z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


ANSI X9.8 PIN Restrictions

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Access control points (ACP) in the ICSF role control PIN block processing restrictions from the X9.8 standard. These access control points are available on the z196 with the CEX3C. These callable services are affected by these access control points. These access control points are disabled in the default role. A TKE Workstation is required to enable these ACPs.

  • Clear PIN Generate Alternate (CSNBCPA and CSNECPA)
  • Encrypted PIN Generate (CSNBEPG and CSNEEPG)
  • Encrypted PIN Translate (CSNBPTR and CSNEPTR)
  • Encrypted PIN Verify (CSNBPVR and CSNEPVR)
  • Secure Messaging for PINs (CSNBSPN and CSNESPN)

There are four access control points:

  • ANSI X9.8 PIN - Enforce PIN block restrictions
  • ANSI X9.8 PIN - Allow modification of PAN
  • ANSI X9.8 PIN - Allow only ANSI PIN blocks
  • ANSI X9.8 PIN - Use stored decimalization tables only

PIN decimalization tables can be stored in the CEX3C coprocessors for use by callable services. Only tables that have been activated can be used. A TKE Workstation is required to manage the tables in the coprocessors.

Note:
ICSF routes work to all active coprocessors based on work load. All coprocessors must have the same set of active decimalization tables for the ANSI X9.8 PIN - Use stored decimalization tables only access control point to be effective.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014