Required commands

The required commands for CSNBEPG.

This verb requires the commands, as shown in the following table, to be enabled in the active role based on the keyword specified for the PIN-calculation methods.

Required commands for the Encrypted PIN Generate verb

Rule-array keyword Offset Command
IBM-PIN X'00B0' Encrypted PIN Generate - 3624
GBP-PIN X'00B1' Encrypted PIN Generate - GBP
INBK-PIN X'00B2' Encrypted PIN Generate - Interbank

An enhanced PIN security mode is available for formatting an encrypted PIN block into IBM® 3624 format using the PADDIGIT PIN-extraction method. This mode limits checking of the PIN to decimal digits, and a minimum PIN length of 4 is enforced; no other PIN-block consistency checking will occur. To activate this mode, enable the Enhanced PIN Security command (offset X'0313') in the active role.

Whenever the ANSI X9.8 PIN - Use stored decimalization tables only command (offset X'0356') command is enabled in the active role, the Decimalization_table element of the data_array value must match one of the PIN decimalization tables that are in the active state on the coprocessor. Use of this command provides improved security and control for PIN decimalization tables. The INBK-PIN PIN-calculation method does not have a Decimalization_table element and is therefore not affected by this command.

When the Disallow translation from DES wrapping to weaker DES wrapping access control point (X'01C7') is enabled in the domain role, this service fails if the outbound_PIN_encrypting_key_identifier is stronger than the PIN_generating_key_identifier.

When the Disallow PIN block format ISO-1 access control point (X'032F') is enabled in the domain role, the PIN block format in the PIN_profile parameter is not allowed to be ISO-1.