Enhanced PIN Security Mode

z/OS Cryptographic Services ICSF Application Programmer's Guide

Enhanced PIN Security Mode

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

An Enhanced PIN Security Mode is available. This optional mode is selected by enabling the PTR Enhanced PIN Security access control point in the PCICC, PCIXCC, CEX2C, or CEX3C default role. When active, this control point affects all PIN callable services that extract or format a PIN using a PIN-block format of 3621 or 3624 with a PIN-extraction method of PADDIGIT.

Table 165 summarizes the callable services affected by the Enhanced PIN Security Mode and describes the effect that the mode has when the access control point is enabled.

Table 165. Callable Services Affected by Enhanced PIN Security Mode
PIN-block format and PIN-extraction method	Callable Services Affected	PIN processing changes when Enhanced PIN Security Mode enabled
ECI-2, 3621, or 3624 formats AND PINLENxx	PIN-block format and PIN-extraction method Clear_PIN_Generate_Alternate Encrypted_PIN_Translate Encrypted_PIN_Verify	The PINLENxx keyword in rule_array parameter for PIN extraction method is not allowed if the Enhanced PIN Security Mode is enabled. Note: The services will fail with return code 8 reason code '7E0'x.
3621 or 3624 format and PADDIGIT	Clear_PIN_Generate_Alternate Encrypted_PIN_Translate Encrypted_PIN_Verify PIN Change/Unblock	PIN extraction determines the PIN length by scanning from right to left until a digit, not equal to the pad digit, is found. The minimum PIN length is set at four digits, so scanning ceases one digit past the position of the 4th PIN digit in the block.
3621 or 3624 format and PADDIGIT	Clear_PIN_Encrypt Encrypted_PIN_Generate Encrypted_PIN_Translate	PIN formatting does not examine the PIN, in the output PIN block, to see if it contains the pad digit.
3621 or 3624 format and PADDIGIT	Encrypted_PIN_Translate	Restricted to non-decimal digit for PAD digit.

Notices | Terms of use | Support | Contact z/OS | zFavorites