Parameters

Edit online

The parameters for CSNBDPMT.

For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.

rule_array_count
A pointer to an integer variable containing the number of elements in the rule_array variable. This value must be 0.
rule_array
A pointer to a string variable containing an array of keywords that control the processing of the verb. Each element in the array must contain a valid keyword that is left-aligned and padded on the right with space characters. The keyword must be in eight bytes of contiguous storage, left-aligned, and padded on the right with blanks. The rule_array keywords are described in Table 1:
Table 1. Keywords for DK PAN Modify in Transaction control information
Keyword Description
PIN-block format (One, optional)
ISO-1 Specifies that the PIN block identified by the ISO_encrypted_PIN_block parameter is in the ISO-1 format. This is the default.
ISO-4 Specifies that the PIN block identified by the ISO_encrypted_PIN_block parameter is in the ISO-4 format.
current_PAN_data_length
Specifies the length in bytes of the current_PAN_data parameter. The value must be in the range 10 - 19.
current_PAN_data
The current PAN data associated with the PIN. The full account number, including check digit, should be included.
new_PAN_data_length
Specifies the length in bytes of the new_PAN_data parameter. The value must be in the range 10 - 19.
new_PAN_data
The new PAN data to be associated with the PIN. The full account number, including check digit, should be included.
current_card_p_data_length
Specifies the length in bytes of the current_card_p_data parameter. The value must be in the range 2 - 256.
current_card_p_data
The time-invariant card data (CDp) of the current account, determined by the card issuer.
current_card_t_data_length
Specifies the length in bytes of the current_card_t_data parameter. The value must be in the range 2 - 256.
current_card_t_data
The time-sensitive card data of the current account, determined by the card issuer.
new_card_p_data_length
Specifies the length in bytes of the new_card_p_data parameter. The value must be in the range 2 - 256.
new_card_p_data
The time-invariant card data (CDp) of the current account, determined by the card issuer.
new_card_t_data_length
Specifies the length in bytes of the new_card_t_data parameter. The value must be in the range 2 - 256.
new_card_t_data
The time-sensitive card data of the current account, determined by the card issuer.
CMAC_FUS_length
Specifies the length in bytes of the CMAC_FUS parameter. The value must be in the range 8 - 16.
CMAC_FUS
The 8-byte to 16-byte MAC that was generated from the current and new PANs and card data strings and PIN reference values. The MAC is generated using the DK PRW CMAC Generate service.
ISO_encrypted_PIN_block_length
Specifies the length of data in bytes in the ISO_encrypted_PIN_block parameter. The value must be 8 for ISO-1 or 16 for ISO-4.
ISO_encrypted_PIN_block
A pointer to a string variable containing the encrypted PIN block in ISO-1 or ISO-4 format from which to extract the PIN.
current_PIN_reference_value_length
Specifies the length in bytes of the current_PIN_reference_value parameter. The value must be 16.
current_PIN_reference_value
The 16-byte PIN reference value for comparison to the calculated value.
current_PRW_random_number_length
Specifies the length in bytes of the current_PRW_random_number parameter. The value must be 4.
current_PRW_random_number
The 4-byte random number associated with the PIN reference value.
CMAC_FUS_key_identifier_length
Specifies the length in bytes of the CMAC_FUS_key_identifier parameter. If CMAC_FUS_key_identifier contains a label, the length must be 64. Otherwise, the value must be at least the actual token length, up to 725.
CMAC_FUS_key_identifier
The identifier of the key to verify the CMAC_FUS value. The key identifier is an operational token or the key label of an operational token in key storage. The key algorithm of this key must be AES, the key type must be MAC, and the key usage fields must indicate VERIFY, CMAC, and DKPINAD2.

If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.

IPIN_encryption_key_identifier_length
Specifies the length in bytes of the IPIN_encryption_key_identifier parameter. Set the value to 64 for an ISO-1 PIN-block, or a maximum of 3500 for an ISO-4 PIN-block. A key label must be at least 64 bytes, and only the first 64 bytes of a key label are used.
IPIN_encryption_key_identifier

A pointer to a string variable containing an operational fixed-length Triple-DES key-token or the key label of such a record in DES key-storage or, beginning with Release 5.4, an operational variable-length AES key-token or the key label of such a record in AES key-storage. The key token contains the inbound PIN encryption key used to recover the PIN from the ISO encrypted PIN block.

If the PIN block is in ISO-1 format, the key token must have a key type of IPINENC. In addition, the control vector must enable the verification of an encrypted PIN (EPINVER, CV bit 19 = B'1').

If the PIN block is in ISO-4 format, the key token must have a token algorithm of AES and a key type of PINPROT. In addition, the key usage fields must have the encryption operation set so that the key can be used for decryption but not encryption (DECRYPT). The encryption mode must be Cipher Block Chaining (CBC), the common control usage set to no field format specification (NOFLDFMT), and the inbound function usage set so that the key can be used to verify an encrypted PIN (EPINVER).

PRW_key_identifier_length
Specifies the length in bytes of the PRW_key_identifier parameter. If PRW_key_identifier contains a label, the length must be 64. Otherwise, the value must be at least the actual token length, up to 725.
PRW_key_identifier
The identifier of the key to verify the input PRW. The key identifier is an operational token or the key label of an operational token in key storage. The key algorithm of this key must be AES, the key type must be PINPRW, and the key usage fields must indicate VERIFY, CMAC, and DKPINOP.

If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.

new_PRW_key_identifier_length
Specifies the length in bytes of the new_PRW_key_identifier parameter. If new_PRW_key_identifier contains a label, the length must be 64. Otherwise, the value must be at least the actual token length, up to 725.
new_PRW_key_identifier
The identifier of the key to generate the new PRW. The key identifier is an operational token or the key label of an operational token in key storage. The key algorithm of this key must be AES, the key type must be PINPRW, and the key usage fields must indicate GENONLY, CMAC, and DKPINOP.

If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.

new_PIN_reference_value_length
Specifies the length in bytes of the new_PIN_reference_value parameter. The value must be at least 16. On output, it is set to 16.
new_PIN_reference_value
The 16-byte new PIN reference value.
new_PRW_random_number_length
Specifies the length in bytes of the new_PRW_random_number parameter. The value must be at least 4. On output, it is set to 4.
new_PRW_random_number
The 4-byte random number associated with the new PIN reference value.