Parameters

The parameters for CSNBDPV.

For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.

rule_array_count
Direction: Input
Type: Integer
A pointer to an integer variable containing the number of elements in the rule_array variable. This value must be 0.
rule_array
Direction: Input
Type: String array
A pointer to a string variable containing an array of keywords that control the processing of the verb. Each element in the array must contain a valid keyword that is left-aligned and padded on the right as needed with space characters. The keyword must be in eight bytes of contiguous storage, left-aligned, and padded on the right with blanks. The rule_array keywords are described in Table 1
Table 1. Keywords for DK PIN Verify control information

Keywords for DK PIN Verify control information

Keyword Description
PIN-block format (One, optional)
ISO-1 Specifies that the PIN block identified by the ISO_encrypted_PIN_block parameter is in the ISO-1 format. This is the default.
ISO-4 Specifies that the PIN block identified by the ISO_encrypted_PIN_block parameter is in the ISO-4 format.
PAN_data_length
Direction: Input
Type: Integer
Specifies the length in bytes of the PAN_data parameter. The value must be in the range 10 - 19.
PAN_data
Direction: Input
Type: String
The PAN data which the PIN is associated. The full account number, including check digit, should be included.
card_data_length
Direction: Input
Type: Integer
Specifies the length in bytes of the card_data parameter. The value must be in the range 4 - 512.
card_data
Direction: Input
Type: String
The time-invariant card data (CDp) and the time-sensitive card data (CDt) which, together with the account number, specifies an individual card.
PIN_reference_value_length
Direction: Input
Type: Integer
Specifies the length in bytes of the PIN_reference_value parameter. This value must be 16.
PIN_reference_value
Direction: Input
Type: String
The 16-byte PIN reference value for comparison to the calculated value.
PRW_random_number_length
Direction: Input
Type: Integer
Specifies the length in bytes of the PRW_random_number parameter. The value must be 4.
PRW_random_number
Direction: Input
Type: String
The 4-byte random number associated with the PIN reference value.
ISO_encrypted_PIN_block_length
Direction: Input
Type: Integer
Specifies the length of data in bytes in the ISO_encrypted_PIN_block parameter. The value must be 8 for ISO-1 or 16 for ISO-4.
ISO_encrypted_PIN_block
Direction: Input
Type: String
A pointer to a string variable containing the encrypted PIN block in ISO-1 or ISO-4 format from which to extract the PIN.
PRW_key_identifier_length
Direction: Input
Type: Integer
Specifies the length in bytes of the PRW_key_identifier parameter. If the PRW_key_identifier contains a label, the length must be 64. Otherwise, the value must be at least the actual token length, up to 725.
PRW_key_identifier
Direction: Input/Output
Type: String
The identifier of the key to verify the PIN reference value. The key identifier is an operational token or the key label of an operational token in key storage. The key algorithm of this key must be AES, the key type must be PINPRW, and the key usage fields must indicate VERIFY, CMAC, and DKPINOP.

If the token supplied was encrypted under the old master key, the token is be returned encrypted under the current master key.

IPIN_encryption_key_identifier_length
Direction: Input
Type: Integer
Specifies the length in bytes of the IPIN_encryption_key_identifier parameter. Set the value to 64 for an ISO-1 PIN-block, or a maximum of 3500 for an ISO-4 PIN-block. A key label must be at least 64 bytes, and only the first 64 bytes of a key label are used.
IPIN_encryption_key_identifier
Direction: Input/Output
Type: String

A pointer to a string variable containing an operational fixed-length Triple-DES key-token or the key label of such a record in DES key-storage or, beginning with Release 5.4, an operational variable-length AES key-token or the key label of such a record in AES key-storage. The key token contains the inbound PIN encryption key used to recover the PIN from the ISO encrypted PIN block.

If the PIN block is in ISO-1 format, the key token must have a key type of IPINENC. In addition, the control vector must enable the verification of an encrypted PIN (EPINVER, CV bit 19 = B'1').

If the PIN block is in ISO-4 format, the key token must have a token algorithm of AES and a key type of PINPROT. In addition, the key usage fields must have the encryption operation set so that the key can be used for decryption but not encryption (DECRYPT), the encryption mode must be Cipher Block Chaining (CBC), the common control usage set to no field format specification (NOFLDFMT), and the inbound function usage set so that the key can be used to verify an encrypted PIN (EPINVER).