z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Usage Notes

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS.

PIN block formats are more rigorously validated on the IBM eServer zSeries 990 than on CCF systems.

This table lists the PIN block variant constants (PBVC) to be used.

Restriction:
PBVC is not supported on an IBM eServer zSeries 990. If PBVC is specified in the format control parameter of the PIN profile, the Encrypted PIN Verify service will not be routed to a PCI Cryptographic Coprocessor for processing. This means that only control vectors and extraction methods valid for the Cryptographic Coprocessor Feature may be used if PBVC formatting is desired. It is recommended that a format control of NONE be used for maximum flexibility.
Table 200. PIN Block Variant Constants (PBVCs)
PIN Format NamePIN Block Variant Constant (PBVC)
ECI-2X'00000000000093000000000000009300'
ECI-3X'00000000000095000000000000009500'
ISO-0X'00000000000088000000000000008800'
ISO-1X'0000000000008B000000000000008B00'
VISA-2X'0000000000008D000000000000008D00'
VISA-3X'0000000000008E000000000000008E00'
VISA-4X'00000000000090000000000000009000'
3621X'00000000000084000000000000008400'
3624X'00000000000082000000000000008200'
4704-EPPX'00000000000087000000000000008700'

This table shows the access control points in the ICSF role that control the function of this service.

Table 201. Required access control points for Encrypted PIN Verify
Process ruleAccess control point
IBM-PIN
IBM-PINO
Encrypted PIN Verify - 3624
GBP-PIN
GBP-PINO
Encrypted PIN Verify - GBP
VISA-PVVEncrypted PIN Verify - VISA PVV
INBK-PINEncrypted PIN Verify - Interbank

If any of the Unique Key per Transaction rule array keywords, the UKPT - PIN Verify, PIN Translate access control point must be enabled.

If the ANSI X9.8 PIN - Use stored decimalization tables only access control point is enabled in the ICSF role, any decimalization table specified must match one of the active decimalization tables in the coprocessors.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 202. Encrypted PIN verify required hardware
ServerRequired cryptographic hardwareRestrictions
IBM eServer zSeries 900Cryptographic Coprocessor FeatureIf PBVC is specified for format control, the request will be routed to the Cryptographic Coprocessor Feature.

ISO-3 PIN block format is not supported.

PCI Cryptographic Coprocessor

ICSF routes the request to a PCI Cryptographic Coprocessor if:

  • The PIN profile specifies the ISO-2 PIN block format.
  • Anything is specified other than the default in the PIN extraction method keyword for the given PIN block format in rule_array.
  • The input_PIN_encrypting_key_identifier identifies a key which does not have the default PIN encrypting key control vector (IPINENC).
  • The PIN_verifying_key_identifier identifies a key which does not have the default PIN verify key control vector.
  • The VISAPVV4 rule array keyword is specified.
  • You request UKPT support.

The DUKPT-IP keyword is not supported.

ISO-3 PIN block format is not supported.

IBM eServer zSeries 990

IBM eServer zSeries 890

PCI X Cryptographic Coprocessor

Crypto Express2 Coprocessor

Format control in the PIN profile parameter must specify NONE. GBP-PINO rule array parameter is not supported.

ISO-3 PIN block format is not supported.

IBM System z9 EC

IBM System z9 BC

Crypto Express2 CoprocessorFormat control in the PIN profile parameter must specify NONE. GBP-PINO rule array parameter is not supported.

ISO-3 PIN block format requires the Nov. 2007 or later licensed internal code (LIC).

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014