The parameters for CSNBDRG2.
- rule_array_count
-
| Direction: |
Input |
| Type: |
Integer |
A pointer to an integer variable containing the number of elements in the
rule_array variable. This value must be 0 or 1.
- rule_array
-
| Direction: |
Input |
| Type: |
String array |
Keywords that provide control information to the verb. The keywords are
left-aligned in an 8-byte field and padded on the right with blanks. The keywords must be in
contiguous storage. The rule_array keywords are described in Table 1. Table 1. Keywords for DK Random PIN Generate2 control
information
Keywords for DK Random PIN Generate2 control information
| Keyword |
Description |
|
PIN Block output selection keyword (One or two, optional) |
| CHIP-EPB |
Specifies to return the randomly generated PIN in a chip-encrypted PIN block in PBF-1 format
using the key identified by the OPIN_chip_encrypted_key_identifier parameter.
Cannot be combined with NOEPB. |
| EPB |
Specifies to return the randomly generated PIN in an encrypted PIN block in PBF-1 format
using the key identified by the OPIN_encrypted_key_identifier parameter
together with a verifying PIN block MAC. Cannot be combined with
NOEPB. |
| NOEPB |
Specifies to not return an encrypted PIN block and PIN block MAC. This is the
default. |
- PAN_data_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length in bytes of the PAN_data parameter. The value
must be in the range 10 - 19.
- PAN_data
-
| Direction: |
Input |
| Type: |
String |
The personal account number in character form to which the PIN is associated. The primary
account number, including check digit, should be included.
- card_p_data_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length in bytes of the card_p_data parameter. The value
must be in the range 2 - 256.
- card_p_data
-
| Direction: |
Input |
| Type: |
String |
The time-invariant card data (CDp), determined by the card issuer, which is used to
differentiate between multiple cards for one account.
- card_t_data_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length in bytes of the card_t_data parameter. The value
must be in the range 2 - 256.
- card_t_data
-
| Direction: |
Input |
| Type: |
String |
The time-sensitive card data, determined by the card issuer, which, together with the
account number and the card_p_data, specifies an individual card.
- PIN_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length of the PIN to be generated. This value must be in the range 4 - 12.
- PRW_key_identifier_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length in bytes of the PRW_key_identifier parameter. If
the PRW_key_identifier contains a label, the length must be 64. Otherwise, the
value must be at least the actual token length, up to 725.
- PRW_key_identifier
-
| Direction: |
Input/Output |
| Type: |
String |
The identifier of the key to verify the PRW of the current PIN block. The key identifier is
an operational token or the key label of an operational token in key storage. The key algorithm of
this key must be AES, the key type must be PINPRW, and the key usage fields must indicate VERIFY,
CMAC, and DKPINOP. If the token supplied was encrypted under the old master key, the token is
returned encrypted under the current master key.
- PIN_print_key_identifier_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length in bytes of the PIN_print_key_identifier
parameter. If the PIN_print_key_identifier contains a label, the value must be
64. Otherwise, the value must be at least the actual token length, up to 725.
- PIN_print_key_identifier
-
| Direction: |
Input/Output |
| Type: |
String |
The identifier of the key to wrap the PIN for printing. The key identifier is an
operational token or the key label of an operational token in key storage. The key algorithm of this
key must be AES, the key type must be PINPROT, and the key usage fields must indicate ENCRYPT, CBC,
and DKPINOPP. If the token supplied was encrypted under the old master key, the token is returned
encrypted under the current master key.
- OPIN_encryption_key_identifier_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length in bytes of the OPIN_encryption_key_identifier
parameter. If the OPIN_encryption_key_identifier contains a label, the length
must be 64. Otherwise, the value must be at least the actual token length, up to 725.
- OPIN_encryption_key_identifier
-
| Direction: |
Input/Output |
| Type: |
String |
The identifier of the key to wrap the new PIN block. The key identifier is an operational
token or the key label of an operational token in key storage. If the rule array indicates that no
encrypted PIN block is to be returned, this value is ignored. The key algorithm of this key must be
AES, the key type must be PINPROT, and the key usage fields must indicate ENCRYPT, CBC, and DKPINOP.
If the token supplied was encrypted under the old master key, the token is returned encrypted
under the current master key.
- OEPB_MAC_key_identifier_length
-
| Direction: |
Input |
| Type: |
Integer |
Specifies the length in bytes of the OEPB_MAC_key_identifier
parameter. If the rule array indicates that no encrypted PIN block MAC is to be returned, this value
must be 0. If the OEPB_MAC_key_identifier contains a label, the length must
be 64. Otherwise, the value must be at least the actual token length, up to 725.
- OEPB_MAC_key_identifier
-
| Direction: |
Input/Output |
| Type: |
String |
The identifier of the key to generate the CMAC of the new PRW. The key identifier is an
operational token or the key label of an operational token in key storage. If the rule array
indicates that no encrypted PIN block MAC is to be returned, this parameter is ignored. The key
algorithm of this key must be AES, the key type must be MAC, and the key usage fields must indicate
GENONLY, CMAC, and DKPINOP. If the token supplied was encrypted under the old master key, the
token is returned encrypted under the current master key.
- PIN_reference_value_length
-
| Direction: |
Input/Output |
| Type: |
Integer |
Specifies the length in bytes of the PIN_reference_value parameter.
This value must be 16. On output, it is set to 16.
- PIN_reference_value
-
| Direction: |
Output |
| Type: |
String |
The calculated 16-byte PIN reference value.
- PRW_random_number_length
-
| Direction: |
Input/Output |
| Type: |
Integer |
Specifies the length in bytes of the PRW_random_number parameter. The
value must be 4. On output, it is set to 4.
- PRW_random_number
-
| Direction: |
Output |
| Type: |
String |
The 4-byte random number associated with the PIN reference value.
- PIN_print_block_length
-
| Direction: |
Input/Output |
| Type: |
Integer |
Specifies the length in bytes of the PIN_print_block parameter. The
value must be at least 32. On output, it is set to 32.
- PIN_print_block
-
| Direction: |
Output |
| Type: |
String |
The 32-byte encrypted PIN block to be passed to the PIN mailer function.
- encrypted_PIN_block_length
-
| Direction: |
Input/Output |
| Type: |
Integer |
Specifies the length in bytes of the encrypted_PIN_block parameter. If
the rule array indicates that no encrypted PIN block should be returned, this value must be 0.
Otherwise, it should be at least 32.
- encrypted_PIN_block
-
| Direction: |
Output |
| Type: |
String |
The 32-byte encrypted PIN block in PBF-1 format. This parameter is ignored if no encrypted
PIN block is returned.
- PIN_block_MAC_length
-
| Direction: |
Input/Output |
| Type: |
Integer |
Specifies the length in bytes of the PIN_block_MAC parameter. If the
rule_array indicates that no PIN block MAC should be returned, this value must be 0. Otherwise, it
must be at least 8.
- PIN_block_MAC
-
| Direction: |
Output |
| Type: |
String |
The 8-byte CMAC of the encrypted PIN block. This parameter is ignored if no encrypted PIN
block is returned.
- chip_encrypted_PIN_block_length
-
| Direction: |
Input/Output |
| Type: |
Integer |
A pointer to an integer variable containing the number of bytes of data in the
chip_encrypted_PIN_block variable. If the rule array does not specify CHIP-EPB,
set this value to 0. Otherwise, on input the value must be at least 32. On output, the variable is
updated with the length of data that is returned in the
chip_encrypted_PIN_block variable. The returned value is either 0 or 32.
- chip_encrypted_PIN_block
-
| Direction: |
Output |
| Type: |
String |
A pointer to a string variable in which the 32-byte chip encrypted PIN block may be returned
in PBF-1 format. If the chip_encrypted_PIN_block_length value is zero, this
parameter is ignored.