Parameters

Edit online

The parameters for CSNBDRG2.

For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.

rule_array_count
A pointer to an integer variable containing the number of elements in the rule_array variable. This value must be 0 or 1.
rule_array
Keywords that provide control information to the verb. The keywords are left-aligned in an 8-byte field and padded on the right with blanks. The keywords must be in contiguous storage. The rule_array keywords are described in Table 1.
Table 1. Keywords for DK Random PIN Generate2 control information
Keyword Description
PIN Block output selection keyword (One or two, optional)
CHIP-EPB Specifies to return the randomly generated PIN in a chip-encrypted PIN block in PBF-1 format using the key identified by the OPIN_chip_encrypted_key_identifier parameter. Cannot be combined with NOEPB.
EPB Specifies to return the randomly generated PIN in an encrypted PIN block in PBF-1 format using the key identified by the OPIN_encrypted_key_identifier parameter together with a verifying PIN block MAC. Cannot be combined with NOEPB.
NOEPB Specifies to not return an encrypted PIN block and PIN block MAC. This is the default.
PAN_data_length
Specifies the length in bytes of the PAN_data parameter. The value must be in the range 10 - 19.
PAN_data
The personal account number in character form to which the PIN is associated. The primary account number, including check digit, should be included.
card_p_data_length
Specifies the length in bytes of the card_p_data parameter. The value must be in the range 2 - 256.
card_p_data
The time-invariant card data (CDp), determined by the card issuer, which is used to differentiate between multiple cards for one account.
card_t_data_length
Specifies the length in bytes of the card_t_data parameter. The value must be in the range 2 - 256.
card_t_data
The time-sensitive card data, determined by the card issuer, which, together with the account number and the card_p_data, specifies an individual card.
PIN_length
Specifies the length of the PIN to be generated. This value must be in the range 4 - 12.
PRW_key_identifier_length
Specifies the length in bytes of the PRW_key_identifier parameter. If the PRW_key_identifier contains a label, the length must be 64. Otherwise, the value must be at least the actual token length, up to 725.
PRW_key_identifier
The identifier of the key to verify the PRW of the current PIN block. The key identifier is an operational token or the key label of an operational token in key storage. The key algorithm of this key must be AES, the key type must be PINPRW, and the key usage fields must indicate VERIFY, CMAC, and DKPINOP.

If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.

PIN_print_key_identifier_length
Specifies the length in bytes of the PIN_print_key_identifier parameter. If the PIN_print_key_identifier contains a label, the value must be 64. Otherwise, the value must be at least the actual token length, up to 725.
PIN_print_key_identifier
The identifier of the key to wrap the PIN for printing. The key identifier is an operational token or the key label of an operational token in key storage. The key algorithm of this key must be AES, the key type must be PINPROT, and the key usage fields must indicate ENCRYPT, CBC, and DKPINOPP.

If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.

OPIN_encryption_key_identifier_length
Specifies the length in bytes of the OPIN_encryption_key_identifier parameter. If the OPIN_encryption_key_identifier contains a label, the length must be 64. Otherwise, the value must be at least the actual token length, up to 725.
OPIN_encryption_key_identifier
The identifier of the key to wrap the new PIN block. The key identifier is an operational token or the key label of an operational token in key storage. If the rule array indicates that no encrypted PIN block is to be returned, this value is ignored. The key algorithm of this key must be AES, the key type must be PINPROT, and the key usage fields must indicate ENCRYPT, CBC, and DKPINOP.

If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.

OEPB_MAC_key_identifier_length
Specifies the length in bytes of the OEPB_MAC_key_identifier parameter. If the rule array indicates that no encrypted PIN block MAC is to be returned, this value must be 0.

If the OEPB_MAC_key_identifier contains a label, the length must be 64. Otherwise, the value must be at least the actual token length, up to 725.

OEPB_MAC_key_identifier
The identifier of the key to generate the CMAC of the new PRW. The key identifier is an operational token or the key label of an operational token in key storage. If the rule array indicates that no encrypted PIN block MAC is to be returned, this parameter is ignored. The key algorithm of this key must be AES, the key type must be MAC, and the key usage fields must indicate GENONLY, CMAC, and DKPINOP.

If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.

PIN_reference_value_length
Specifies the length in bytes of the PIN_reference_value parameter. This value must be 16. On output, it is set to 16.
PIN_reference_value
The calculated 16-byte PIN reference value.
PRW_random_number_length
Specifies the length in bytes of the PRW_random_number parameter. The value must be 4. On output, it is set to 4.
PRW_random_number
The 4-byte random number associated with the PIN reference value.
PIN_print_block_length
Specifies the length in bytes of the PIN_print_block parameter. The value must be at least 32. On output, it is set to 32.
PIN_print_block
The 32-byte encrypted PIN block to be passed to the PIN mailer function.
encrypted_PIN_block_length
Specifies the length in bytes of the encrypted_PIN_block parameter. If the rule array indicates that no encrypted PIN block should be returned, this value must be 0. Otherwise, it should be at least 32.
encrypted_PIN_block
The 32-byte encrypted PIN block in PBF-1 format. This parameter is ignored if no encrypted PIN block is returned.
PIN_block_MAC_length
Specifies the length in bytes of the PIN_block_MAC parameter. If the rule_array indicates that no PIN block MAC should be returned, this value must be 0. Otherwise, it must be at least 8.
PIN_block_MAC
The 8-byte CMAC of the encrypted PIN block. This parameter is ignored if no encrypted PIN block is returned.
chip_encrypted_PIN_block_length
A pointer to an integer variable containing the number of bytes of data in the chip_encrypted_PIN_block variable. If the rule array does not specify CHIP-EPB, set this value to 0. Otherwise, on input the value must be at least 32. On output, the variable is updated with the length of data that is returned in the chip_encrypted_PIN_block variable. The returned value is either 0 or 32.
chip_encrypted_PIN_block
A pointer to a string variable in which the 32-byte chip encrypted PIN block may be returned in PBF-1 format. If the chip_encrypted_PIN_block_length value is zero, this parameter is ignored.