Weak PIN table

Edit online

The DK PIN methods support the use of a table of weak PINs.

Services that generate PINs compare the generated PIN against the table and if the PIN is in the table, the service generates a different PIN. Services that change PINs compare the new PIN against the table and if the new PIN is in the table, the service fails.

Weak PIN tables can be stored in the cryptographic coprocessors for use by callable services. Only tables that have been activated can be used. A TKE Workstation is required to manage the tables in the coprocessors.

A Trusted Key Entry workstation (TKE) is required to administer the weak PIN tables for each adapter. In the TKE documentation and user interface, each domain has a restricted PIN table. The corresponding tab is called Domain Restricted PINs. The user may activate, load, and remove PINs from the weak PIN tables on a per-domain basis.

Note: All coprocessors must have installed the same table of weak PINs.