Because PKCS #11 tokens are typically physical hardware devices, the PKCS #11 specification provides no mechanism to delete tokens. However, for z/OS PKCS #11 tokens, which are virtual, there must be a capability to delete tokens. An application does this by calling the C_InitToken function with a special label value $$DELETE-TOKEN$$ (assuming code page IBM1047), left justified and padded on the right to 32 characters.
Tip: Use the constant DEL_TOK defined in csnpdefs.h.
You cannot delete the omnipresent token SYSTOK-SESSION-ONLY (created by ICSF to provide PKCS #11 support even if no other token is available to an application). If an application attempts to delete the omnipresent token, the C_InitToken function will fail with a return value of CKR_TOKEN_WRITE_PROTECTED.