Parameters
The parameters for CSNBPFO.
For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.
- rule_array_count
A pointer to an integer variable containing the number of elements in the rule_array variable. This value must be 0.Direction: Input Type: Integer - rule_array
There are no keywords for this service. Therefore, this parameter is ignored.Direction: Input Type: String array - PIN_encryption_key_identifier_length
Length of the PIN_encryption_key_identifier parameter in bytes. The length must be 64 bytes for a fixed-length DES token or a CKDS label or between the actual length of the token and 725 for a variable length token (version X'05') or between the actual length of the token and 9992 for a TR-31 token.Direction: Input Type: Integer - PIN_encryption_key_identifier
Direction: Input Type: String The identifier of the key to encrypt the PIN block. The key identifier is an operational token or the key label of an operational token in key storage. The key may be a DES key (all PIN block formats except ISO-4) or an AES key (PIN block format ISO-4).
For CCA DES keys, the control vector in the fixed-length token must specify an OPINENC key type.
For TR-31 DES keys, the token must have the following attributes:
- TR-31 key usage: P0
- Algorithm: T
- TR-31 mode of key use: E
For CCA AES keys, the variable-length symmetric key token must have a token algorithm of AES and a key type of PINPROT. In addition, the key usage fields may indicate that the key can be used for encryption (ENCRYPT) with PIN function usage CPINENC, the encryption mode must be Cipher Block Chaining (CBC), common usage control must be NOFLDFMT, and PIN block format usage must be ISO-4, and PIN function usage CPINENC must be enabled.
For TR-31 AES keys, the token must have the following attributes:
- TR-31 key usage: P0
- Algorithm: A
- TR-31 mode of key use: E
If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.
- PIN_generation_key_identifier_length
Length of the PIN_generation_key_identifier parameter in bytes. This value must be 64 for a CCA token, or between the actual length of the token and 9992 for a TR-31 token.Direction: Input Type: Integer - PIN_generation_key_identifier
An internal CCA DES or TR-31 DES key token or the label of the token in key storage record. A CCA DES key token must be a PINGEN key that is used to generate the bank reference PIN.Direction: Input Type: String A TR-31 DES key token must have the following attributes:
- TR-31 key usage: V1
- Algorithm: T
- TR-31 mode of key use: C or G
If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.
- PIN_profile
This parameter consists of three 8-byte character elements that contain information necessary to format a PIN block. The pad digit is needed to format an IBM® 3624 PIN block. The format control constant must beDirection: Input Type: String array NONE. The first element of the PIN_profile (PIN Block Format) determines the format of the output PIN block.- PAN_data
Direction: Input Type: String A primary account number (PAN) in character format. The service uses this parameter if the PIN profile specifies the ISO-0, ISO-3, ISO-4, or VISA-4 keyword for the PIN block format. Otherwise, ensure that this parameter is a 12-byte value in application storage. The information in this parameter is ignored, but the parameter must be specified.
When using the ISO-0, ISO-3, or VISA-4 keyword, the value is 12 bytes long. Use the 12 rightmost digits of the PAN data, excluding the check digit.
When using the ISO-4 keyword, the value is 21 bytes long. The PAN data is 10 – 19 bytes long. The length of the PAN data and the PAN data are contained in the structure below padded to 21 bytes with characters that are ignored.
Table 1. PAN data structure PAN data structure for the CSNBPFO verb with offset, length, and description.
Offset Length Description 0 2 Length of the PAN data field, p. 2 p 10 to 19 bytes of PAN data. 2+p 0-9 Padding. - offset
A 16 byte area that contains the 4-byte PVV left-justified and padded with blanks. This is the value which was returned by a prior call to the Clear PIN Generate Alternate service (see Clear PIN Generate Alternate (CSNBCPA)).Direction: Input Type: String - data_array
A pointer to a string variable containing three 16-byte numeric character strings, which are equivalent to a single 48-byte string. The values in the data_array parameter depend on the keyword for the PIN-calculation method. Each element is not always used, but you must always declare a complete data array.Direction: Input Type: String Array Element Description Decimalization_table This element contains the decimalization table of 16 characters that are used to convert the hexadecimal digits X'0' to X'F' of the enciphered validation data to the decimal digits 0 to 9. validation_data This element contains 1 to 16 characters of account data, left justified and padded on the right with spaces. reserved_field Must be 16 bytes of blanks. - reserved_1
The reserved_1 parameter must be zero.Direction: Input Type: Integer - encrypted_PIN_block_length
Length of the encrypted_PIN_block parameter in bytes. When the PIN block format is ISO-4, the length must be 16. For all other formats, the length must be 8.Direction: Input/Output Type: Integer - encrypted_PIN_block
Direction: Input Type: String This parameter contains the encrypted customer PIN that was originally used in the Clear PIN Generate Alternate service (see Clear PIN Generate Alternate (CSNBCPA)). When the PIN block format is ISO-4, the PIN block is 16 bytes long. For all other formats, the PIN block is 8 bytes long.