Personal authentication is the process of validating personal identities in a financial transaction system. The personal identification number (PIN) is the basis for verifying the identity of a customer across the financial industry networks. A PIN is a number that the bank customer enters into an automatic teller machine (ATM) to identify and validate a request for an ATM service.

You can use ICSF to generate PINs and PIN offsets. A PIN offset is a value that is the difference between two PINs. For example, a PIN offset may be the difference between a PIN that is chosen by the customer and one that is assigned by an institution. You can use ICSF to verify the PIN that was generated by ICSF. You can also use ICSF to protect PIN blocks that are sent between systems and to translate PIN blocks from one format to another. A PIN block contains a PIN and non-PIN data. You use PIN keys to generate and verify PINs and PIN offsets, and to protect and translate PIN blocks. All PIN keys are double-length (128-bit) DES keys.

PIN keys for generating and verifying PINs and PIN offsets

These PIN keys generate and verify PINs and PIN offsets:

PIN Generation Key

A PIN generation key is used in an algorithm to generate PINs or PIN offsets.

To generate PINs, use an application program to call the PIN generate callable service. The PIN generation algorithm uses the PIN generation key and some relevant data to generate a clear PIN, a PIN verification value, or an offset.

PIN Verification Key

A PIN verification key is used in an algorithm to verify PINs and PIN offsets.

To verify a supplied PIN, use an application program to call the PIN verification callable service. You need to specify the supplied enciphered PIN block and PIN-encrypting key that enciphers it. You must also specify the PIN verification key, the PIN verification algorithm, and other relevant data. The callable service generates a verification PIN. It compares the supplied PIN and the verification PIN, and if they are the same, it verifies the supplied PIN.

For a specific PIN generation key and PIN verification key pair, the PIN generation key and the PIN verification key have the same clear value. However, each key is protected by the master key variant for its key type.

PIN keys to protect and translate PIN blocks

These PIN keys protect and translate PIN blocks:

Output PIN-Encrypting Key

Two systems must share a common key for securely transmitting PIN blocks. The output PIN-encrypting key protects PIN blocks that are sent from your system to another system.

PIN-encrypting keys are used in the PIN translate service. Use the PIN translate service to translate PIN blocks from protection under one PIN-encrypting key to protection under another PIN-encrypting key. You can also use the PIN translate service to translate a PIN block from one PIN block format to another PIN block format. For more information about the PIN translate service, see z/OS Cryptographic Services ICSF Application Programmer’s Guide.

Input PIN-Encrypting Key

Two systems must share a common key for securely transmitting PIN blocks. The input PIN-encrypting key protects PIN blocks that are sent from another system to your system.

PIN-encrypting keys are used in the PIN translate service. You also use the input PIN-encrypting key in the PIN verify service. For more information about the PIN translate service and PIN verify service, see z/OS Cryptographic Services ICSF Application Programmer’s Guide.

For a specific pair of PIN-encrypting keys, the input PIN-encrypting key and the output PIN-encrypting key have the same clear value. However, each key is protected by the master key variant for its key type.