generate | HCR77A0 | New: Generate a random PIN and PIN reference value. |
| DK Regenerate PRW | HCR77A0 | New: Generate a new PIN reference value for a changed account number. |
| ECC Diffie-Hellman | HCR77A0 | Changed:
|
| Key Export | HCR77A0 | Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types. |
| Key Generate | HCR77A0 | Changed:
|
| Key Generate2 | HCR77A0 | Changed:
|
| Key Import | HCR77A0 | Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types. |
| Key Part Import2 | HCR77A0 | Changed: Support AES DKYGENKY, MAC, PINCALC, PINPROT, and PINPRW keys for DK AES PIN services. |
| Key Test2 | HCR77A0 | Changed: Support AES DKYGENKY, MAC, PINCALC, PINPROT, and PINPRW keys for DK AES PIN services. |
| Key Token Build | HCR77A0 | Changed:
|
| Key Token Build2 | HCR77A0 | Changed:
|
| Key Translate2 | HCR77A0 | Changed: Support changing variable-length key tokens with variable-length payloads to fixed-length payloads. |
| ICSF Query Facility | HCR77A0 | Changed: Retrieve weak PIN table from coprocessor. |
| MAC Generate2 | HCR77A0 | New: Generate a MAC using AES or HMAC keys. |
| MAC Verify2 | HCR77A0 | New: Verify a MAC using AES or HMAC keys. |
| Multiple Secure Key Import | HCR77A0 | Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types |
| PKA Key Generate | HCR77A0 | Changed: Support generating RSA keys that can be wrapped by AES keys. |
| PKA Key Import | HCR77A0 | Changed: Support importing RSA keys that are wrapped by an AES key-encrypting key. |
| PKA Key Token Build | HCR77A0 | Changed: Support building RSA-AESC and RSA-AESM skeleton tokens. |
| PKA Key Token Change | HCR77A0 | Changed: Support reenciphering RSA keys wrapped by an ECC master key. |
| PKA Key Translate | HCR77A0 | Changed: Support translating the object protection key (OPK) in a RSA private key token from a DES key to an AES key. |
| Restrict Key Attribute | HCR77A0 | Changed:
|
| Secure Key Import | HCR77A0 | Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types. |
| Secure Key Import2 | HCR77A0 | Changed: Support AES DKYGENKY, MAC, PINCALC, PINPROT, and PINPRW keys for DK AES PIN services. |
| Symmetric Key Export | HCR77A0 | Changed: Support AES DKYGENKY, MAC, PINCALC, PINPROT, and PINPRW keys for DK AES PIN services. |
| Symmetric Key Import2 | HCR77A0 | Changed: Support AES DKYGENKY, MAC, PINCALC, PINPROT, and PINPRW keys for DK AES PIN services. |
| Unique Key Derive | HCR77A0 | New: Use the Unique Key
Derive callable service to derive a key using the Base Derivation
Key and the Derivation Data. The following key types can be derived:
|
| Clear PIN Generate | HCR7790 | Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support. |
| Clear PIN Generate Alternate | HCR7790 | Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support. |
| Control Vector Generate | HCR7790 | Changed: ANSI TR-31 key block support. |
| Coordinated KDS Administration | HCR7790 | New: Support for a coordinated CKDS refresh or a coordinated CKDS reencipher and master key change. |
| CVV Key Combine | HCR7790 | New: Double-length CVV key support |
| Digital Signature Verify | HCR7790 | Changed: 4096-bit RSA clear key hardware support. |
| ECC Diffie-Hellman | HCR7790 | New: Creation of:
|
| Encrypted PIN Generate | HCR7790 | Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support. |
| Encrypted PIN Verify | HCR7790 | Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support. |
| ICSF Query Algorithm | HCR7790 | Changed: 4096-bit RSA clear key hardware support. |
| ICSF Query Facility | HCR7790 | Changed:
|
| Key Generate2 | HCR7790 | Changed: AES key type support |
| Key Part Import2 | HCR7790 | Changed: AES key type support |
| Key Test2 | HCR7790 | Changed:
|
| Key Token Build | HCR7790 | Changed: ANSI TR-31 key block support. |
| Key Token Build2 | HCR7790 | Changed: AES key type support |
| Key Translate2 | HCR7790 | Changed: AES key type support |
| PKA Decrypt | HCR7790 | Changed: 4096-bit RSA clear key hardware support. |
| PKA Encrypt | HCR7790 | Changed: 4096-bit RSA clear key hardware support. |
| PKA Key Generate | HCR7790 | Changed: Support for External ECC Keys (ECC Keys encrypted by an AES KEK) |
| PKA Key Import | HCR7790 | Changed: Support for External ECC Keys (ECC Keys encrypted by an AES KEK) |
| PKCS #11 Derive key | HCR7790 | Changed: Support for hardware generated “z” value. |
| PKCS #11 Derive multiple keys | HCR7790 | Changed: Support for hardware generated “z” value. |
| PKCS #11 Private key sign | HCR7790 | Changed: 4096-bit RSA clear key hardware support. |
| PKCS #11 Public key verify | HCR7790 | Changed: 4096-bit RSA clear key hardware support. |
| PKCS #11 Unwrap key | HCR7790 | Changed: 4096-bit RSA clear key hardware support. |
| Restrict Key Attribute | HCR7790 | Changed:
|
| Secure Key Import2 | HCR7790 | Changed: AES key type support |
| Symmetric Algorithm Decipher | HCR7790 | Changed: AES key type support |
| Symmetric Algorithm Encipher | HCR7790 | Changed: AES key type support |
| Symmetric Key Export | HCR7790 | Changed:
|
| Symmetric Key Generate | HCR7790 | Changed: Support for PKCS#1 OAEP data block formatting with the SHA-256 hash method |
| Symmetric Key Import | HCR7790 | Changed: Support for PKCS#1 OAEP data block formatting with the SHA-256 hash method |
| Symmetric Key Import2 | HCR7790 | Changed: AES key type support |
| TR-31 Export | HCR7790 | New: ANSI TR-31 key block support. |
| TR-31 Import | HCR7790 | New: ANSI TR-31 key block support. |
| TR-31 Optional Data Build | HCR7790 | New: ANSI TR-31 key block support. |
| TR-31 Optional Data Read | HCR7790 | New: ANSI TR-31 key block support. |
| TR-31 Parse | HCR7790 | New: ANSI TR-31 key block support. |
| VISA CVV Service Verify | HCR7790 | Changed: Double-length CVV key support |
| VISA CVV Service Generate | HCR7790 | Changed: Double-length CVV key support |
| ANSI X9.17 EDC Generate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| ANSI X9.17 Key Export | HCR7780 | Changed: Support for invocation in AMODE(64). |
| ANSI X9.17 Key Import | HCR7780 | Changed: Support for invocation in AMODE(64). |
| ANSI X9.17 Key Translate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| ANSI X9.17 Transport Key Partial Notarize | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Ciphertext Translate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Clear PIN Encrypt | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Clear PIN Generate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Clear PIN Generate Alternate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Control Vector Generate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Control Vector Translate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Cryptographic Variable Encipher | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Data Key Export | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Data Key Import | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Decipher | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Decode | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Digital Signature Generate | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| Digital Signature Verify | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| Diversified Key Generate | HCR7780 | Changed:
|
| Encipher | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Encode | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Encrypted PIN Generate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Encrypted PIN Translate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Encrypted PIN Verify | HCR7780 | Changed: Support for invocation in AMODE(64). |
| HMAC Generate | HCR7780 | New: Support for CCA key management of HMAC keys. |
| HMAC Verify | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Export | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Generate2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Import | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Part Import | HCR7780 | Changed:
|
| Key Part Import2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Record Create | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Record Create2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Record Delete | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Record Read | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Record Read2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Record Write | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Record Write2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Test | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Test Extended | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Test2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Token Build | HCR7780 | Changed:
|
| Key Token Build2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Key Translate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Key Translate2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| MAC Generate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| MAC Verify | HCR7780 | Changed: Support for invocation in AMODE(64). |
| MDC Generate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Multiple Clear Key Import | HCR7780 | Changed: New rule array keywords to support enhanced key wrapping method. |
| Multiple Secure Key Import | HCR7780 | Changed:
|
| One-Way Hash Generate | HCR7780 | New: Support for invocation in AMODE(64). |
| PIN Change/Unblock | HCR7780 | Changed: Support for invocation in AMODE(64). |
| PKA Key Generate | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| PKA Key Import | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| PKA Key Token Build | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| PKA Key Token Change | HCR7780 | Changed:
|
| PKA Public Key Extract | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| PKDS Key Record Create | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| PKDS Key Record Delete | HCR7780 | Changed: Elliptic Curve Cryptography (ECC) support. |
| PKDS Key Record Read | HCR7780 | Changed:
|
| PKDS Key Record Write | HCR7780 | Changed:
|
| Prohibit Export | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Prohibit Export Extended | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Remote Key Export | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Restrict Key Attribute | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Secure Key Import | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Secure Key Import2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Secure Messaging for Keys | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Secure Messaging for PINS | HCR7780 | Changed: Support for invocation in AMODE(64). |
| SET Block Compose | HCR7780 | Changed: Support for invocation in AMODE(64). |
| SET Block Decompose | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Symmetric Key Decipher | HCR7780 | Changed: Additional modes of operation for protecting data. |
| Symmetric Key Encipher | HCR7780 | Changed: Additional modes of operation for protecting data. |
| Symmetric Key Export | HCR7780 | Changed: Support for CCA key management of HMAC keys. |
| Symmetric Key Generate | HCR7780 | Changed:
|
| Symmetric Key Import | HCR7780 | Changed: New rule array keywords to support enhanced key wrapping method. |
| Symmetric Key Import2 | HCR7780 | New: Support for CCA key management of HMAC keys. |
| Transaction Validation | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Transform CDMF Key | HCR7780 | Changed: Support for invocation in AMODE(64). |
| Trusted Block Create | HCR7780 | Changed: Support for invocation in AMODE(64). |
| User Derived Key | HCR7780 | Changed: Support for invocation in AMODE(64). |
| VISA CVV Service Generate | HCR7780 | Changed: Support for invocation in AMODE(64). |
| VISA CVV Service Verify | HCR7780 | Changed: Support for invocation in AMODE(64). |