DK Random PIN Generate2 (CSNBDRG2)
Use the DK Random PIN Generate2 verb to generate a random PIN of a selected length and calculate a PIN reference value or word (PRW) as outlined in the DK specification. Other PIN processes can use the PRW to verify the PIN. In addition, this verb can optionally return an encrypted PIN block (EPB) together with a verifying PIN block MAC, and it can optionally return a chip encrypted PIN block (CHIP-EPB).
Note:
This verb deprecates the DK Random PIN Generate(CSNBDRPG) verb. In addition to providing all
the function of CSNBDRPG, this verb supports the output of a chip-encrypted PIN block. Weak PINs: The random PIN generation process generates a new PIN until the generated
PIN is not found in the weak PIN table.
The CSNBDRG2 verb performs the
following tasks:
- Generates a random PIN of the selected length and creates a PIN block in a DK-defined format that is used to return a PIN print key to be printed on a PIN mailer.
- Generates a PRW random number and calculates a PIN reference value. These values are returned for later use in other PIN processes to verify the PIN.
- If the rule array specifies to return an encrypted PIN block (EPB), the CSNBDRG2 verb returns an encrypted PIN block together with a verifying PIN block MAC using CMAC calculated over the concatenation of the encrypted PIN block and permanent card data (card_p_data). This information can be stored for later use in personalizing replacement cards.
- If the rule array specifies CHIP-EPB, the CSNBDRG2 verb returns a chip encrypted PIN block.
Note: This verb supports PCI-HSM 2016 compliant-tagged key
tokens.
This verb does not need to document any Restrictions nor Usage notes.