- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2
gigabytes). The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- input_PIN_encrypting_key_identifier
-
Direction: Input/Output | Type: String |
The input PIN-encrypting key (IPINENC) for the PIN_block_in parameter
specified as a 64-byte internal key token or a key label. If keyword
UKPTIPIN, UKPTBOTH, DUKPT-IP or DUKPT-BH is specified in
the rule_array, then the input_PIN_encrypting_key_identifier must
specify a key token or key label of a KEYGENKY with the UKPT usage
bit enabled.
- output_PIN_encrypting_key_identifier
-
Direction: Input/Output | Type: String |
The output PIN-encrypting key (OPINENC) for the PIN_block_out parameter
specified as a 64-byte internal key token or a key label. If keyword
UKPTOPIN, UKPTBOTH, DUKPT-OP or DUKPT-BH is specified in
the rule_array, then the output_PIN_encrypting_key_identifier must
specify a key token or key label of a KEYGENKY with the UKPT usage
bit enabled.
- input_PIN_profile
-
Direction: Input | Type: Character string |
The three 8-byte character elements that contain information
necessary to either create a formatted PIN block or extract a PIN
from a formatted PIN block. A particular PIN profile
can be either an input PIN profile or an output PIN profile depending
on whether the PIN block is being enciphered or deciphered by the
callable service. See The PIN Profile for additional information.
If
you choose the TRANSLAT processing rule (this is not enforced
on the PCIXCC, CEX2C, or CEX3C) in the rule_array parameter,
the input_PIN_profile and the output_PIN_profile must
specify the same PIN block format. If you choose the REFORMAT processing
rule in the rule_array parameter, the input PIN profile and
output PIN profile can have different PIN block formats. If you specify
UKPTIPIN/DUKPT-IP or UKPTBOTH/DUKPT-BH in the rule_array parameter,
then the input_PIN_profile is extended to a 48-byte field
and must contain the current key serial number. See The PIN Profile for
additional information.
The pad digit is needed to extract
the PIN from a 3624 or 3621 PIN block in the Encrypted PIN translate
callable service with a process rule (rule_array parameter)
of REFORMAT. If the process rule is TRANSLAT, the pad digit is ignored.
- PAN_data_in
-
Direction: Input | Type: Character string |
The personal account number (PAN) if the process rule (rule_array parameter)
is REFORMAT and the input PIN format is ISO-0 or VISA-4 only. Otherwise,
this parameter is ignored. Specify 12 digits of account data in character
format.
For ISO-0, use the rightmost 12 digits of the PAN, excluding
the check digit.
For VISA-4, use the leftmost 12 digits of
the PAN, excluding the check digit.
- PIN_block_in
-
Direction: Input | Type: String |
The 8-byte enciphered PIN block that contains the PIN to
be translated.
- rule_array_count
-
Direction: Input | Type: Integer |
The number of process rules specified in the rule_array parameter.
The value may be 1, 2 or 3.
- rule_array
-
Direction: Input | Type: Character string |
The process rule for the callable service.
Table 192. Keywords for Encrypted PIN TranslateKeyword | Meaning |
---|
Processing Rules (required) |
REFORMAT | Changes
the PIN format, the contents of the PIN block, and the PIN-encrypting
key. |
TRANSLAT | Changes
the PIN-encrypting key only. It does not change the PIN format and
the contents of the PIN block. |
PIN Block Format and PIN Extraction Method (optional) | See PIN Block Format and PIN Extraction Method Keywords for additional information and a list of PIN block
formats and PIN extraction method keywords.
Note:
If a PIN
extraction method is not specified, the first one listed in Table 164 for the PIN block format will be the default. |
DUKPT Keywords - Single length key derivation
(optional) |
UKPTIPIN | The input_PIN_encrypting_key_identifier is
derived as a single length key. The input_PIN_encrypting_key_identifier must
be a KEYGENKY key with the UKPT usage bit enabled. The input_PIN_profile must
be 48 bytes and contain the key serial number. |
UKPTOPIN | The output_PIN_encrypting_key_identifier is
derived as a single length key. The output_PIN_encrypting_key_identifier must
be a KEYGENKY key with the UKPT usage bit enabled. The output_PIN_profile must
be 48 bytes and contain the key serial number. |
UKPTBOTH | Both
the input_PIN_encrypting_key_identifier and the
output_PIN_encrypting_key_identifier are derived
as a single length key. Both the input_PIN_encrypting_key_identifier and
the output_PIN_encrypting_key_identifier must
be KEYGENKY keys with the UKPT usage bit enabled. Both the input_PIN_profile and
the output_PIN_profile must be 48 bytes and contain
the respective key serial number. |
DUKPT Keywords - double length key derivation
(optional) - requires May 2004 or later version of Licensed Internal Code (LIC) |
DUKPT-IP | The input_PIN_encrypting_key_identifier is
derived as a double length key. The input_PIN_encrypting_key_identifier must
be a KEYGENKY key with the UKPT usage bit enabled. The input_PIN_profile must
be 48 bytes and contain the key serial number. |
DUKPT-OP | The output_PIN_encrypting_key_identifier is
derived as a double length key. The output_PIN_encrypting_key_identifier must
be a KEYGENKY key with the UKPT usage bit enabled. The output_PIN_profile must
be 48 bytes and contain the key serial number. |
DUKPT-BH | Both
the input_PIN_encrypting_key_identifier and the
output_PIN_encrypting_key_identifier are derived
as a double length key. Both the input_PIN_encrypting_key_identifier and
the output_PIN_encrypting_key_identifier must
be KEYGENKY keys with the UKPT usage bit enabled. Both the input_PIN_profile and
the output_PIN_profile must be 48 bytes and contain
the respective key serial number. |
- output_PIN_profile
-
Direction: Input | Type: Character string |
The three 8-byte character elements that contain information
necessary to either create a formatted PIN block or extract a PIN
from a formatted PIN block. A particular PIN profile can be either
an input PIN profile or an output PIN profile, depending on whether
the PIN block is being enciphered or deciphered by the callable service.
- If you choose the TRANSLAT processing rule in the rule_array parameter,
the input_PIN_profile and the output_PIN_profile must
specify the same PIN block format, except on a PCIXCC, CEX2C,
or CEX3C.
- If you choose the REFORMAT processing rule in the rule_array parameter,
the input PIN profile and output PIN profile can have different PIN
block formats.
- If you specify UKPTOPIN or UKPTBOTH in the rule_array parameter,
then the output_PIN_profile is extended to a 48-byte field
and must contain the current key serial number. See The PIN Profile for
additional information.
- If you specify DUKPT-OP or DUKPT-BH in the rule_array parameter,
then the output_PIN_profile is extended to a 48-byte field
and must contain the current key serial number. See The PIN Profile for
additional information.
- PAN_data_out
-
Direction: Input | Type: Character string |
The personal account number (PAN) if the process rule (rule_array parameter)
is REFORMAT and the output PIN format is ISO-0 or VISA-4 only. Otherwise,
this parameter is ignored. Specify 12 digits of account data in character
format.
For ISO-0, use the rightmost 12 digits of the PAN, excluding
the check digit.
For VISA-4, use the leftmost 12 digits of
the PAN, excluding the check digit.
- sequence_number
-
Direction: Input | Type: Integer |
The sequence number if the process rule (rule_array parameter)
is REFORMAT and the output PIN block format is 3621 or 4704-EPP only.
Specify the integer value 99999. Otherwise, this parameter is ignored.
- PIN_block_out
-
Direction: Output | Type: String |
The 8-byte output PIN block that is reenciphered.