Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Usage Notes z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|||||||||||||||||||||||||||||||||||||||||||||||
SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS. PIN block formats are more rigorously validated on the IBM zSeries 990 than on CCF systems. This table lists the PIN block variant constants (PBVC) to be used. Restriction:
PBVC is not supported
on an IBM zSeries 990. If PBVC is specified in the format control parameter
of the PIN profile, the Encrypted PIN Verify service will not be routed
to a PCI Cryptographic Coprocessor for processing. This means that only control vectors and
extraction methods valid for the Cryptographic Coprocessor Feature may be used if PBVC formatting
is desired. It is recommended that a format control of NONE be used
for maximum flexibility.
This table shows the access control points in the ICSF role that control the function of this service.
If any of the Unique Key per Transaction rule array keywords, the UKPT - PIN Verify, PIN Translate access control point must be enabled. If the ANSI X9.8 PIN - Use stored decimalization tables only access control point is enabled in the ICSF role, any decimalization table specified must match one of the active decimalization tables in the coprocessors. This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.
|
Copyright IBM Corporation 1990, 2014
|