Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Usage Notes z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16 |
|||||||||||||||||||||||||||||||||||||||||
SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS. Use of the Visa-PVV PIN-calculation method will always output four digits rather than padding the output with binary zeros to the length of the PIN. On CCF systems, to use an IPINENC key, you must install the NOCV-enablement keys in the CKDS. This table lists the PIN block variant constants (PBVC) to use. Note:
PBVC is supported for compatibility with prior releases
of OS/390 ICSF and existing ICSF applications. If PBVC is specified
in the format control parameter of the PIN profile, the Clear PIN
Generate Alternate service will not be routed to a PCI Cryptographic Coprocessor for processing.
This means that only control vectors and extraction methods valid
for the Cryptographic Coprocessor Feature may be used if PBVC formatting is desired. It is recommended
that a format control of NONE be used for maximum flexibility. Restriction: PBVC is supported only on an IBM zSeries 900.
This table shows the access control points in the ICSF role that control the function of this service.
If the ANSI X9.8 PIN - Use stored decimalization tables only access control point is enabled in the ICSF role, any decimalization table specified must match one of the active decimalization tables in the coprocessors. This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.
|
Copyright IBM Corporation 1990, 2014
|