When you initialize a CKDS, ICSF uses the current master key and the authentication pattern algorithm to calculate an authentication pattern for the CKDS. ICSF places the value of the authentication pattern in the header record of the CKDS.

At ICSF startup, ICSF uses the authentication pattern to verify that the master key enciphers the current CKDS specified at ICSF startup. It compares the authentication pattern that is stored in the CKDS with the authentication pattern it calculates for the master key. If the authentication patterns do not match, ICSF startup fails, and ICSF gives you a message that states that the master key is not valid.

To calculate the authentication pattern, ICSF uses this algorithm:

1. Encrypt the left half of the master key under the key 6767 6767 6767 6767, using the DES algorithm.
2. Exclusive OR the result of step 1 with the original left half of the key.
3. Use the result of step 2 as the DES key in the DES algorithm to encrypt the right half of the master key.
4. Exclusive OR the result of step 3 with the original right half of the master key.

The resulting 64-bit value is the authentication pattern.