Skip to main content

carding z/OS Cryptographic Services ICSF Application Programmer's Guide SA22-7522-16

 

The Visa International Service Association (VISA) and MasterCard International, Incorporated have specified a cryptographic method to calculate a value that relates to the personal account number (PAN), the card expiration date, and the service code. The VISA card-verification value (CVV) and the MasterCard card-verification code (CVC) can be encoded on either track 1 or track 2 of a magnetic striped card and are used to detect forged cards. Because most online transactions use track-2, the ICSF callable services generate and verify the CVV2 by the track-2 method.

The VISA CVV generate callable service calculates a 1- to 5-byte value through the DES-encryption of the PAN, the card expiration date, and the service code using two data-encrypting keys or two MAC keys. The VISA CVV service verify callable service calculates the CVV by the same method, compares it to the CVV supplied by the application (which reads the credit card's magnetic stripe) in the CVV_value, and issues a return code that indicates whether the card is authentic.

Clear PIN Encrypt Callable Service (CSNBCPE and CSNECPE)

To format a PIN into a PIN block format and encrypt the results, use the Clear PIN Encrypt callable service. You can also use this service to create an encrypted PIN block for transmission. With the RANDOM keyword, you can have the service generate random PIN numbers. Use of this service requires the optional PCIXCC, CEX2C, or CEX3C. An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for formatting an encrypted PIN block into IBM 3621 format or IBM 3624 format. See Clear PIN Encrypt (CSNBCPE and CSNECPE) for more information.

Clear PIN Generate Alternate Callable Service (CSNBCPA and CSNECPA)

To generate a clear VISA PIN validation value from an encrypted PIN block, call the clear PIN generate alternate callable service. This service also supports the IBM-PINO algorithm to produce a 3624 offset from a customer selected encrypted PIN.

An enhanced PIN security mode is available for extracting PINs from encrypted PIN blocks. This mode only applies on PCICC, PCIXCC, CEX2C, or CEX3C, when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See Clear PIN Generate Alternate (CSNBCPA and CSNECPA) for more information.

Note:
The PIN block must be encrypted under either an input PIN-encrypting key (IPINENC) or output PIN-encrypting key (OPINENC). Using an IPINENC key requires NOCV keys to be enabled in the CKDS. Functions other than VISA PIN validation value generation require the optional PCICC, PCIXCC, CEX2C, or CEX3C.

Clear PIN Generate Callable Service (CSNBPGN and CSNEPGN)

To generate personal identification numbers, call the Clear PIN generate callable service. Using a PIN generation algorithm, data used in the algorithm, and the PIN generation key, the callable service generates a clear PIN, a PIN verification value, or an offset. The callable service can only execute in special secure mode, which is described in Special Secure Mode.

CVV Key Combine Callable Service (CSNBCKC and CSNECKC)

This callable service combines 2 single-length CCA internal key tokens into 1 double-length CCA key token containing a CVVKEY-A key type. This combined double-length key satisfies current VISA requirements and eases translation between TR-31 and CCA formats for CVV keys.

The callable service name for AMODE(64) is CSNECKC.

Encrypted PIN Generate Callable Service (CSNBEPG and CSNEEPG)

To generate personal identification numbers, call the Encrypted PIN generation callable service. Using a PIN generation algorithm, data used in the algorithm, and the PIN generation key, the callable service generates a PIN and using a PIN block format and the PIN encrypting key, formats and encrypts the PIN. Use of this service requires the optional PCICC, PCIXCC, CEX2C, or CEX3C. An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for formatting an encrypted PIN block into IBM 3621 format or IBM 3624 format. See Encrypted PIN Generate (CSNBEPG and CSNEEPG) for more information.

Encrypted PIN Translate Callable Service (CSNBPTR and CSNEPTR)

To translate a PIN from one PIN-encrypting key to another or from one PIN block format to another or both, call the Encrypted PIN translation callable service. You must identify the input PIN-encrypting key that originally enciphers the PIN. You also need to specify the output PIN-encrypting key that you want the callable service to use to encipher the PIN. If you want to change the PIN block format, specify a different output PIN block format from the input PIN block format. An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for formatting an encrypted PIN block into IBM 3621 format or IBM 3624 format. The enhanced security mode is also available for extracting PINs from encrypted PIN blocks. This mode only applies when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See Encrypted PIN Translate (CSNBPTR and CSNEPTR) for more information.

Encrypted PIN Verify Callable Service (CSNBPVR and CSNEPVR)

To verify a supplied PIN, call the Encrypted PIN verify callable service. You need to specify the supplied enciphered PIN, the PIN-encrypting key that enciphers it, and other relevant data. You must also specify the PIN verification key and PIN verification algorithm. It compares the two personal identification numbers; if they are the same, it verifies the supplied PIN. See Financial Services for additional information.

An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for extracting PINs from encrypted PIN blocks. This mode only applies when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See Encrypted PIN Verify (CSNBPVR and CSNEPVR) for more information.

PIN Change/Unblock Callable Service (CSNBPCU and CSNEPCU)

To support PIN change algorithms specified in the VISA Integrated Circuit Card Specification, call the PIN change/unblock callable service. The service can be executed on z890/z990 and later machines.

An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for extracting PINs from encrypted PIN blocks. This mode only applies when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See PIN Change/Unblock (CSNBPCU and CSNEPCU) for more information.

Transaction Validation Callable Service (CSNBTRV and CSNETRV)

To support generation and validation of American Express card security codes, call the transaction validation callable service. The service can be executed on z890/z990 and later machines.


2.
The VISA CVV and the MasterCard CVC refer to the same value. CVV is used here to mean both CVV and CVC.

Comments

Popular posts from this blog

Track format of magnetic stripe cards by L. Padilla

  Track format of magnetic stripe cards by L. Padilla This page contains an explanation about the format of the three magnetic tracks in standard identification cards, particularly those used in financial transactions, i.e., credit and debit cards. It is a summary of the international standards ISO 7813 (tracks 1 and 2) and ISO 4909 (track 3). Track 1 (IATA) Up to 79 ALPHA 7-bit (including parity) characters (alphanumeric) including SS, ES and LRC. Read only. It comprises the following fields (in this order): SS: Start Sentinel. 1 character: %. FC: Format Code. 1 character (alphabetic only): A: Reserved for proprietary use of card issuer. B: Bank/financial. This is the format described here. C-M: Reserved for use by ANSI Subcommittee X3B10. N-Z: Available for use by individual card issuers. PAN: Primary Account Number. Up to 19 digits: In accordance with the account numbering scheme in ISO 7812. It co

Driver's License Calculator: USA STATE DRIVERLICENCE NUMBER

Unique ID Software High Programmer > Alan De Smet > Unique ID > Unique ID Software Unique ID Software by Alan De Smet The Unique ID software can calculate various interesting numbers and codes. Notably, for some states, it can determine your driver's license number from your personal information, to determine your personal information from your driver's license number. This is the software I use to run my Unique ID web tools . You can give it a whirl right now . For more information on the various algorithms supports, see the rest of Unique ID site . As with the rest of the Unique ID site, this is the work of a hobbiest. I strive to make it work as well as possible, but I offer ABSOLUTELY NO WARRANTY. You might want to read my full disclaimer . This program is intended to be run as a CGI (Common Gateway Interface) running under a web server like Apache . You can find further information about CGIs . You will want to consul

MODELS 9600/9601/9620/9621 SINGLE-CASSETTE CASH DISPENSER OPERATION MANUAL

For Sales & Service Call: 888-501-5246 MODELS 9600/9601/9620/9621 SINGLE-CASSETTE CASH DISPENSER OPERATION MANUAL FCC COMPLIANCE Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. Note: This equipment has been tested and found to comply with the limits for a Class A digital device, persuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial envi ronment. This equipment generates, uses, and can radiate radio fre quency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio com munications. Operation of this equipment in a