HSM Programmers Manual - 1270A514-3 PDF
HSM Programmers Manual - 1270A514-3 PDF
HSM Programmers Manual - 1270A514-3 PDF
Programmers Manual
1270A514 Issue 3
1270A514 Issue 3
Host Security Module RG7000
Zaxus
Europe, Middle East, Africa Americas Asia Pacific
Meadow View House 1601 North Harrison Parkway Units 2205-06, 22/F.,
Vicwood Plaza,
Long Crendon Sunshine
199 Des Voeux Road, Central,
Aylesbury FL 33323-2899 Hong Kong
Buckinghamshire USA
HP18 9EQ
UK
Telephone: +44 1844 201800 Telephone: +1 954 846 4700 Telephone: +852 2815 8633
Fax: +44 1844 208550 Fax: +1 954 846 3935 Fax: +852 2815 8141
1270A514 Issue 3
Host Security Module RG7000
CONTENTS
CHAPTER 1 Programming Guide
CHAPTER 2 Host Commands
CHAPTER 3 PIN Block Formats
CHAPTER 4 Error Codes
1270A514 Issue 3
Host Security Module RG7000 PROGRAMMING GUIDE
CHAPTER 1
PROGRAMMING GUIDE
1 INTRODUCTION 1-1
2 GENERAL 1-2
3 TRIPLE DES 1-3
3.1 KEY USAGE 1-3
3.2 KEY ENCRYPTION SCHEMES 1-3
3.3 KEY GENERATE, IMPORT AND EXPORT 1-4
4 COMMAND MESSAGE FORMAT 1-5
4.1 START OF TEXT CHARACTER 1-5
4.2 MESSAGE HEADER 1-5
4.3 COMMAND CODE 1-5
4.4 DATA 1-5
4.5 MESSAGE TRAILER 1-6
4.6 END OF TEXT CHARACTER 1-6
5 RESPONSE MESSAGE FORMAT 1-7
5.1 START OF TEXT CHARACTER 1-7
5.2 MESSAGE HEADER 1-7
5.3 RESPONSE CODE 1-8
5.4 ERROR CODE 1-8
5.5 DATA 1-8
5.6 MESSAGE TRAILER 1-8
5.7 END OF TEXT CHARACTERS 1-8
6 DATA REPRESENTATION 1-9
6.1 ASCII CHARACTER CODES 1-10
6.2 EBCDIC CHARACTER CODES 1-11
7 TRANSPARENT ASYNCHRONOUS COMMUNICATIONS 1-13
7.1 MESSAGE FORMAT 1-13
7.2 HSM PROCESSING OF PACKETS 1-13
7.3 PARITY ERRORS 1-14
8 INPUT/OUTPUT FLOW CONTROL 1-15
9 ERROR HANDLING 1-16
10 USE OF MULTIPLE HSMS 1-17
11 USER STORAGE 1-18
11.1 ASSIGNING AND USING INDICES 1-18
11.2 SPECIFYING STORED DATA 1-19
12 PRINTING AT AN HSM-ATTACHED PRINTER 1-21
13 REJECTION OF WEAK AND SEMI-WEAK KEYS 1-22
14 LOCAL MASTER KEYS 1-23
15 LOCAL MASTER KEY VARIANTS 1-25
16 LOCAL MASTER KEY TRIPLE DES VARIANT SCHEME 1-27
1 INTRODUCTION
The Host Security Module (HSM) acts as a peripheral to the Host computer. It performs
cryptographic processing in a physically secure environment on behalf of the Host. The
processing is performed by the HSM in response to commands which it receives via a serial
data link.
Typically the HSM is used in a realtime, online environment performing key management, PIN
and MAC related functions as required by the system.
This manual contains programming notes to assist the application programmer and a complete
command reference section detailing each of the Host commands available. A glossary of
terms is included at the end of the Installation and Operation manual.
For commands that are entered manually at a Console terminal attached to the HSM, see the
associated Installation and Operation Manual.
2 GENERAL
The application program sends commands to the HSM, and receives responses from the HSM.
Each command and response consists of a variable number of fields.
In order that the data can be sent via a serial data link, it is encoded as either ASCII or EBCDIC
characters (the choice is made during the HSM configuration).
Versions of the HSM can be configured to support asynchronous, bisynchronous, SNA, SDLC,
TCP/IP and IBM channel communications protocols. The HSM has no flow control support so
the programmer must ensure that the HSM input buffer is not exceeded.
The HSM returns an error code to the Host as part of the response message. The programmer
must ensure that a suitable response is made to each type of error.
In a typical system, a minimum of two HSMs are connected to the Host via separate Host ports.
The HSMs are independent, and the programmer should make maximum use of all the HSMs
to increase throughput, using one HSM if another is already processing data or is faulty. Also, it
is useful to ensure that the program allows for additional HSMs to be subsequently added as
throughput requirements increase.
Each HSM has a user storage area reserved for use by the programmer to store data required
by the HSM during processing. Typically it is used to store keys and tables. Instructing the HSM
to access data from user storage reduces the amount of data necessary in each command, and
thus reduces the communications time.
There is a facility to print data (e.g., account holder PINs) at a printer connected to an RG7X00
series HSM. The HSM must have format information for the data before sending it to the
printer. The program must send a print format command to the HSM before print commands
can be issued.
Normally the HSM responds to all data that it receives. However, in some environments, the
Host computer sends system messages to all attached devices. The HSM has support for two
IBM environments where this occurs; these are CICS and IMS.
The RG7X10 High-Speed HSM does not support printing functions in its standard command
set. The printing facilities can be made available to special order. It is recommended that an
RG7X00 series HSM is chosen to implement secure printing facilities.
3 TRIPLE DES
The HSM host commands support single, double and triple length DES keys. The command
set is completely backward compatible with earlier versions of firmware. The commands
support extensions to enable the specification of key length and key encryption scheme to use.
To support double and triple length keys throughout the command set key scheme tags have
been defined these enable the HSM to determine the key length and encryption mechanism
used for a key. The key scheme tag prefixes the key. This is the 1A+32H or 1A+48H length
and types.
Variant method
Each key of a double or triple length key is encrypted separately using the ECB mode of
encryption. For the second or third key, depending on whether it is a double or triple length key,
a variant is applied to the encryption key. There are five variants to enable the encryption of
each key distinctly. This application of variants enforces the key use as a double or triple length
key and the key order. This scheme is available for encryption of keys under the Local Master
Key and for import and export of keys.
Local Master Keys by definition are double length keys consisting of a left and right half. Each
half consists of 16 hexadecimal characters. Other keys, such as ZMKs may be of double or
triple lengths. Triple length keys are comprised of three parts; left, middle and right. Each part,
like double length keys, consists of 16 hexadecimal characters. The variant is applied to the
right half of double length encrypting keys, and to the middle part of triple length encrypting
keys.
Example:
1270A514 Issue 3 1-3
PROGRAMMING GUIDE Host Security Module RG7000
Given a double length encrypting key of: XXXX XXXX XXXX XXXX YYYY YYYY YYYY YYYY
And a double length key of: AAAA AAAA AAAA AAAA BBBB BBBB BBBB BBBB
Given a double length encrypting key of: XXXX XXXX XXXX XXXX YYYY YYYY YYYY YYYY
And a triple length key of: AAAA AAAA AAAA AAAA BBBB BBBB BBBB BBBB
CCCC CCCC CCCC CCCC
Variants are applied by Exclusive Oring (XOR) the first two characters of Y with the Variant.
The extension consists of a delimiter ; and three single character option fields. If the
extension is used all fields must be provided. If the command does not use an option 0 or any
valid value can be entered in that field. The option will be ignored during processing.
Command code
Message Header
Start of text character
It can be used to label commands and their responses for systems that implement batch
queues or which multi-thread commands.
4.4 Data
Most HSM commands require data, often including cryptographic keys. Details of the data are
shown for each command in Chapter 3, PIN Block Formats.
The data in this field can be any printable character, and it is returned in the response message
unchanged.
In response to a command.
As a second response to a print command after the HSM has finished sending the print
data to the printer.
In response to the entry of PIN solicitation data at the Console (but only after the Host has
enabled this function).
6 DATA REPRESENTATION
With the exception of the STX (X'02), ETX (X'03) and EM (X'19) control characters, the HSM
expects all data to be encoded as either ASCII or EBCDIC characters. Where the HSM does
not try and interpret the data (e.g., in the message header and message trailer fields), it is
possible to include other control characters, but this is not good practice.
When sending data to the HSM, other than data that is already in character format, encode
each digit (0-9, A-F) as a character (e.g., to send the hexadecimal value 1234ABCD to the HSM
requires 8 characters).
NUL 00 SP 20 @ 40 ` 60
SOH 01 ! 21 A 41 a 61
STX 02 " 22 B 42 b 62
ETX 03 # 23 C 43 c 63
EOT 04 $ 24 D 44 d 64
ENQ 05 % 25 E 45 e 65
ACK 06 & 26 F 46 f 66
BEL 07 ' 27 G 47 g 67
BS 08 ( 28 H 48 h 68
HT 09 ) 29 I 49 i 69
LF OA * 2A J 4A j 6A
VT OB + 2B K 4B k 6B
FF OC , 2C L 4C l 6C
CR OD - 2D M 4D m 6D
SO OE . 2E N 4E n 6E
SI OF / 2F O 4F o 6F
DLE 10 0 30 P 50 p 70
DC1 11 1 31 Q 51 q 71
DC2 12 2 32 R 52 r 72
DC3 13 3 33 S 53 s 73
DC4 14 4 34 T 54 t 74
NAK 15 5 35 U 55 u 75
SYN 16 6 36 V 56 v 76
ETB 17 7 37 W 57 w 77
CAN 18 8 38 X 58 x 78
EM 19 9 39 Y 59 y 79
SUB 1A : 3A Z 5A z 7A
ESC 1B ; 3B [ 5B { 7B
FS 1C < 3C \ 5C | 7C
GS 1D = 3D ] 5D } 7D
RS 1E > 3E ^ 5E ~ 7E
US 1F ? 3F = 5F DEL 7F
NUL 00 SP 40 80 C0
SOH 01 41 a 81 A C1
STX 02 42 b 82 B C2
ETX 03 43 c 83 C C3
04 44 d 84 D C4
HT 05 45 e 85 E C5
06 46 f 86 F C6
DEL 07 47 g 87 G C7
08 48 h 88 H C8
09 49 i 89 I C9
0A 4A 8A CA
VT 0B .(period) 4B { 8B CB
FF 0C < 4C 8C CC
CR 0D ( 4D 8D CD
SO 0E + 4E 8E CE
SI 0F | 4F 8F CF
DLE 10 & 50 90 D0
DC1 11 51 j 91 J D1
DC2 12 52 k 92 K D2
DC3 13 53 l 93 L D3
14 54 m 94 M D4
15 55 n 95 N D5
BS 16 56 o 96 O D6
17 57 p 97 P D7
CAN 18 58 q 98 Q D8
EM 19 59 r 99 R D9
1A ! 5A 9A DA
1B $ 5B } 9B DB
1C * 5C 9C DC
1D ) 5D 9D DD
1E ; 5E 9E DE
1F 5F 9F DF
20 - (minus) 60 A0 \ E0
21 / 61 ~ (tilde) A1 E1
FS 22 62 s A2 S E2
23 63 t A3 T E3
24 64 u A4 U E4
LF 25 65 v A5 V E5
ETB 26 66 w A6 W E6
ESC 27 67 x A7 X E7
28 68 y A8 Y E8
29 69 z A9 Z E9
2A 6A AA EA
2B ,(comma) 6B AB EB
2C % 6C AC EC
ENQ 2D underscore 6D [ AD ED
ACK 2E > 6E AE EE
BEL 2F ? 6F AF EF
30 70 B0 0 F0
31 71 B1 1 F1
SYN 32 72 B2 2 F2
33 73 B3 3 F3
34 74 B4 4 F4
35 75 B5 5 F5
36 76 B6 6 F6
EOT 37 77 B7 7 F7
38 78 B8 8 F8
39 `(grave) 79 B9 9 F9
3A : 7A BA FA
3B # 7B BB FB
DC4 3C @ 7C BC FC
NAK 3D ' 7D ] BD FD
3E = 7E BE FE
SUB 3F " 7F BF FF
Where:
Checks the LRC value with that computed over the input data and returns a response
message with Error 91 if a match is not obtained.
Checks that the Count value is between limits. If this check fails, the HSM responds in
one of two ways:
Checks that the number of characters received between the Count characters and the
LRC matches the value in Count. If this check fails, it returns a response message with
Error 92.
lf no errors are discovered in the Transparent Async packet, the HSM processes the
command and responds accordingly.
If the HSM discovers both errors (Error 91 and Error 92), it reports Error 92.
No single command contains more than 2048 bytes (1024 for SNA-SDLC) (including any STX
and ETX characters). The Async connected HSM operates in half duplex the response to a
command must be received before a new command request is sent.
9 ERROR HANDLING
There are four types of errors generated by the HSM:
Fatal errors.
Non-recoverable errors.
Recoverable errors.
Programming errors.
Fatal errors indicate a hardware fault in the equipment. Such an error should be logged and
reported for user action to be taken (e.g., report to supervisor).
Non-recoverable errors cannot be rectified by the program and need user intervention (e.g.,
with the HSM set into the Authorised state). Such errors should also be logged and reported for
user action to be taken (e.g., report to supervisor). This type of error does not mean that the
HSM cannot action other types of commands.
Recoverable errors may be the result of data corruption or indicate that the HSM cannot
process a command because some other action is required first. The application should
attempt to recover by re-issuing the command, attempting to clear the corruption or by
implementing the missing action (e.g., the HSM reports that the print format definition is not
loaded, so the program should load it and re-issue the failed command).
Programming errors are normally found during testing, but if they occur at other times, they are
probably non-recoverable.
Additionally the application should monitor the HSM for timeouts on the interface.
In any of the above events, the application should try to continue processing by using another
HSM to action the command. Continued failure may indicate a catastrophic failure of all HSMs
(unlikely), a power failure or a program error.
The application should monitor usage of all HSMs and mark any unit as "out of service" if it has
given a fatal error, or where a unit repeatedly reports non-recoverable errors.
Each HSM is normally connected to the Host via a separate Host port, although a port-sharing
unit can be used if the number of Host ports available is limited. The sharing configuration is not
capable of providing backup if the port or the port-sharing unit becomes faulty.
Optionally it is possible to have a backup unit not connected to the Host but ready for
connection in place of a faulty unit. (This is not the preferred practice because the unit may
remain idle for a long time and may itself have developed a fault).
In addition to the live units, a typical system contains at least one HSM connected to a test or
development computer system. This allows changes in the environment to be tested, without
disturbing the live system.
11 USER STORAGE
The HSM areas of memory allocated to store data for use during processing. This facility allows
commonly-used data to be held within the HSM, and not transmitted with each command that
requires it. This reduces communications time and thus increases throughput.
User data is stored in 8-byte blocks, each block containing 16 hexadecimal digits. The size of
key to store in the user storage area is configured via the configure security (CS) command.
The user storage is indexed with reference to the key size. If keys of shorter lengths or
decimalization tables are to be loaded they should be padded with F to the key length
configured i.e. Filling the index location.
An index points to a key block this varies in length depending on the key length specified in the
configure security command. For example, if loading two encrypted working keys and
specifying X'000 as the base index, the first encrypted key is stored in bytes 0-7; the second
encrypted key is stored in bytes 8-15.
Location 154
Byte Byte
Location 155
8184 8191
Location 1FE
Byte Byte
Location 1FF
8184 8191
Location 3FE
Byte Byte
Location 3FF
8184 8191
Location FFE
Byte
Location FFF
98303
Data can be stored in continuous bytes, or in discrete areas of memory. The only requirement
for index assignment applies to storage of the Diebold table. This table must be stored as 256
1-18 1270A514 Issue 3
Host Security Module RG7000 PROGRAMMING GUIDE
contiguous bytes. Thus, X'3E0 is the highest possible base index that can be specified when
the Diebold table is loaded or accessed.
It is the programmer's responsibility to assign and keep track of the indices. When an index is
provided to load new data, the HSM does not check the memory location to determine if it
already contains data. If the wrong index is provided, the data overwrites the previous contents.
For example, if X'000 is specified as the base index when loading the Diebold table, and the
same index is then used to load an encrypted key, the table is invalidated.
To indicate the substitution of an index for a data element, the data element in the transaction
must begin with the index flag K, followed by the 3-digit index value. These four characters
replace the key (or other data elements). A key of appropriate length will be extracted based
upon the key scheme and the key length expected by the command. The exception is if the
HSM is configured for single length keys and the command expects a double length key (32H)
for backwards compatibility the command will require two indices to be specified.
If the triple DES key schemes are used a number of scenarios exist.
1. All key lengths used configure for either single or triple length keys.
2. Single and double length keys used - configure for either single or double length keys.
3. Single and triple length keys used - configure for either single or triple length keys.
4. Double length keys used - configure for either single or double length keys.
5. Triple length keys used - configure for either single or triple length keys.
Examples
To supply a single length key to a command there is no key scheme and a single index. - K000
To supply a double length key to a command using the U scheme the key scheme and a single
index must be provided. - UK000
To supply a triple length key using the T scheme to a command the key scheme and the index
must be provided. - TK000
If the HSM is configured for single length keys a index will return a single length key if no key
scheme specified or an appropriate key if a key scheme supplied.
Example
To supply a single length key to a command there is no key scheme and a single index. - K000
To supply a double length Key to a command no key scheme (32H) two index must be
provided. - UK000
To supply a triple length Key to a command the key scheme and a single index must be
provided. - TK000
The application should reload user storage if the HSM reports that the user storage has been
erased, or there is a key parity error.
The HSM must also be in the Authorised state; if it is not, an error is returned. To enable the
HSM to format the data before sending it to the printer, the HSM must be given formatting
details by the Host. The HSM retains this information until new details are provided or until:
When the printer is connected, the HSM is in the Authorised state, and the formatting data has
been provided, the following sequence occurs:
The Host sends a print command with encrypted data to the HSM.
The HSM verifies the data and sends a response message to the Host. If there is an error
in the data, the next step does not occur.
The HSM formats the data and outputs it to the printer. On completion, the HSM sends a
second response message to the Host indicating that the printing is complete and the next
print command can be sent.
2. Identify which Variant of the LMK is required and select the appropriate offset value:
Variant 2: 5A.
3. Exclusive-OR add the selected offset to the first byte of the LMK pair (01 in the
example above).
4. Replace the left-most byte of the LMK pair with the result of Step 3 and use the resulting
key as the specified Variant:
Variant 1 : A6
Variant 2 : 5A
Variant 3 : 6A
Variant 4 : DE
Variant 5 : 2B
Variant 6 : 50
Variant 7 : 74
Variant 8 : 9C
When the Variants are applied to the standard test LMK set, the left-most bytes of the sets are
as follows:
00-01 A7 5B 6B DF 2A 51 75 9D
02-03 86 7A 4A FE 0B 70 54 BC
04-05 E6 1A 2A 9E 6B 10 34 DC
06-07 C7 3B 0B BF 4A 31 15 FD
08-09 26 DA EA 5E AB D0 F4 1C
10-11 07 FB CB 7F 8A F1 D5 3D
12-13 67 9B AB 1F EA 91 B5 5D
14-15 46 BA 8A 3E CB B0 94 7C
16-17 BA 46 76 C2 37 4C 68 80
18-19 A7 5B 6B DF 2A 51 75 9D
20-21 A4 58 68 DC 29 52 76 9E
22-23 A1 5D 6D D9 2C 57 73 9B
24-25 B5 49 79 CD 38 43 67 8F
26-27 B0 4C 7C C8 3D 46 62 8A
28-29 BC 40 70 C4 31 4A 6E 86
30-31 85 79 49 FD 08 73 57 BF
32-33 80 7C 4C F8 0D 76 52 BA
34-35 8C 70 40 F4 01 7A 5E B6
36-37 89 75 45 F1 04 7F 5B B3
38-39 A7 5B 6B DF 2A 51 75 9D
5. Identify which Variant of the LMK is required and select the appropriate offset value:
Variant 2: A6.
6. Exclusive-OR add the selected offset to the first byte of the second key within the LMK pair
(31 in the example above).
7. Replace the left-most byte of the LMK pair with the result of Step 3 and use the resulting
key as the specified Variant:
When the Variants are applied to the standard test LMK set, the first byte of the second key are
as follows:
1 of 2 2 of 2 1 of 3 2 of 3 3 of 3
04 - 05 F7 0B 3B 8F 7A
06 07 D6 2A 1A AE 5B
14 15 57 AB 9B 2F DA
16 17 A7 5B 6B DF 2A
18 - 19 A7 5B 6B DF 2A
20 21 42 5E 6E DA 2F
22 - 23 B6 4A 7A CE 3B
24 25 B3 4F 7F CB 3E
26 27 BF 43 73 C7 32
28 29 BA 46 76 C2 37
30 - 31 83 7F 4C FB 0E
32 33 8F 73 43 F7 02
34 - 35 8A 76 46 F2 07
35 37 97 6B 5B EF 1A
38 - 39 A7 5B 6B DF 2A
CHAPTER 2
HOST COMMANDS
CONTENTS Page
1 GENERAL 2-1
2 HOST COMMANDS 2-2
2.1 LIST OF HOST COMMANDS (ALPHABETICAL) 2-2
2.2 LIST OF HOST COMMANDS (FUNCTIONAL) 2-6
3 GENERIC KEY MANAGEMENT COMMANDS 2-12
3.1 KEY TYPE TABLE 2-12
3.2 KEY SCHEME TABLE 2-12
3.3 GENERATE A KEY 2-13
3.4 GENERATE AND PRINT A COMPONENT 2-14
3.5 GENERATE AND PRINT A KEY AS SPLIT COMPONENTS 2-16
3.6 FORM A KEY FROM ENCRYPTED COMPONENTS 2-18
3.7 IMPORT A KEY 2-19
3.8 EXPORT A KEY 2-20
3.9 TRANSLATE KEY SCHEME 2-21
4 ZONE MASTER KEY MANAGEMENT 2-22
4.1 GENERATE AND PRINT A ZMK COMPONENT 2-22
4.2 FORM A ZMK FROM THREE ZMK COMPONENTS 2-24
4.3 FORM A ZMK FROM 2 TO 9 ZMK COMPONENTS 2-25
4.4 TRANSLATE ZMK FROM ZMK TO LMK ENCRYPTION 2-27
5 ZONE PIN KEY MANAGEMENT 2-29
5.1 GENERATE A ZPK 2-30
5.2 TRANSLATE A ZPK FROM ZMK TO LMK ENCRYPTION 2-31
5.3 TRANSLATE A ZPK FROM LMK TO ZMK ENCRYPTION 2-33
6 ZONE ENCRYPTION, ZONE AUTHENTICATION KEY MANAGEMENT 2-34
6.1 GENERATE ZEK/ZAK 2-35
6.2 TRANSLATE A ZEK/ZAK FROM ZMK TO LMK ENCRYPTION 2-36
6.3 TRANSLATE A ZEK/ZAK FROM LMK TO ZMK ENCRYPTION 2-37
7 TERMINAL MASTER, TERMINAL PIN AND PIN VERIFICATION KEY
MANAGEMENT 2-38
7.1 GENERATE AND PRINT A TMK, TPK OR PVK 2-39
7.2 GENERATE A TMK, TPK OR PVK 2-41
7.3 TRANSLATE A TMK, TPK OR PVK FROM LMK TO ANOTHER TMK, TPK OR PVK 2-42
7.4 TRANSLATE A TMK, TPK OR PVK FROM ZMK TO LMK ENCRYPTION 2-43
7.5 TRANSLATE A TMK, TPK OR PVK FROM LMK TO ZMK ENCRYPTION 2-44
7.6 GENERATE A PAIR OF PVKS 2-46
8 TERMINAL AUTHENTICATION KEY MANAGEMENT 2-48
8.1 GENERATE A TAK 2-49
8.2 TRANSLATE A TAK FROM ZMK TO LMK ENCRYPTION 2-50
8.3 TRANSLATE A TAK FROM LMK TO ZMK ENCRYPTION 2-51
1270A514 Issue 3 Chapter 2
HOST COMMANDS Host Security Module RG7000
16.5 GENERATE MAC (MAB) USING ANSI X9.19 METHOD FOR A LARGE MESSAGE 2-107
17 BASE24 BINARY MAC COMMANDS 2-110
17.1 GENERATE A BINARY MAC (BASE24) 2-110
17.2 VERIFY A BINARY MAC (BASE24) 2-112
17.3 VERIFY AND TRANSLATE A BINARY MAC (BASE24) 2-113
18 USER STORAGE SUPPORT 2-114
18.1 LOAD DATA TO USER STORAGE 2-114
18.2 READ DATA FROM USER STORAGE 2-115
18.3 VERIFY THE DIEBOLD TABLE IN USER STORAGE 2-116
19 PRINT OUTPUT FORMATTING 2-117
19.1 PRINTING PINS IN W ORD FORMAT 2-120
19.2 PRINTING PINS IN COLUMNS 2-121
19.3 LOAD FORMATTING DATA TO HSM 2-122
19.4 LOAD ADDITIONAL FORMATTING DATA TO HSM 2-123
19.5 LOAD A PIN TEXT STRING 2-124
20 TRANSLATE DATA AFTER CHANGE OF LOCAL MASTER KEYS 2-125
20.1 TRANSLATE A ZMK 2-125
20.2 TRANSLATE A ZPK 2-126
20.3 TRANSLATE A TMK, TPK OR PVK 2-127
20.4 TRANSLATE A TAK 2-128
20.5 TRANSLATE A PIN AND PIN LENGTH 2-129
20.6 TRANSLATE KEYS FROM OLD LMK TO NEW LMK 2-130
20.7 ERASE THE KEY CHANGE STORAGE 2-132
21 MISCELLANEOUS COMMANDS 2-133
21.1 CANCEL THE AUTHORISED STATE 2-133
21.2 GENERATE A KEY CHECK VALUE (NOT DOUBLE-LENGTH ZMK) 2-134
21.3 GENERATE A KEY CHECK VALUE 2-135
21.4 SET HSM RESPONSE DELAY 2-137
21.5 PERFORM DIAGNOSTICS 2-138
21.6 HSM STATUS 2-139
22 VISA CARD VERIFICATION VALUES 2-140
22.1 GENERATE A CVK PAIR 2-140
22.2 TRANSLATE A CVK PAIR FROM LMK TO ZMK ENCRYPTION 2-141
22.3 TRANSLATE A CVK PAIR FROM ZMK TO LMK ENCRYPTION 2-142
22.4 TRANSLATE A CVK PAIR FROM OLD LMK TO NEW LMK ENCRYPTION 2-143
22.5 GENERATE A VISA CVV 2-144
22.6 VERIFY A VISA CVV 2-145
23 VISA CASH SYSTEM 2-146
23.1 GENERATE AND EXPORT A *KML 2-147
23.2 IMPORT A *KML 2-148
23.3 VERIFY LOAD SIGNATURE S1 AND GENERATE LOAD SIGNATURE S2 2-149
23.4 VERIFY LOAD COMPLETION SIGNATURE S3 2-150
23.5 VERIFY UNLOAD SIGNATURE S1 AND GENERATE UNLOAD SIGNATURE S2 2-151
23.6 VERIFY UNLOAD COMPLETION SIGNATURE S3 2-152
24 CHIP CARD 2-153
24.1 ARQC (OR TC/AAC) VERIFICATION AND/OR ARPC GENERATION 2-154
24.2 DATA AUTHENTICATION CODE AND DYNAMIC NUMBER VERIFICATION 2-156
1270A514 Issue 3 Chapter 2
HOST COMMANDS Host Security Module RG7000
24.3 GENERATE SECURE MESSAGE WITH INTEGRITY AND OPTIONAL CONFIDENTIALITY 2-157
25 AMERICAN EXPRESS CARD SECURITY CODE 2-159
25.1 GENERATE A *CSCK 2-159
25.2 EXPORT A *CSCK 2-160
25.3 IMPORT A *CSCK 2-161
25.4 CALCULATE CARD SECURITY CODES 2-163
25.5 VERIFY CARD SECURITY CODES 2-164
26 RACAL TRANSACTION KEY SCHEME (RTKS) 2-165
26.1 TRANSACTION REQUEST W ITH A PIN (T/AQ KEY) 2-167
26.2 TRANSACTION REQUEST W ITHOUT A PIN 2-169
26.3 TRANSACTION REQUEST W ITH A PIN (T/CI KEY) 2-171
26.4 TRANSLATE KEYVAL 2-173
26.5 ADMINISTRATION REQUEST MESSAGE 2-174
26.6 TRANSACTION RESPONSE WITH AUTH PARA FROM CARD ISSUER 2-176
26.7 GENERATE AUTH PARA AND TRANSACTION RESPONSE 2-178
26.8 CONFIRMATION 2-180
27 DERIVED UNIQUE KEY PER TRANSACTION (DUKPT) SYSTEM 2-182
27.1 GENERATE AN BASE DERIVATION KEY (*BDK) 2-183
27.2 TRANSLATE A PIN FROM *BDK ENCRYPTION TO INTERCHANGE KEY ENCRYPTION 2-184
27.3 VERIFY A PIN USING THE IBM METHOD 2-185
27.4 VERIFY A PIN USING THE VISA PVV METHOD 2-186
27.5 VERIFY A PIN USING THE DIEBOLD METHOD 2-187
27.6 VERIFY A PIN USING THE ENCRYPTED PIN METHOD 2-188
27.7 TRANSLATE A BASE DERIVATION KEY FROM *ZMK TO LMK ENCRYPTION 2-189
27.8 TRANSLATE A BASE DERIVATION KEY FROM LMK TO *ZMK ENCRYPTION 2-190
28 AUSTRALIAN TRANSACTION KEY SCHEME (ATKS) 2-191
28.1 TRANSACTION REQUEST W ITHOUT A PIN 2-192
28.2 TRANSACTION REQUEST W ITH A PIN (T/AQ KEY) 2-194
28.3 TRANSACTION REQUEST W ITH A PIN (T/CI KEY) 2-196
28.4 TRANSACTION RESPONSE W ITH AUTH PARA GENERATED BY THE ACQUIRER 2-198
28.5 TRANSACTION RESPONSE W ITH AUTH PARA GENERATED BY THE CARD ISSUER 2-200
28.6 TRANSLATE A PIN FROM PEK TO ZPK ENCRYPTION 2-202
28.7 VERIFY A TRANSACTION COMPLETION CONFIRMATION REQUEST 2-203
28.8 GENERATE A TRANSACTION COMPLETION RESPONSE 2-205
28.9 VERIFY A PIN AT THE CARD ISSUER USING THE IBM METHOD 2-207
28.10 VERIFY A PIN AT THE CARD ISSUER USING THE DIEBOLD METHOD 2-209
28.11 VERIFY A PIN AT THE CARD ISSUER USING THE VISA METHOD 2-211
28.12 VERIFY A PIN AT THE CARD ISSUER BY COMPARISON 2-213
28.13 GENERATE AUTH PARA AT THE CARD ISSUER 2-215
28.14 MESSAGE AUTHENTICATION MODE NUMBERS 2-216
28.15 GENERATE A MAC ON A BINARY MESSAGE 2-217
28.16 VERIFY A MAC ON A BINARY MESSAGE 2-219
29 USING THE OPTIONAL RSA CRYPTOSYSTEM 2-221
29.1 GENERATE AN RSA KEY SET 2-225
29.2 LOAD A SECRET KEY 2-227
29.3 TRANSLATE A SECRET KEY FROM THE OLD LMK TO A NEW LMK 2-228
29.4 GENERATE A MAC ON A PUBLIC KEY 2-229
29.5 VERIFY A MAC ON A PUBLIC KEY 2-230
Chapter 2 1270A514 Issue 3
Host Security Module RG7000 HOST COMMANDS
29.6 VALIDATE A CERTIFICATE AND GENERATE A MAC ON ITS PUBLIC KEY 2-231
29.7 TRANSLATE A MAC ON A PUBLIC KEY 2-234
29.8 GENERATE A SIGNATURE 2-235
29.9 VALIDATE A SIGNATURE 2-236
29.10 IMPORT A DES KEY 2-237
29.11 EXPORT A DES KEY 2-239
29.12 HASH A BLOCK OF DATA 2-240
1 GENERAL
The HSM provides a variety of functions to implement key management, PIN management
(including PIN verification) and Message Authentication Code (MAC) processing.
This Chapter details all the commands available with their responses and possible error codes.
A number of abbreviations are used throughout. They are:
For example:
For convenience, the STX and ETX control characters, which bracket every command and
response, are not shown in the details that follow.
In a command to the HSM, any key can be replaced by a reference to internal user storage. In
the details that follow, a key is always shown as if it is to be sent with each command; in every
case the key can be replaced by the index flag K and a three-digit pointer value.
The HSM can be used in systems where there may be Atalla security equipment at other
network nodes. This is achieved by the inclusion of an Atalla variant in those commands that
translate a key from/to encryption under a ZMK. This has the effect of modifying the ZMK
before it is used to decrypt/encrypt in accordance with the method used by the Atalla
equipment. The HSM can support 1 or 2 digit Atalla variants.
2 HOST COMMANDS
AU (AV) Translate a CVK Pair from LMK to ZMK Encryption 22.2 141
AW (AX) Translate a CVK Pair from ZMK to LMK Encryption 22.3 142
AY (AZ) Translate a CVK Pair from Old LMK to New LMK Encryption 22.4 143
BW (BX) Translate Keys from Old LMK to New LMK 20.6 130
CM (CN) Verify a PIN Using the VISA PVV Method 27.4 186
CO (CP) Verify a PIN Using the Diebold Method 27.5 187
CQ (CR) Verify a PIN Using the Encrypted PIN Method 27.6 188
Host
Command Function Paragraph Page
(Response)
DG (DH) Generate a VISA PIN Verification Value 9.6 60
DI (DJ) Generate and Export a *KML 23.1 147
DM (DN) Verify Load Signature S1 and Generate Load Signature S2 23.3 149
DO (DP) Verify Load Completion Signature S3 23.4 150
DQ (DR) Verify Unload Signature S1 and Generate Unload Signature S2 23.5 151
DS (DT) Verify Unload Completion Signature S3 23.6 152
DW (DX) Translate a Base Derivation Key from *ZMK to LMK Encryption 27.7 189
DY (DZ) Translate a Base Derivation Key from LMK to *ZMK Encryption 27.8 190
EM (EN) Translate a Secret Key from the Old LMK to a New LMK 29.3 228
FC (FD) Translate a TMK, TPK or PVK from ZMK to LMK Encryption 7.4 43
FE (FF) Translate a TMK, TPK or PVK from LMK to ZMK Encryption 7.5 44
Host
Command Function Paragraph Page
(Response)
HA (HB) Generate a TAK 8.1 49
KQ (KR) ARQC (or TC/AAC) Verification and/or ARPC Generation 24.1 154
KS (KT) Data Authentication Code and Dynamic Number Verification 24.2 156
KU (KV) Generate Secure Message with Integrity and optional Confidentiality 24.3 157
LA (LB) Load Data to User Storage 18.1 114
MS (MT) Generate MAC (MAB) using ANSI X9.19 Method for a Large Message 16.5 107
MU (MV) Message Authentication Mode Numbers 28.14 216
Host
Command Function Paragraph Page
(Response)
PG (PH) Verify PIN/PIN and Solicitation Mailer Cryptography 12.3 84
QQ (QR) Verify a PIN at the Card Issuer Using the IBM Method 28.9 207
QS (QT) Verify a PIN at the Card Issuer Using the Diebold Method 28.10 209
QU (QV) Verify a PIN at the Card Issuer Using the Visa Method 28.11 211
RI (RJ) Transaction Request With a PIN (T/AQ Key) (RTKS) 26.1 167
RQ (RR) Generate Auth Para and Transaction Response (RTKS) 26.7 178
RS (RT) Confirmation (RTKS) 26.8 180
RU (RV) Transaction Request With a PIN (T/CI Key) (RTKS) 26.3 171
RW (RX) Translate KEYVAL (RTKS) 26.4 173
RM (RN) Transaction Response With Auth Para Generated by the Card Issuer 28.5 200
(ATKS)
RO (RP) Translate a PIN from PEK to ZPK Encryption (ATKS) 28.6 202
RQ (RR) Verify a Transaction Completion Confirmation Request (ATKS) 28.7 203
GENERATING A KEY
Generate a Key A0 (A1) 3.1 12
CVK PAIR
Translate a CVK Pair from Old LMK to New LMK Encryption AY (AZ) 22.4 143
Translate a CVK Pair from LMK to ZMK Encryption AU (AV) 22.2 141
Translate a CVK Pair from ZMK to LMK Encryption AW (AX) 22.3 142
Translate a TMK, TPK or PVK from LMK to Another TMK, TPK or PVK AE (AF) 7.3 42
Translate a TMK, TPK or PVK from LMK to ZMK Encryption FE (FF) 7.5 44
Translate a TMK, TPK or PVK from ZMK to LMK Encryption FC (FD) 7.4 43
TAK
Translate a TAK AC (AD) 20.4 128
WWK
Translate a Watchword Key from LMK to ZMK Encryption FQ (FR) 15.2 95
Translate a Watchword Key from ZMK to LMK Encryption FS (FT) 15.3 96
ZEK / ZAK
Translate a ZEK/ZAK from LMK to ZMK Encryption FM (FN) 6.3 37
General
Translate Keys from Old LMK to New LMK BW (BX) 20.6 130
PIN SOLICITATION
Load Solicitation Data to User Storage QA (QB) 13.1 89
Final Load of Solicitation Data to User Storage QC (QD) 13.2 90
CLEAR PIN
Encrypt a Clear PIN BA (BB) 14.1 92
Decrypt an Encrypted PIN NG (NH) 14.2 93
TRANSLATING A PIN
Translate a PIN and PIN Length BG (BH) 20.5 129
PIN MAILER
Print PIN/PIN and Solicitation Data PE (PF) 12.1 80
(PZ)
Print a PIN Solicitation Mailer OA (OB) 12.2 82
(OZ)
Verify PIN/PIN and Solicitation Mailer Cryptography PG (PH) 12.3 84
Verify Solicitation Mailer Cryptography RC (RD) 12.4 85
MESSAGE AUTHENTICATION
Generate a MAC MA (MB) 16.1 102
Generate MAC (MAB) for Large Message MQ (MR) 16.4 105
PRINT FORMATTING
Load a PIN Text String LI (LJ) 19.5 124
USER STORAGE
Load Data to User Storage LA (LB) 18.1 114
Verify the Diebold Table in User Storage LC (LD) 18.3 116
WATCHWORD SUPPORT
Verify a Watchword Response FU (FV) 15.4 97
MISCELLANEOUS
Generate a VISA CVV CW (CX) 22.5 144
Verify a VISA CVV CY (CZ) 22.6 145
Cancel the Authorised State RA (RB) 21.1 133
Set HSM Response Delay LG (LH) 21.4 137
Verify Unload Signature S1 and Generate Unload Signature S2 DQ (DR) 23.5 151
Verify Unload Completion Signature S3 DS (DT) 23.6 152
CHIP CARD
ARQC (or TC/AAC) Verification and/or ARPC Generation KQ (KR) 24.1 154
Data Authentication Code and Dynamic Number Verification KS (KT) 24.2 156
Generate Secure Message with Integrity and optional Confidentiality KU (KV) 24.3 157
Transaction Response with Auth Para from Card Issuer RO (RP) 26.6 176
Generate Auth Para and Transaction Response RQ (RR) 26.7 178
Translate KEYVAL RW (RX) 26.4 173
Translate a PIN from *BDK Encryption to Interchange Key Encryption CI (CJ) 27.2 184
Transaction Response With Auth Para Generated by the Card Issuer RM (RN) 28.5 200
Translate a PIN from PEK to ZPK Encryption RO (RP) 28.6 202
Verify a PIN at the Card Issuer Using the IBM Method QQ (QR) 28.9 207
Verify a PIN at the Card Issuer Using the Diebold Method QS (QT) 28.10 209
Verify a PIN at the Card Issuer Using the Visa Method QU (QV) 28.11 211
Verify a PIN at the Card Issuer by Comparison QW (QX 28.12 213
Translate a Secret Key from the Old LMK to a New LMK EM (EN) 29.3 228
Notes:
Comp - Component
NOU Not on us
CC Chip Card
Not all key type codes are available in all commands for security reasons.
The Key type code used within commands is formed by using the Variant code as the first character then
the LMK pair code as the second character. For example the code for a ZPK is 001.
Key Scheme (LMK) 1A Key length / scheme for encrypting key under LMK.
Key scheme (ZMK) 1A Key scheme for encrypting key for export. Only present if
mode = 1.
Atalla Variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment. Only present if mode = 1.
Key (ZMK) 16H or The key encrypted under ZMK only present if mode =1.
1A+32H or 1A+48H
End message delimiter 1C Present only if present in the command message. Value
X19.
Delimiter 1A Value;
Print Field 1 nA The print field defined as Print Field 1 in the print format
definition (must not contain a ; character).
. . .
. . .
. . .
Last print field nA The last print field defined in the print format definition must
not contain a ; character).
End message delimiter 1C Present only if present in the command message. Value
X19.
Print Field 0 nA The print field defined as Print Field 0 in the print format
definition (must not contain a ; character).
Delimiter 1A Value;
Print Field 1 nA The print field defined as Print Field 1 in the print format
definition (must not contain a ; character).
. . .
. . .
. . .
Last print field nA The last print field defined in the print format definition must
not contain a ; character).
End message delimiter 1C Present only if present in the command message. Value
X19.
Key Scheme (LMK) 1A Key scheme for encrypting key under LMK
|
Key component n 16H or Encrypted key component n.
1A+32H or 1A+48H
End message delimiter 1C Present only if present in the command message. Value
X19.
Key Scheme (LMK) 1A Key scheme for encrypting key under LMK.
Atalla Variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
End message delimiter 1C Present only if present in the command message. Value
X19.
Key Scheme (ZMK) 1A Key scheme for encrypting key under ZMK.
Atalla Variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
End message delimiter 1C Present only if present in the command message. Value
X19.
Key scheme (LMK) 1A Key scheme for encrypting key under LMK
Delimiter 1A Value;
Print Field 1 nA The print field defined as Print Field 1 in the print format
definition (must not contain a ; character).
. . .
Last print field nA The last print field defined in the print format definition must
not contain a ; character).
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
First ZMK component 16H or 32H or The first ZMK component encrypted under a variant of LMK
1A+32H or 1A+48H 04-05.
Second ZMK component 16H or 32H or The second ZMK component encrypted under a variant of
1A+32H or 1A+48H LMK 04-05.
Third ZMK component 16H or 32H or The third ZMK component encrypted under a variant of LMK
1A+32H or 1A+48H 04-05.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the ZMK.
16H or 6H depends upon KVC type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
Second ZMK component 16H or 32H or The second ZMK component encrypted under a variant of
1A+32H or 1A+48H LMK 04-05.
. . .
. . .
Last ZMK component 16H or 32H or The last ZMK component encrypted under a variant of LMK
1A+32H or 1A+48H 04-05.
Key scheme ZMK 1A Optional. Key scheme for encrypting key under ZMK
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the ZMK.
16H or 6H depends upon KVC type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
Atalla Variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
End message delimiter 1C Present only if present in the command message. Value
X19.
The generate facility encrypts the ZPK under the ZMK for transmission to another party and
under the LMK for storage on the Host database.
The two translate commands allow a ZPK to be translated from encryption under a ZMK to
encryption under the LMK and vice versa.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
ZPK under LMK 16H or The ZPK encrypted under LMK pair 06-07.
1A+32H or 1A+48H
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the ZPK.
16H or 6H depends upon KCV type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
For security reasons, encryption and decryption commands using ZEKs are not available in the
standard release; if required, refer to Zaxus for details.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
ZEK for storage 16H or ZEK encrypted under LMK pair 30-31 (present only when
1A+32H or 1A+48H Flag is 0).
ZAK for storage 16H or ZAK encrypted under LMK pair 26-27 (present only when
1A+32H or 1A+48H Flag is 1).
ZEK/ZAK 16H or ZEK or ZAK encrypted under ZMK (ZEK when Flag is 0,
1A+32H or 1A+48H ZAK when Flag is 1).
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
ZAK 16H or ZAK encrypted under LMK pair 26-27 (present only when
1A+32H or 1A+48H Flag is 1).
ZEK 16H or ZEK encrypted under LMK pair 30-31 (present only when
1A+32H or 1A+48H Flag is 0).
ZAK 16H or ZAK encrypted under LMK pair 26-27. (present only when
1A+32H or 1A+48H Flag is 1).
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Print Field 0 nA The print field defined as Print Field 0 in the print format
definition (must not contain a ; character).
Delimiter 1A Value ;
Print Field 1 nA The print field defined as Print Field 1 in the print format
definition (must not contain a ; character).
. . .
. . .
. . .
Last print field nA The last print field defined in the print format definition (must
not contain a ; character).
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
Current TMK, TPK or PVK 16H or The current TMK, TPK or PVK encrypted under LMK pair 14-
1A+32H or 1A+48H 15.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
New key under LMK 16H or The new key under LMK pair 14-15.
1A+32H or 1A+48H
End message delimiter 1C Present only if present in the command message. Value
X19.
7.3 Translate a TMK, TPK or PVK from LMK to Another TMK, TPK or PVK
Command: Translate a TMK, TPK or PVK from encryption under LMK pair 14-15 to
encryption under another TMK (TPK or PVK).
Notes: The command is used to replace an existing key with another key from the
database.
Stored TMK, TPK or PVK 16H or The stored TMK, TPK or PVK under LMK pair 14-15.
1A+32H or 1A+48H
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
TMK, TPK or PVK 16H or TMK, TPK or PVK encrypted under the ZMK.
1A+32H or 1A+48H
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the key.
16H or 6H depends upon KCV type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
TMK, TPK or PVK 16H or TMK, TPK or PVK encrypted under LMK pair 14-15.
1A+32H or 1A+48H
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the key.
16H or 6H depends upon KCV type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible. Not available for keys
generated using new schemes
1 - KCV 6H. Only for available for keys generated under new
key schemes
2 KCV 6H for each key. Only available for keys generated
in backwards compatible mode.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
First TMK, TPK or PVK 32H or 1A+32H New TMK, TPK or PVK; encrypted under the ZMK.
under ZMK
KCV Type = 0 or 2
First key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the first half of
TMK, TPK or PVK. 6H if KCV Type = 2.
Second key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the second half of
TMK, TPK or PVK. 6H if KCV Type = 2.
KCV Type = 1
Key check value 6H Result of encrypting 64 binary zeros with the key
End message delimiter 1C Present only if present in the command message. Value
X19.
A TAK is used in the generation and verification of MACs. Commands are provided to:
Generate a TAK for down line loading to an ATM or other terminal.
Translate a TAK from encryption under a ZMK to encryption under the LMK.
Translate a TAK from encryption under the LMK to encryption under a ZMK.
Translate a TAK from encryption under the LMK to encryption under a TMK.
The facilities allow for the use of a TAK in either an interchange or a local network.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
TAK under LMK 16H or The random TAK under LMK pair 16-17.
1A+32H or 1A+48H
End message delimiter 1C Present only if present in the command message. Value
X19.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the TAK.
16H or 6H depends upon KCV type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the TAK.
16H or 6H depends upon KCV type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
The HSM provides support for many PIN verification techniques. The techniques often involve
the generation of a PIN using a given algorithm, or an algorithm that requires a value known as
an offset. The HSM provides support for PIN generation as follows:
PVK 16H or PVK encrypted under LMK pair 14-15; used to generate the
1A+32H or 1A+48H derived PIN.
End message delimiter 1C Present only if present in the command message. Value
X19.
Account number 12 N The 12 right-most digits of the account number, excluding the
check digit.
End message delimiter 1C Optional. Must be present if a message trailer is present. Value
X19.
PVK 16H or PVK encrypted under LMK pair 14-15; used to generate the
1A+32H or 1A+48H offset.
End message delimiter 1C Present only if present in the command message. Value
X19.
PVK pair 32H or 1A+32H The two PVKs each encrypted under LMK pair 14-15.
PIN L N or LH The PIN for which a PVV is required; encrypted under LMK
pair 02-03.
10 PIN VERIFICATION
The HSM supports four methods of PIN verification:
IBM 3624.
Diebold Proprietary Algorithm.
VISA PVV.
PIN comparison.
For each type, the PIN block is encrypted under a TPK or a ZPK depending on whether it has
come from a local ATM (or PIN pad etc.) or from an acquirer. Therefore support is provided for
verifying a PIN from a terminal or from interchange.
TPK 16H or The TPK under which the PIN block is encrypted; encrypted
1A+32H or 1A+48H under LMK pair 14-15.
ZPK 16H or The ZPK under which the PIN block is encrypted; encrypted
1A+32H or 1A+48H under LMK pair 06-07.
TPK 16H or The TPK under which the PIN block is encrypted; encrypted
1A+32H or 1A+48H under LMK pair 14-15
Table pointer 3H The value of the base location of the Diebold table in user
storage.
ZPK 16H or The ZPK under which the PIN block is encrypted; encrypted
1A+32H or 1A+48H under LMK pair 06-07.
Command: Verify a PIN from a local ATM (or PIN pad etc.) using the VISA PVV method.
TPK 16H or The TPK under which the PIN block is encrypted; encrypted
1A+32H or 1A+48H under LMK pair 14-15.
PVK pair 32H or 1A+32H The two PVKs each encrypted under LMK pair 14-15.
PIN block 16 H The PIN block encrypted under the TPK.
PVK pair 32H or 1A+32H The two PVKs each encrypted under LMK pair 14-15.
PIN block 16 H The PIN block encrypted under the ZPK.
Command: Verify a PIN received from an ATM (or terminal etc.) by comparing it with a
value held on the Host database.
TPK 16H or The TPK under which the PIN block is encrypted; encrypted
1A+32H or 1A+48H under LMK pair 14-15.
PIN block 16 H The PIN block containing the PIN for verification; encrypted
under the TPK.
PIN L N or LH The PIN from the Host database encrypted under LMK pair
02-03.
ZPK 16H or The ZPK under which the PIN block is encrypted; encrypted
1A+32H or 1A+48H under LMK pair 06-07.
PIN block 16 H The PIN block containing the PIN for verification; encrypted
under the ZPK.
PIN block format code 2N One of the valid format codes.
Account number 12 N The 12 right-most digits of the account number, excluding
the check digit.
PIN L N or LH The PIN from the Host database encrypted under LMK pair
02-03.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Message trailer nA Optional. Maximum length 32 characters.
RESPONSE MESSAGE
Message header nA Returned to the Host unchanged.
Response code 2A Value BF.
Error code 2N 00 : No errors.
01 : Verification failure.
10 : ZPK parity error.
12 : No keys loaded in user storage.
13 : LMK error; report to supervisor.
14 : Error in PIN from Host database.
15 : Error in input data.
20 : PIN block does not contain valid values.
21 : Invalid user storage index.
23 : Invalid PIN block format code.
24 : PIN is fewer than 4 or more than 12 digits.
End message delimiter 1C Present only if present in the command message. Value
X19.
Message trailer nA Present only if present in the command message. Maximum
length 32 characters.
11 PIN TRANSLATION
Commands are provided to translate PIN blocks from encryption under one key to encryption
under another. The commands can also translate the format of a PIN block, with the exception
of the those that translate to the LMK (where the PIN is not held in a standard format). The key
translations available are as follows:
Source ZPK 16H or Source ZPK under which the PIN block is currently
1A+32H or 1A+48H encrypted; encrypted under LMK pair 06-07.
Destination ZPK 16H or Destination ZPK under which the PIN block is to be
1A+32H or 1A+48H encrypted; encrypted under LMK pair 06-07.
Source PIN block 16 H The source PIN block encrypted under the source ZPK.
Source PIN block format 2N The format code for the source PIN block.
Destination PIN block 2N The format code for the destination PIN block.
format
End message delimiter 1C Present only if present in the command message. Value
X19.
Destination PIN block 16 H The destination PIN block encrypted under the destination
ZPK.
End message delimiter 1C Present only if present in the command message. Value
X19.
PIN block 16 H The source PIN block encrypted under the ZPK.
PIN block format 2N The format code for the PIN block.
PIN block 16 H The source PIN block encrypted under the TPK.
PIN block format 2N The format code for the PIN block.
PIN block format 2N The format code for the PIN block.
Account number 12 N The 12 right-most digits of the account number, excluding
the check digit.
PIN LN The PIN encrypted under LMK pair 02-03 using the VISA
algorithm.
End message delimiter 1C Present only if present in the command message. Value
X19.
PIN mailers can be used to send PINs to cardholders. Also, if the cardholder is to be given the
opportunity of selecting his/her own PIN by mail (instead of at an entry device), solicitation data
can be sent; it is not necessary to send a PIN if only a solicitation request is to be sent.
Because the values that are printed on a mailer are not available to the Host, the HSM returns
check data to the Host to give confidence that the data printed on the mailer is correct (i.e., the
HSM has performed the correct cryptographic functions).
Account number 12 N The 12 right-most digits of the account number, excluding the
check digit.
Delimiter 1A Value ;
Print Field 1 nA The print field defined as Print Field 1 in the print format
definition (must not contain a ; character).
. . .
. . .
. . .
Last print field nA The last print field defined in the print format definition (must not
contain a ; character).
End message delimiter 1C Optional. Must be present if a message trailer is present. Value
X19.
End message delimiter 1C Optional. Must be present if a message trailer is present. Value
X19.
End message delimiter 1C Present only if present in the command message. Value X19.
Message trailer nA Present only if present in the command message. Maximum
length 32 characters.
Print Field 0 nA The print field defined as Print Field 0 in the print format
definition (must not contain a ; character).
Delimiter 1A Value ;
Print Field 1 nA The print field defined as Print Field 1 in the print format
definition (must not contain a ; character).
. . .
. . .
. . .
Last print field nA The last print field defined in the print format definition (must
not contain a ; character).
End message delimiter 1C Present only if present in the command message. Value
X19.
The HSM processes these values and returns the encrypted PIN and the last 10 digits of the
account number (excluding check digit). The Host can match the account number digits and
store the encrypted PIN for subsequent processing (for verification purposes or the creation of
PIN offsets etc.).
Because the reference number is the only link to the cardholders PIN, there must be a means
of validating the data that is manually entered. There is no way to validate the PIN except
through dual entry procedures or through the visual comparison of the value entered and the
value recorded on the mailer form.
The 12-digit reference number, unlike the PIN, can be validated by a Host program. This
reference number is a 10-digit number, followed by two check digits. The check digits can be
validated during or after data entry.
The data is batch processed via Host commands. The number of records entered must be
greater than or equal to the minimum batch size set when the HSM is configured. Each batch
consists of at least one logical record. Each logical record contains a 12-digit reference number
(obtained from the returned solicitation mailer) and the cardholder-selected PIN.
When the batch has been loaded to internal memory, the HSM encrypts the PINs under LMK
pair 02-03, and decrypts the reference numbers, yielding a value which contains the 10 right-
most digits of the account number (excluding the check digit). The PIN and 10 digits of the
account number are returned to the Host.
The algorithm for validating the two check digits of a reference number is as follows:
Digit Weight
3 9
4 7
5 8
6 6
7 7
8 9
9 6
10 8
Digit f(digit n)
0 0
1 2
2 4
3 6
4 8
5 1
6 3
7 5
8 7
9 9
The MOD 10 (n) operation yields a value that is the remainder after dividing n by 10. This
remainder is the same as the low-order digit on n.
The following example illustrates the validation of the reference number 936125183702, where
0 is the first check digit and 2 is the second check digit.
9 3 6 1 2 5 1 8 3 7 0 2
The HSM provides the following Host commands to support solicitation data entry:
Load solicitation data to user storage.
Final load of solicitation data and start processing.
Enable solicitation data entry at the Console.
Disable solicitation data entry at the Console.
Response to solicitation data entry at the Console.
Processed Data 2 nN The 10 right-most digits of the account number and PIN
encrypted under LMK pair 02-03, truncated (if necessary).
The length is L or L+1 (to ensure that the length is even;
by padding with XF).
. . .
. . .
. . .
Last processed data nN The 10 right-most digits of the account number and PIN
encrypted under LMK pair 02-03, truncated (if necessary).
The length is L or L+1 (to ensure that the length is even;
by padding with XF).
End message delimiter 1C Present only if present in the command message. Value
X19.
The HSM provides two commands to support the use of clear PINs:
Encrypt a clear PIN.
Decrypt an encrypted PIN and return a reference number for solicitation data processing.
Account number 12 N The 12 right-most digits of the account number, excluding the
check digit.
End message delimiter 1C Present only if present in the command message. Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
Atalla Variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the WWK.
16H or 6H depends upon KCV type option.
End message delimiter 1C Present only if present in the command message. Value X19.
Atalla Variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key check value 16 H or 6 H Result of encrypting 64 binary zeroes with the WWK.
16H or 6H depends upon KCV type option.
End message delimiter 1C Present only if present in the command message. Value
X19.
TAK 16H or 1A+32H The TAK encrypted under LMK pair 16-17
MAC Length 1H Number of characters required in Decimal MAC
(range 1 to 12)
Because the HSM has no flow control, the application programmer is responsible for ensuring
that the input buffer is not exceeded. The HSM input buffer is 2047 bytes in length for all
models except the SNA-SDLC interface devices (RG7500 and RG7600), in which it is 1023
bytes. The length of the input buffer limits the amount of data over which a MAC can be
calculated in a single call to the HSM. To be sure that there is no overflow, limit the amount of
data to 1024 bytes, or 512 bytes if using SNA-SDLC.
The HSM normally calculates a MAC by converting the characters to ASCII (if they are received
as EBCDIC (shown in the table), and filling the last 64-bit block with binary zeroes (if
necessary). For this, the HSM must be configured for EBCDIC (and not ASCII) by the CH
(Configure Host) Console command. The HSM performs no other editing of the data.
The HSM provides commands to generate and verify MACs on short messages of up to 2047
bytes (1023 bytes for SNA-SDLC). For longer messages the MQ (Generate MAC (MAB) for
Large Message) command divides the message data into blocks. It creates a MAB or IV
(Initialisation Vector) for the first block, the last block and one or more blocks in between. The
response message for the last data block includes the MAC for the whole message. The MAC
is the first four bytes (eight characters) of the last MAB.
The MQ command handles the data in 8-bit binary form. It does not convert EBCDIC data to
ASCII; it calculates the MAC on the data as presented to the HSM. Therefore, any necessary
character conversion must be performed by the Host system.
The command used for large messages provides the Host with all the information needed for
MAC generation, MAC verification and continuation IVs when chaining MACs.
2D ENQ 05 6D 5F AD [ 5B ED
2E ACK 06 6E > 3E AE EE
2F BEL 07 6F ? 3F AF EF
30 70 B0 F0 0 30
31 71 B1 F1 1 31
32 SYN 16 72 B2 F2 2 32
33 73 B3 F3 3 33
34 74 B4 F4 4 34
35 75 B5 F5 5 35
36 76 B6 F6 6 36
37 EOT 04 77 B7 F7 7 37
38 78 B8 F8 8 38
39 79 60 B9 F9 9 39
3A 7A : 3A BA FA
3B 7B # 23 BB FB
3C DC4 14 7C @ 40 BC FC
3D NAK 15 7D 27 BD ] 5D FD
3E 7E = 3D BE FE
3F SUB 1A 7F n 22 BF FF
Source TAK 16 H The source TAK encrypted under LMK pair 16-17.
Destination TAK 16 H The destination key encrypted under LMK pair 16-17.
MAC 8H The MAC generated with the source key.
The data on which to verify and generate a MAC, n = 1024
Data 0-n
(512 for SNA-SDLC systems).
Optional. Must be present if a message trailer is present.
End message delimiter 1C
Value X19.
Message trailer nA Optional. Maximum length 32 characters.
RESPONSE MESSAGE
Message header nA Returned to the Host unchanged.
Response code 2A Value MF.
Error code 2N 00 : No errors.
01 : MAC verification failure.
10 : Source TAK parity error.
11 : Destination TAK parity error.
12 : No keys loaded in user storage.
13 : LMK error; report to supervisor.
15 : Error in input data.
21 : Invalid user storage index.
27 : Source or Destination TAK not single length.
MAC 8H The MAC generated using the destination TAK.
End message delimiter 1C Present only if present in the command message. Value
X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
16.5 Generate MAC (MAB) using ANSI X9.19 Method for a Large Message
Command: To generate a MAB for a large message using either a TAC or a ZAK. If the
key is single length use ANSI X9.9 MAC generation or if the key is double
length use ANSI X9.19 MAC generation.
Notes: The command can operate on binary data or expanded Hex. If the HSM is set
for Async/ASCII operation and binary data used ensure that:
The host port has been set for 8 data bit operation by the CH (Configure Host)
command.
The data for which the MAC is to be generated does not contain either EM
(X19) or ETX(X03).
Expanded Hex mode uses 2 hexadecimal characters for each binary byte.
If the message block is the first or a middle block it must be a multiple of 8
bytes.
Consideration to the buffer size of the HSM must be made before the value n
message length is selected.
Some Host computers cannot handle binary data in a normal async environment. When the
HSM is set up for normal async the binary data is assumed to be supplied in expanded
hexadecimal notation (i.e., each binary byte is converted to two hexadecimal characters). This
has the effect of doubling the amount of data sent to the HSM.
Unlike the standard MAC commands, MA, MC and ME, the Binary MAC commands make no
assumptions about the format or representation of the supplied MAC data; they compute a
MAC on the exact binary values supplied regardless of character format. Note, however, that
the keys and other values are assumed to be in hexadecimal character format. Only the MAC
data field accepts binary data.
End message delimiter 1C Present only if present in the command message. Value
X19.
Source TAK 16 H The source TAK used to verify the MAC, encrypted under
LMK 16-17.
Destination TAK 16 H The destination TAK used to verify the MAC, encrypted
under LMK 16-17.
The data can be loaded and read from this storage by the Host. This facility can be used to
reload the contents after a power-down, a reset, or after batch solicitation data processing.
In addition, a facility is provided to verify a Diebold table held in user storage.
Block 1 16H or 32H or 48H The first encrypted key or other data
. . .
. . .
. . .
Last block 16H or 32H or 48H The last encrypted key or other data.
Index address 3H The 3-digit address identifying the first location at which to
read the data.
End message delimiter 1C Present only if present in the command message. Value
X19.
Index address 3H The address of the start of the Diebold table for validation.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Before using the HSM printer commands it is necessary to define the format of the mailer or
document. The definition data is stored in the HSM until power is removed, or until a reset is
performed. The PA and PC commands are used to send formatting symbols to the HSM. The
formatting symbols for defining the print fields and any constant literals are given in the table
that follows the two-up and one-up examples.
Use the PA command to create the mailer format. The PC command is a continuation of the PA
command, used only if the format definition is too long to fit in a single message (i.e., the PA
command exceeds the Host's maximum output record size).
The format definition can contain up to 299 formatting symbols and constants.
Example.
. + . 1 . + . 2 . + . 3 . + . 4 . + . 5 . + . 6
1
THOMAS M SMITH JOHN R JONES
2 APT 4B 1782
th
427 WEST 9 ST 3690
3 39 ELM DR WAYNE PA 19132
4 MEDIA PA 19063
5
6 THANK YOU THANK YOU
7
Example.
. + . 1 . + . 2 . + . 3 . + . 4 . + . 5 . + . 6
1 THOMAS M SMITH
2 APT 4B 1782
3 39 ELM DR
4 MEDIA PA 19063
5 YOUR FULL SERVICE BANK
6
1 JOHN R JONES
2 th
427 WEST 9 ST 3690
3 WAYNE PA 19132
4
5
YOUR FULL SERVICE BANK
6
^P 5F D7 5E 50 For a PIN mailer, print clear PIN for mailer 1. For a key
document, print clear component.
^Q 5F D8 5E 51 For a PIN mailer, print clear PIN for mailer 2. For a key
document, print clear component or encrypted TMK (only
one-up printing allowed for key documents).
|<L><hh 6A <L> <hh hh hh 7C <L> <hh hh hh Send binary data to printer for example printer control string.
hh hh ..> ..> ..> | character followed by the length of the string in bytes <L> 0
- F then the expanded hex string <hh hh hh ..>.
^0 5F F0 5E 30 Insert Print Field 0.
For example:
English is used as the default setting. The symbols can be used in addition to the symbols for
printing PINs in numeric format (e.g., 1234).
Four print formatting symbols are provided for printing PINs (both words and numerics) in
columns. For example:
1 ONE
2 TWO
3 THREE
4 FOUR
For the following definition of print symbols an n is used to indicate which digit of a PIN is to be
printed. The relationship between PIN digits and n is as follows:
PIN
1 2 3 4 5 6 7 8 9 10 11 12
Digit
n 1 2 3 4 5 6 7 8 9 A B C
^Pn 5F D7 5E 50 Print the clear PIN digit n in number format for mailer
F1-F9 31-39 1. Can be used for either a one-up or a two-up PIN
or C1-C3 or 41-43 mailer.
e.g., 1
^Qn 5F D8 5E 51 Print the clear PIN digit n in number format for mailer
F1-F9 31-39 2. Can be used only for two-up PIN mailer.
or C1-C3 or 41-43 e.g., 1
^Vn 5F E3 5E 56 Print the clear PIN digit n in word format for mailer 1.
F1-F9 31-39 Can be used for either a one-up or a two-up PIN
or C1-C3 or 41-43 mailer.
e.g., ONE
^Wn 5F E6 5E 57 Print the clear PIN digit n in word format for mailer 2.
F1-F9 31-39 Can be used only for two-up PIN mailer.
or C1-C3 or 41-43 e.g., ONE
When the old pair has been saved in key change storage, and the new pair loaded in the
standard LMK storage, all data held on the Host, encrypted under the old LMK pair must be
sent to the HSM for translation. Commands are provided for translating each type of key and
PINs encrypted for Host storage.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value X19.
ZPK 16H or The ZPK encrypted under the LMK pair held in key change
1A+32H or 1A+48H storage.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
TMK, TPK or PVK 16H or The TMK, TPK or PVK encrypted under the LMK pair held in
1A+32H or 1A+48H key change storage.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
TAK 16H or The TAK encrypted under the LMK pair held in key change
1A+32H or 1A+48H storage.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
PIN L1 N or L1 H The PIN encrypted under the LMK pair in key change
storage, where L 1 is the old encrypted PIN length.
Key type code 2N Indicates the LMK under which the key is encrypted.
00 : LMK pair 04-05
01 : LMK pair 06-07
02 : LMK pair 14-15
03 : LMK pair 16-17
04 : LMK pair 18-19
05 : LMK pair 20-21
06 : LMK pair 22-23
07 : LMK pair 24-25
08 : LMK pair 26-27
09 : LMK pair 28-29
0A : LMK pair 30-31
0B : LMK pair 32-33
10 : Variant 1 of LMK pair 04-05
42 : Variant 4 of LMK pair 14-15
FF : Use key type specified after delimiter
Key length flag 1N 0 for single-length key, 1 for double-length key, 3 for triple-
length key
Key 16H or 32H or Key encrypted under old LMK held in key change storage.
1A+32H or 1A+48H
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
21 MISCELLANEOUS COMMANDS
The following miscellaneous commands are supported by the HSM:
Cancel the Authorized state.
Generate a check value for a given key.
Set HSM response delay.
Perform diagnostics and obtain LMK check value.
End message delimiter 1C Present only if present in the command message. Value
X19.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Key type code 2N Indicates the LMK under which the key is encrypted. (see
key table)
00 : LMK pair 04-05
01 : LMK pair 06-07
02 : LMK pair 14-15
03 : LMK pair 16-17
04 : LMK pair 18-19
05 : LMK pair 20-21
06 : LMK pair 22-23
07 : LMK pair 24-25
08 : LMK pair 26-27
09 : LMK pair 28-29
0A : LMK pair 30-31
0B : LMK pair 32-33
10 : Variant 1 of LMK pair 04-05
42 : Variant 4 of LMK pair 14-15
FF : Use key type specified after delimiter
Key length flag 1N 0 for single-length key, 1 for double-length key, 3 for triple
length key.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible. Not available for keys
generated using new schemes
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
CVK A/B 1A + 32H CVK A/B encrypted under a variant 4 of LMK pair 14-15.
CVK A / B 32H or 1A+32H CVK A / B encrypted under a variant 4 of LMK pair 14-15.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible. Not available for keys
generated using new schemes
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
KCV Type = 1
Key check value 6H Result of encrypting 64 binary zeros with the key
End message delimiter 1C Present only if present in the command message. Value
X19.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible. Not available for keys
generated using new schemes
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
KCV Type = 1
Key check value 6H Result of encrypting 64 binary zeros with the key
End message delimiter 1C Present only if present in the command message. Value
X19.
22.4 Translate a CVK Pair from Old LMK to New LMK Encryption
Command: Translate a CVK pair from encryption under a variant 4 of an old LMK pair 14-
15 to encryption under a variant 4 of a new LMK pair 14-15.
CVK A / B 32H or 1A+32H CVK A / B encrypted under a variant 4 of the old LMK pair
14-15.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
CVK A / B 32H or 1A+32H VISA CVK A / B encrypted under a variant 4 of LMK pair
14-15.
Primary account number nN The primary account number for the card.
Delimiter 1A Value ;
End message delimiter 1C Present only if present in the command message. Value
X19.
CVK A / B 32H or 1A+32H VISA CVK A / B encrypted under a variant 4 of LMK pair
14-15.
Delimiter 1A Value ;
Notes:
The use of the ALGLIEP and VKLIEP fields in following commands deserves special mention as
these fields are optional. There are 3 scenarios controlled by these fields.
Only VKLIEP Version 1.6 DES Double May be used with later cards.
supplied to HSM cards and Public Host must determine the value
Key cards of ALGLIEP and supply VKLIEP if
required. Backwards compatible
with earlier versions of HSM
firmware
Both VKLIEP and Any card. Single if ALGLIEP Allows host to send both
ALGLIEP supplied has value 01, ALGLIEP and VKLIEP without
to HSM double if ALGLIEP concern about their values.
has value 04 VKLIEP must always be supplied
as a placeholder even if its
value is not relevant (ie when
ALGLIEP is of value 01)
This set of scenarios accommodates all relevant combinations of Visa Cash cards and allows
the host application to operate in one of two modes.
Host makes the decision about what ALGLIEP is relevant for the current transaction and either
supplies VKLIEP if ALGLIEP is of value 04, or does not supply VKLIEP if ALGLIEP is of value 01.
ALGLIEP itself is not sent to the HSM. Thus the first and second scenarios in the above table
can be used to cater for all cards in use. This mode of operation is used by some (earlier) host
systems and therefore must be supported for backwards compatibility. Note that earlier Visa
Cash cards do not report a value of ALGLIEP and so the host may have to determine this in
other ways. Reference 4 discusses this point.
Host simply passes values of ALGLIEP and VKLIEP to HSM as supplied in the current
transaction. Thus if a card does not supply ALGLIEP or VKLIEP no values are passed to the HSM
and vice versa. Thus the first and third scenarios in the above table will be used. In this mode
of operation the host is not required to make any decisions about the transaction; these are left
to the HSM.
If Visa specifies alternative processing requirements in the future (and hence values of ALGLIEP
other than 1 or 4) the HSM will be upgraded to accommodate them.
The earlier Visa Cash cards which do not report ALGLIEP or VKLIEP will all eventually expire
making the first scenario in the above table redundant.
Atalla variant 1 N or 2 N Optional. Atalla variant; for use in systems with Atalla
equipment.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present. Value
X19.
*KML check value 6H Check value formed by encrypting a block of 64 binary zeros
with the *KML and returning the 24 left-most bits of the result.
End message delimiter 1C Present only if present in the command message. Value X19.
Message trailer nA Present only if present in the command message. Maximum
length 32 characters.
End message delimiter 1C Present only if present in the command message. Value
X19.
ALGLIEP 2H Optional. Load Algorithm. Can only take the values 01 and
04. If set to 01 a single length KDL is used and VKLIEP is
ignored. If 04, a double length KDL is used and VKLIEP is
used.
ALGLIEP 2H Optional. Load Algorithm. Can only take the values 01 and
04. If set to 01 a single length KDL is used and VKLIEP is
ignored. If 04, a double length KDL is used and VKLIEP is
used.
ALGLIEP 2H Optional. Load Algorithm. Can only take the values 01 and 04.
If set to 01 a single length KDL is used and VKLIEP is ignored.
If 04, a double length KDL is used and VKLIEP is used.
ALGLIEP 2H Optional. Load Algorithm. Can only take the values 01 and
04. If set to 01 a single length KDL is used and VKLIEP is
ignored. If 04, a double length KDL is used and VKLIEP is
used.
24 CHIP CARD
This section specifies the Host Security Module functionality which is needed to support on-line
transaction processing for the various payment schemes under the EMV umbrella. Whilst EMV
specifies most of the details pertaining to cards and terminals, the individual schemes have
defined their own cryptographic processes for on-line authorisation functions.
A function which will validate ARQC (or TC/AAC) or generate ARPC (or perform both in one
call)
The various schemes have adopted different naming conventions for the keys used. For
consistency the following convention is used:
Transaction Data Length 2H Length of next field. Can be any length from 1 to 255 bytes.
Only present for Mode 0.
End message delimiter 1C Present only if present in the command message. Value
X19.
*MK-DN(LMK) 32 H or1A+32H The Issuer Master Key for Dynamic Numbers encrypted
under Variant 5 of LMK pair 28-29. Present only for Mode 1.
End message delimiter 1C Present only if present in the command message. Value
X19.
Plaintext Message Data 4H Length in bytes of data in next field. For the standard model
Length HSM (RG7x00) the maximum size is 512 bytes (hex 0200).
TK(LMK) 32 H or 1A+32H Transport Key encrypted under LMK pair 30-31. This key
was used to encrypt the supplied message. Only present if
Mode Flag = 1 or 2.
Cipher Text Message Data nB Cipher Text Message supplied encrypted using a Transport
Key (TK). It must be a multiple of 8 bytes long. Note that no
additional padding is performed on the decrypted message
before the re-encryption process. Only Present if Mode = 1
or 2.
Secure Message Data nB Plaintext Data and (for Modes 1 and 2) re-encrypted
Ciphertext Data inserted as defined by the Offset value.
Command: This command will generate a random dual-length *CSCK and encrypt it under
LMK 14-15 variant 4.
Mode 1N Value 0
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End Message Delimiter 1C Optional. Must be present if a message trailer is present.
Value X'19
RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged
*CSCK 32H or 1A+32H The *CSCK encrypted under LMK 14-15 variant 4.
Key check value 16 H or 6 H Result of encrypting 64 binary zeros with the *CSCK.
16H or 6H depends upon KCV type option.
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19
Command: This command will decrypt a *CSCK from under LMK 14-15 variant 4 and re-
encrypt it under a supplied *ZMK.
Mode 1N Value 1
*ZMK 32H or 1A+32H or The Zone Master Key, encrypted under LMK 04-05.
1A+48H
*CSCK 32H or 1A+32H The *CSCK encrypted under LMK 14-15 variant 4.
Atalla variant 1 N or 2 N Optional.
Delimiter 1A Optional. If present the following three fields must be
present. Value ;.
If an option is not required by the command fill with a valid
value or 0.
Key scheme ZMK 1A Optional. Key scheme for encrypting key under ZMK.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End Message Delimiter 1C Optional. Must be present if a message trailer is present.
Value X'19
*CSCK encrypted for 32H or 1A+32H The *CSCK encrypted under the supplied *ZMK.
export
Key check value 16 H or 6 H Result of encrypting 64 binary zeros with the *CSCK.
16H or 6H depends upon KCV type option.
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19
Command: This command will decrypt a *CSCK from under a supplied *ZMK and re-
encrypt it under LMK 14-15 variant 4.
Notes: Parity on the incoming *CSCK will be ignored, but odd parity will be forced
before re-encryption. Error code 01 will be returned if the incoming key did
not have odd parity.
If the incoming key is found to be all zeros, error code 02 will be returned
and the key will not be translated.
*ZMK 32H or 1A+32H or The Zone Master Key, encrypted under LMK 04-05.
1A+48H
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End Message Delimiter 1C Optional. Must be present if a message trailer is present.
Value X'19
Command: This command will compute and return the 5-digit, 4-digit and 3-digit Card
Security Code Values from the supplied data.
Mode 1N Value 3
Flag 1N A flag to indicate special processing options; value 0.
*CSCK 32H or 1A+32H The *CSCK encrypted under LMK 14-15 variant 4.
Account number 19 N The full account number, left-justified and zero-filled if less
than 19 digits.
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19
Command: This command will verify the 5-digit, 4-digit and 3-digit Card Security Code.
Mode 1N Value 4
Flag 1N A flag to indicate special processing options; value 0.
*CSCK 32H or 1A+32H The *CSCK encrypted under LMK 14-15 variant 4.
Account number 19 N The full account number, left-justified and zero-filled if less
than 19 digits.
5-digit CSC 5N 5-digit Card Security code. If not present value FFFFF
4-digit CSC 4N 4-digit Card Security code. If not present value FFFF
3-digit CSC 3N 3-digit Card Security code. If not present value FFF
End Message Delimiter 1C Optional. Must be present if a message trailer is present.
Value X'19
The existing Racal Transaction key commands have been modified to support longer
messages the new commands are backward compatible with existing systems the details of the
modifications are as follows.
To use the extended message length option, the calling application has to set the Message
Length field to zero, whereupon the Message Text field will be of zero length, i.e. not present.
The zero Message Length enables the HSM to check for the optional Delimiter, any Extended
Message Pointer(s), the Extended Message Length field which defines the length of the
Extended Message.
Some of the functions do not include a pointer to items included in the message, whilst other
functions include either one or two pointers. If a function does include one or two pointers, one
or two Extended Message Pointers are included after the Delimiter as appropriate. The original
pointer(s) in the function are ignored when extended messages are used, however the 2 hex
digit placeholder(s) for the original pointer(s) must still be supplied.
Whilst the extended commands allow for message sizes up to 65537 characters long (hex
FFFF), in practice the limit is imposed by the maximum size of the HSM input buffer. For the
standard HSM (Models RG7x00), the input buffer size is limited to 2047 characters. Allowing for
the other parts of a command message, the maximum message size will be in the region of
1900 characters. The high speed HSM (Models RG7x10) has a much larger input buffer (32K)
although the interface option in use may impose limits which are smaller than this. The HSM will
check that the message lengths (and the pointers) are within sensible limits for the HSM
platform executing the function.
Users may, if they wish, use the Extended Message Length scheme for small messages (i.e.
less than 160 bytes)
Terminal key register 16 H The terminal key register encrypted under LMK pair 14-15.
Account number pointer 2H 00 if the account number starts at the first character in the
message text field, and one value greater for each
subsequent character into the field. The account number is
terminated by the first non-numeric character. This is
ignored if extended length messages are used but 2 hex
digits must still be supplied.
Fields C & D 16 H The C & D fields from the magnetic stripe of a card as
defined in the Racal Security Scheme.
PIN block pointer 2H 00 if the PIN block starts at the first character in the
message text field, and one value greater for each
subsequent character into the field. The PIN block is
assumed to be 16 (hexadecimal) characters and is assumed
to be formatted according to ANSI X9.8. . This is ignored if
extended length messages are used but 2 hex digits must
still be supplied.
Message length 2H Value X00 to XA0 (decimal 160) indicating the length of the
next field. This field should be set to X'00 and the next field
omitted if extended length messages required.
Extended account number 4H Optional. Only present if extended length messages are to
pointer be used. 0000 if the account number starts at the first
character in the message text field, and one value greater for
each subsequent character into the field. The account
number is terminated by the first non-numeric character.
Extended PIN block 4H Optional. Only present if extended length messages are to
pointer be used. 0000 if the PIN block starts at the first character in
the message text field, and one value greater for each
subsequent character into the field. The PIN block is
assumed to be 16 (hexadecimal) characters and is assumed
to be formatted according to ANSII X9.8.
Extended Message Text nA Optional. Only present if extended length messages are to
be used. The message to be authenticated as received from
the terminal, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. An all zero
account number cannot be used.
RESPONSE MESSAGE
Message header nA Returned to the Host unchanged.
Response code 2A Value RJ.
Error code 2N 00 : No errors.
01 : MAC verification fail.
10 : Key register parity error.
12 : No keys loaded in user storage.
13 : LMK error; report to supervisor.
15 : Error in input data.
20 : PIN block does contain valid values.
21 : Invalid user storage index.
22 : All zero account number used. (Processing is
terminated).
24 : PIN is fewer than 4 or more than 12 digits.
80 : Message length error.
MAC residue 8H The MAC residue encrypted under LMK 10.
Similar to the previous command, but does not return the derived TPK.
Terminal key register 16 H The terminal key register encrypted under LMK pair 14-15.
Account number pointer 2H 00 if the account number starts at the first character in the
message text field, and one value greater for each
subsequent character into the field. The account number is
terminated by the first non-numeric character. This is
ignored if extended length messages are used but 2 hex
digits must still be supplied.
Message length 2H Value X00 to XA0 (decimal 160) indicating the length of the
next field. This field should be set to X'00 and the next field
omitted if extended length messages required.
Extended account number 4H Optional. Only present if extended length messages are to
pointer be used. 0000 if the account number starts at the first
character in the message text field, and one value greater for
each subsequent character into the field. The account
number is terminated by the first non-numeric character.
Extended Message Length 4H Optional. Only present if extended length messages are to
be used. Defines the length of the next field. Maximum
value is determined by the maximum size of the HSM input
buffer.
Extended Message Text nA Optional. Only present if extended length messages are to
be used. The message to be authenticated as received from
the terminal, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. An all zero
account number cannot be used.
The command does not accept an all zero account number element of the message text field.
Terminal key register 16 H The terminal key register encrypted under LMK pair 14- 15.
Account number pointer 2H 00 if the account number starts at the first character in the
message text field, and one value greater for each
subsequent character into the field. The account number is
terminated by the first non-numeric character. This is ignored
if extended length messages are used but 2 hex digits must
still be supplied.
Message length 2H Value X00 to XA0 (decimal 160) indicating the length of the
next field. This field should be set to X'00 and the next field
omitted if extended length messages required.
Extended account number 4H Optional. Only present if extended length messages are to
pointer be used. 0000 if the account number starts at the first
character in the message text field, and one value greater for
each subsequent character into the field. The account
number is terminated by the first non-numeric character.
Extended Message Length 4H Optional. Only present if extended length messages are to
be used. Defines the length of the next field. Maximum
value is determined by the maximum size of the HSM input
buffer.
Extended Message Text nA Optional. Only present if extended length messages are to
be used. The message to be authenticated as received from
the terminal, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. An all zero
account number cannot be used.
End message delimiter 1C Present only if present in the command message. Value
X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
Terminal key register 16 H The terminal key register encrypted under LMK pair 14-15.
Fields A & B 16 H The A & B fields as defined in the Racal Security Scheme.
Message length 2H Value X00 to XA0 (decimal 160) indicating the length of the
next field. This field should be set to X'00 and the next field
omitted if extended length messages required.
Extended Message Length 4H Optional. Only present if extended length messages are to
be used. Defines the length of the next field. Maximum
value is determined by the maximum size of the HSM input
buffer.
Extended Message Text nA Optional. Only present if extended length messages are to
be used. The message to be authenticated as received from
the terminal, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. An all zero
account number cannot be used.
Terminal key register 16 H The terminal key register encrypted under LMK pair 14-15.
Fields A & B 16 H The A & B fields as defined in the Racal Security Scheme.
ZPK or flag 16H or The ZPK under which Auth Para is encrypted, or the
1A+32H or 1A+48H or character L if Auth Para is encrypted under the LMK.
A
MAC residue 8H The MAC residue from the request message processing;
encrypted under LMK 10.
Message length 2H Value X00 to XA0 (decimal 160) indicating the length of the
next field. This field should be set to X'00 and the next field
omitted if extended length messages required.
Message text nA The response message on which the response MAC should
be calculated. Omitted if extended length messages are
required.
Extended Message Length 4H Optional. Only present if extended length messages are to
be used. Defines the length of the next field. Maximum
value is determined by the maximum size of the HSM input
buffer.
Extended Message Text nA Optional. Only present if extended length messages are to
be used. The message to be authenticated as received from
the terminal, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. An all zero
account number cannot be used.
End message delimiter 1C Present only if present in the command message. Value
X19.
Terminal key register 16 H The terminal key register encrypted under LMK pair 14-15.
Fields A & B 16 H The A & B fields from the card as defined in the Racal
Security Scheme.
Auth Para data block 16 H The data block used to generate Auth Para.
MAC residue 8H The MAC residue from the request message processing;
encrypted under LMK 10.
Message length 2H Value X00 to XA0 (decimal 160) indicating the length of the
next field. This field should be set to X'00 and the next field
omitted if extended length messages required.
Message text nA The response message on which the response MAC should
be calculated. Omitted if extended length messages are
required.
Extended Message Length 4H Optional. Only present if extended length messages are to
be used. Defines the length of the next field. Maximum
value is determined by the maximum size of the HSM input
buffer.
Extended Message Text nA Optional. Only present if extended length messages are to
be used. The message to be authenticated as received from
the terminal, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. An all zero
account number cannot be used.
Terminal key register 16 H The new terminal key register to replace the current value;
encrypted under LMK pair 14-15.
End message delimiter 1C Present only if present in the command message. Value
X19.
26.8 Confirmation
Command: Verify MAC on incoming confirmation message from the terminal.
Fields A & B 16 H The A & B fields from the card as defined in the Racal
Security Scheme.
MAC residue 8H The MAC residue from the previous message processing;
encrypted under LMK 10.
Message length 2H Value X00 to XA0 (decimal 160) indicating the length of the
next field. This field should be set to X'00 and the next field
omitted if extended length messages required.
Message text nA The response message on which the response MAC should
be calculated, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. Omitted if
extended length messages are required.
Extended Message Text nA Optional. Only present if extended length messages are to
be used. The message to be authenticated as received from
the terminal, but excluding the STX, ETX and LRC. The last
8 characters are assumed to be the MAC. An all zero
account number cannot be used.
Generate a base derivation key (*BDK) and encrypt it under LMK pair 28-29 for Host storage.
Translate a PIN from *BDK to interchange key encryption.
Verify a PIN using the IBM method.
Verify a PIN using the Visa PVV method.
Verify a PIN using the Diebold method.
Verify a PIN using the encrypted PIN method.
Translate an encrypted *BDK from *ZMK to LMK.
Translate an encrypted *BDK from LMK to *ZMK.
*BDK 32H or 1A+32H The *BDK pair encrypted under LMK pair 28-29.
ZPK 16H or The Zone Pin Key encrypted under LMK pair 06-07.
1A+32H or 1A+48H
KSN descriptor 3H The descriptor for the KSN (in the next field).
Key serial number 12 - 20 H The KSN supplied by the PIN pad.
Source encrypted block 16 H The encrypted PIN block received from the POS PIN
terminal.
End message delimiter 1C Present only if a message trailer is present. Value X19.
Notes: The command performs the same function as DA and EA, plus it computes the
PIN pad key.
The PIN block is assumed to be in the ANSI X9.8 format; no source PIN block
format codes are required.
KSN descriptor 3H The descriptor for the KSN (in the next field).
Key serial number 12 - 20 H The KSN supplied by the PIN pad.
Source encrypted block 16 H The encrypted PIN block received from the POS PIN
terminal.
The PIN block is assumed to be in the ANSI X9.8 format; no source PIN block
format codes are required.
PIN verification key 16 H The PIN verification key encrypted under LMK pair 14-15.
PVK 32H or 1A+32H The PIN verification key, encrypted under LMK pair 14-15.
KSN descriptor 3H The descriptor for the KSN (in the next field).
Source encrypted block 16 H The encrypted PIN block received from the POS PIN
terminal.
Account number 12 N The 12 right-most digits of the PAN, excluding the check
digit.
End message delimiter 1C Present only if a message trailer is present. Value X19.
Message trailer nA Optional. Maximum length 32 characters.
RESPONSE MESSAGE
Message header nA Returned to the Host unchanged.
*BDK 32H or 1A+32H The *BDK encrypted under LMK pair 28-29.
Diebold algorithm number 2H The algorithm number required by the Diebold method.
KSN descriptor 3H The descriptor for the KSN (in the next field).
Key serial number 12 - 20 H The KSN supplied by the PIN pad.
Source encrypted block 16 H The encrypted PIN block received from the POS PIN
terminal.
Account number 12 N The 12 right-most digits of the PAN, excluding the check
digit.
*BDK 32H or 1A+32H The *BDK encrypted under LMK pair 28-29.
KSN descriptor 3H The descriptor for the KSN (in the next field).
Key serial number 12 - 20 H The KSN supplied by the PIN pad.
Source encrypted block 16 H The encrypted PIN block received from the POS PIN
terminal.
Account number 12 N The 12 right-most digits of the PAN, excluding the check
digit.
Encrypted data base PIN LN The PIN from the Host database encrypted under LMK pair
02-03.
End message delimiter 1C Present only if a message trailer is present. Value X19.
Notes: The command ignores the S/D (single/double length) parameter set by the CS
(Configure Security) command.
A key check value (KCV) is produced for the *BDK.
*ZMK 32H or 1A+32H or The *ZMK encrypted under LMK pair 04-05.
1A+48H
Atalla variant 1 N or 2 N Optional. For use in networks that use a *ZMK variant.
Key check value 8H Result of encrypting 64 binary zeros with the *BDK.
*BDK 32H or 1A+32H The *BDK encrypted under LMK pair 28-29
Atalla variant 1 N or 2 N Optional. For use in networks that use a *ZMK variant.
Key scheme LMK 1A Optional. Key scheme for encrypting key under LMK.
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Present only if a message trailer is present. Value X19.
Terminal-to-acquirer requests:
Transaction request without a PIN. Used to receive a cardholder request message from a
terminal with no PIN.
Transaction request with PIN (T/AQ key). Used to receive a cardholder request message
from a terminal with a PIN encrypted under the T/AQ key.
Transaction request with PIN (T/CI key). Used to receive a request from the terminal when
the PIN key cannot be determined by the acquirer.
Acquirer-to-terminal responses:
Transaction response originating at the acquirer. Used when authorization is generated by
the acquirer.
Transaction response originating at the card issuer. Used when authorization is generated
at the card issuer.
Acquirer PIN translation:
Translate a PIN from encryption under the PEK to encryption under a ZPK.
Acquirer completion:
Verify completion confirmation message from terminal. Used to verify the MAC on a
confirmation message from the terminal.
Generate completion response.
Terminal key 16 H The terminal key encrypted under LMK pair 14-15.
AB 16 H Formed in accordance with the terminal specification by the
Host.
EITHER
For Binary
Communications Modes:
Message length 3H X001 to X320 indicating the length of the next field.
Message text nB 1 to 800 bytes of message. The last 64 bits (8 bytes) are the
MAC field of which the left-most 32 bits contain the MAC.
OR
For Normal Async
Modes:
Message length 3H X002 to X320 indicating the number of characters in the
next field.
PIN block pointer 3H X000 to X310. Count in bytes. X000 indicates that the PIN
block is the first 64 bits.
EITHER
For Binary
Communications Modes:
Message length 3H X001 to X320 indicating the length of the next field.
Message text nB 1 to 800 bytes of message. The last 64 bits (8 bytes) are the
MAC field of which the left-most 32 bits contain the MAC.
OR
For Standard Async
Communications Mode:
Message length 3H X002 to X320 indicating the number of characters in the next
field.
Terminal key 16 H The terminal key encrypted under LMK pair 14-15.
Message text nB 1 to 800 bytes of message. The last 64 bits (8 bytes) are the
MAC field of which the left-most 32 bits contain the MAC.
OR
For Standard Async
Communications Mode:
Message length 3H X002 to X320 indicating the number of characters in the
next field.
The function can also be used to generate a MAC and update the Terminal Key for an
Administration message response. For this purpose, the AP Include flag is E.
If the Host is unable to support binary data transfers, the command can be used in standard
(ASCII character) asynchronous mode (in which the message to be MACed is transferred in
expanded hexadecimal notation).
The AT, STAN and CATID pointers are in integral bytes and refer to the locations of the various
values in the binary message. They are therefore the same irrespective of the communications
mode in use. In standard async mode, they can be used only AFTER re-compression to a
binary message.
OR
For Standard Async
Communications
Mode:
Message length 3H X002 to X320 indicating the number of characters in the
next field.
Terminal key 16 H The new derived TK encrypted under LMK pair 14-15.
End message delimiter 1C Present only if present in the command message. Value
X19.
28.5 Transaction Response With Auth Para Generated by the Card Issuer
Command: Generate a response message to be sent to the Terminal, with Auth Para
generated by the Card Issuer.
Notes: The command is used where a Card Issuer has generated Auth Para and sent
it to the Acquirer encrypted under a Zone PIN Key (ZPK). Its main functions are
to generate the MAC for the response message and to update the Terminal
Key.
If the Host is unable to support binary data transfers, the command can be used
in standard (ASCII character) asynchronous mode (in which mode the message
to be MACed is transferred in expanded hexadecimal notation).
Terminal key 16 H The terminal key encrypted under LMK pair 14-15.
MAC residue (MR1 ) 8H MR from the request message encrypted under LMK 10.
AP include flag 1A I = include, E = exclude.
Zone PIN key 16H or ZPK encrypted under LMK pair 06-07. Present only if AP
1A+32H or 1A+48H include flag is I.
OR
For Standard Async
Communications Mode:
Message length 3H X002 to X320 indicating the number of characters in the
next field.
Zone PIN key 16H or ZPK encrypted under LMK pair 06-07.
1A+32H or 1A+48H
Encrypted PIN block 16 H From terminal, encrypted under card key and PEK.
End message delimiter 1C Present only if present in the command message. Value
X19.
MAC residue 8H MR2 from transaction response encrypted under LMK 10.
EITHER
For Binary
Communications Modes:
Message length 3H X001 to X320 indicating the length of the next field.
Message text nB 1 to 800 bytes of message. The last 64 bits (8 bytes) are the
MAC field of which the left-most 32 bits contain the MAC.
OR
For Standard Async
Communications Mode:
Message length 3H X002 to X320 indicating the number of characters in the
next field.
End message delimiter 1C Present only if present in the command message. Value
X19.
28.9 Verify a PIN at the Card Issuer Using the IBM Method
Command: Verify a PIN using the IBM algorithm and generate Auth Para at the Card
Issuer.
Note: The command enables a Card Issuer to recover an encrypted PIN block sent by
the Acquirer.
If a double or triple length PVK presented the warning 02 is returned but
processing continues verifying the PIN using TDES in place of DES
Destination zone PIN key 16H or ZPK d encrypted under LMK pair 06-07.
1A+32H or 1A+48H
PIN verification key 16H or PVK encrypted under LMK pair 14-15.
1A+32H or 1A+48H
AB 16 H
CD 16 H
STAN 6N
Account number 12 N
Decimalization table 16 N
PIN validation data 16 H Note: This must be the full 16-hexadecimal character field,
exactly as it is to be used.
Offset 12 N
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
28.10 Verify a PIN at the Card Issuer Using the Diebold Method
Command: Verify a PIN using the Diebold algorithm and generate Auth Para at the Card
Issuer.
Notes: The command enables a Card Issuer to recover an encrypted PIN block sent
by the Acquirer.
Source zone PIN key 16H or ZPK s encrypted under LMK pair 06-07.
1A+32H or 1A+48H
Destination zone PIN key 16H or ZPK d encrypted under LMK pair 06-07.
1A+32H or 1A+48H
AB 16 H
CD 16 H
STAN 6N
AT 12 H
Index flag 1A Value K.
Index pointer 3H Points at Diebold table.
Algorithm number 2H Diebold algorithm required.
PIN block 16 H
Validation data 20 H Note: This must be the full 20-hexadecimal character field,
exactly as it is to be used.
Offset 4N
2N 00: No errors.
01: PIN verification.
10 : ZPKs parity error.
11 : ZPKd or PVK parity error.
12 : No keys loaded in user storage.
13 : LMK error; report to supervisor.
15 : Error in input data.
20 : PIN block does not contain valid values.
21 : Invalid user storage index.
23 : Invalid PIN block format code.
24 : PIN is fewer than 4 or more than 12 digits in
length.
90 : Communications link parity error.
91 : Communications link LRC error.
92 : Transparent async data length error.
Auth Para 16 H Auth Para encrypted under a variant of ZPK d (only if there is
no error).
End message delimiter 1C Present only if present in the command message. Value
X19.
28.11 Verify a PIN at the Card Issuer Using the Visa Method
Command: Verify a PIN using the Visa PVV and generate Auth Para at the Card Issuer.
Note: The command enables a Card Issuer to recover an encrypted PIN block sent
by the Acquirer.
Source zone PIN key 16H or ZPK s encrypted under LMK pair 06-07.
1A+32H or 1A+48H
Destination zone PIN key 16H or ZPK d encrypted under LMK pair 06-07.
1A+32H or 1A+48H
AB 16 H
CD 16 H
STAN 6N
PVKI 1N
PVV 4N
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
Source zone PIN key 16H or ZPK s encrypted under LMK pair 06-07.
1A+32H or 1A+48H
Destination zone PIN key 16H or ZPK d encrypted under LMK pair 06-07.
1A+32H or 1A+48H
AB 16 H
CD 16 H
STAN 6N
CATID 16 H Representing the 64 bit field.
AT 12 H
Account number 12 N
End message delimiter 1C Present only if present in the command message. Value
X19.
Source zone PIN key 16H or ZPK encrypted under LMK pair 06-07.
1A+32H or 1A+48H
AB 16 H
CD 16 H
STAN 6N
CATID 16 H Representing the 64 bit field.
AT 12 H
End message delimiter 1C Present only if present in the command message. Value
X19.
The MAC commands specified in the following sections have associated "mode" numbers in
the range 0 to 3, as follows:
Mode 0: Normal mode. Used to generate the MAC for a message which completely fits in
the HSM buffer, which is 800 bytes or characters long.
Mode 1: Extended message (first block). Used to process the first 800 characters
(maximum) of a message greater than 800 characters. The output is an
intermediate value to be used as the Initialisation Vector for the next stage.
Mode 2: Extended message (middle block(s)). Used to process each complete 800
(maximum) character block after the first block for a message that exceeds 1600
characters. Requires an Initialisation Vector, and produces one for the next stage.
Mode 3: Extended message (last block). Used to process the last block of less than 800
characters of an extended message. Requires an Initialisation Vector, and
produces the final MAC.
For binary MAC functions, using modes 1 and 2, the number of message bytes supplied must
be a multiple of eight, otherwise a length error (error 80) is returned. For MAC functions where
binary data is input as two hexadecimal characters, the number of characters supplied must be
a multiple of sixteen (i.e. 8 bytes when compressed).
For modes 0 and 3 the HSM appends binary zeros up to an eight byte (64 bit) boundary if
insufficient data is supplied.
Initialization vector (IV) 16 H Modes 2,3. IV returned from either mode 1 or 2 encrypted
under variant 1 of LMK pair 16-17.
MAC 8H Modes 0,3. The MAC received with the unsolicited message.
EITHER
For Binary
Communications
Modes:
Message length 3H X001 to X320 indicating the length of the next field.
Message text nB 1 to 800 bytes of message.
OR
For Standard Async
Communications
Mode:
Message length 3H X002 to X320 indicating the number of characters in the
next field.
End message delimiter 1C Present only if present in the command message. Value
X19.
Algorithm Identifiers
Signature Algorithm:
01 RSA.
Hash Algorithm:
01 SHA-1, produces a 20 byte result.
02 MD5, produces a 16 byte result.
03 ISO 10118-2, produces a 16 byte result.
04 No hash.
If the no-hash option is chosen, the presented data is padded (according to the Pad Mode
Identifier). It is the responsibility of the Host application to ensure that the precise data to be
included in the signature block is supplied in the command.
Encryption Algorithm:
01 RSA.
Pad Mode:
01 PKCS#1.
where:
BT is a single byte indicating the block type
PS is a padding string
D is the data.
The total length of the padded block is equal to the length (in bytes) of the RSA key modulus.
BT is 01 for a secret key operation; 02 for a public key operation.
PS consists of bytes FF....FF for block type 01; random non-zero bytes for block type 02. PS
must contain at least 8 bytes.
The data block D is the ASN.1 encoded message digest, or DES key (depending on the
command used), as follows:
DigestInfo :: SEQUENCE {
digestAlgorithm DigestAlgorithmldentifier,
digest OCTET STRING
}
DigestAlgorithmldentifier :: SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters NULL
}
KeyBlock :: SEQUENCE {
deskey OCTET STRING,
iv OCTET STRING SIZE (8)
}
Examples:
Assume that the SHA-1 algorithm is used to produce the 20-byte digest:
0123456789ABCDEF0123456789ABCDEF01234567.
When the PKCS#1 pad mode is used, the following validity checks are carried out:
For a validation operation (Validate a Certificate, Validate a Signature):
The length of the data to be validated is equal to the length (in bytes) of the modulus of the key
to be used for the validation. If not, error code 76 is returned.
The first byte of the clear data block is 00. If not, error code 77 is returned.
The second byte of the clear data block is 01. If not, error code 77 is returned.
Subsequent bytes consist of at least 8 bytes of binary 1s, followed by a zero byte. If not, error
code 77 is returned.
The hash algorithm object identifier corresponds to that of the identifier of the hash algorithm
supplied in the command message. If not, error code 79 is returned.
The digest is compared with the hash of the supplied data. If the two values are not equal,
error code 02 is returned.
For a generation operation (Generate a Signature):
The length (in bytes) of the data block D is at most m-11 (where m is the length, in bytes, of the
modulus of the key to be used). If not, error code 76 is returned.
For an import key operation (Import a DES Key):
The length of the imported key block is equal to the length (in bytes) of the modulus of the
secret key to be used to decrypt the block. If not, error code 76 is returned.
The first byte of the clear data block is 00 and the second byte is 02. If not, error code 77 is
returned.
Subsequent bytes consist of at least 8 bytes of random non-zero bytes, followed by a zero byte.
If not, error code 77 is returned.
The data block D conforms to the ASN.1 encoding rules. If not, error code 77 is returned.
2-222 1270A514 Issue 3
Host Security Module RG7000 HOST COMMANDS
Example:
X'30 X'81 X'86 X'02 X'81 X'80 128 byte X'02 X'01 X'03
Modulus
X'81 X'80 specifies the length of the following field in bytes using the same definition as above
(128 Bytes).
X'01 specifies the length of the following field in bytes using the same definition as above (1
Byte).
The following ASN.1 DER encoded object identifiers for hashing functions are used by the
HSM:
If the no-hash option is chosen, the data that is provided in the Validate a Certificate, Generate
a Signature and Validate a Signature commands is not modified in any way by the HSM, so it
must be precisely the data in the plain signature block (which depends on the pad mode used).
For example, if the SHA-1 algorithm is used to hash the data and the resultant hash value is:
0123456789ABCDEF0123456789ABCDEF01234567,
and if the PKCS#1 pad mode is used, the data to be provided must be the complete ASN.1
DER encoded DigestInfo, which is:
30 21 300906052B0E03021A0500 04140123456789ABCDEF0123456789ABCDEF01234567
Note that when using the no-hash mode, the HSM checks that the DER encoded DigestInfo
syntax is correct. If there is a digest info syntax error, the HSM returns error code 74.
Notes: Depending on key size, the function may take several minutes to execute.
The HSM must be in the Authorised state.
If a Public Exponent is supplied in the command message, it must be an odd
value (i.e. the least-significant bit must be 1). If an even Public Exponent is
supplied, an error code is returned.
Key index 2N Index number for secret key to be stored (used if multiple
storage of keys is required).
29.3 Translate a Secret Key from the Old LMK to a New LMK
Command: Translate a secret key from encryption under the old LMK pair 34-35 held in
key change storage, to encryption under a new LMK pair 34-35.
Secret key nB Secret key, encrypted under new LMK pair 34-35.
End message delimiter 1C Present only if present in the command message. Value
X19.
Notes: The function can be used, for example, to protect a certification authority public
key.
The HSM must be in the Authorised state.
Public key encoding 2N Encoding rules for the supplied public key (must allow the
public key length to be inferred).
End message delimiter 1C Present only if present in the command message. Value
X19.
Hash offset 4N Offset to the first byte in the certificate data to be included
in the hash calculation.
Hash length 4N Length (in bytes) of the data within the certificate which is
included in the hash calculation.
Signature offset 4N Offset to the first byte of the signature contained in the
certificate data.
Hash identifier 2N Identifier of the hash algorithm used to hash the certificate
data.
Pad mode identifier 2N Identifier of the pad mode used in certificate signature
generation.
Public key encoding 2N Encoding rules for the public key contained in the
certificate (must allow the public key length to be inferred).
Public key offset 4N Offset to the first byte of the public key field contained in
the certificate
Secret key length 4N Optional. Length (in bytes) of the next field. Must be
present if the secret key field is present.
Secret key nB Optional. Secret key, encrypted under LMK pair 34-35.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Public key nB Secret key, encrypted under new LMK pair 34-35.
End message delimiter 1C Present only if present in the command message. Value
X19.
End message delimiter 1C Present only if present in the command message. Value
X19.
Pad mode identifier 2N Identifier of the pad mode used in signature generation.
Secret key flag 2N Flag, indicates the location of the secret key. The number
is the index of the stored secret key, except 99 which
means use the key supplied in the command.
Secret key length 4N Length (in bytes) of the next field (present only if the
secret key flag is 99).
Secret key nB Secret key, encrypted using LMK pair 34-35 (present only
if the secret key flag is 99).
End message delimiter 1C Present only if present in the command message. Value
X19.
Hash identifier 2N Identifier of the hash algorithm used to hash the message.
Signature Identifier 2N Identifier of the signature algorithm used to sign the
message.
Pad mode identifier 2N Identifier of the pad mode used in signature generation.
Command: To translate a DES key from encryption under a public key to encryption under
the LMK.
Encryption identifier 2A Identifier of the algorithm used to encrypt the DES key.
Pad mode identifier 2N Identifier of the pad mode used in the encryption process.
DES key type 4N Indicates the required LMK pair, including the LMK
variant.
Encrypted key length 4N Length (in bytes) of the encrypted DES key.
DES key (PK) nB DES key, encrypted under the public key.
Secret key flag 2N Flag, indicates the location of the secret key. The number
is the index of the stored secret key, except 99 which
means use the key supplied in the command.
Secret key length 4N Length (in bytes) of the next field (present only if the
secret key flag is 99).
Secret key nB Secret key, encrypted using LMK pair 34-35 (present only
if the secret key flag is 99).
Key check value type 1A Optional. Key check value calculation method
0 - KCV backwards compatible.
1 - KCV 6H.
End message delimiter 1C Optional. Must be present if a message trailer is present.
Value X19.
Encryption identifier 2A Identifier of the algorithm used to encrypt the DES key.
Pad mode identifier 2N Identifier of the pad mode used in the encryption process.
DES key type 4N Indicates the required LMK pair, including the LMK
variant.
DES key flag 1N Flag indicates the length of the DES key:
0 : single-length key.
1 : double-length key
2 : triple-length key
DES key (LMK) 16H or 32H or DES key, encrypted under the LMK pair indicated by DES
1A+32H or 1A+48H key type (length indicated by DES key flag).
DES key (PK) nB DES key, encrypted under the public key.
End message delimiter 1C Present only if present in the command message. Value
X19.
CHAPTER 3
1 GENERAL 3-1
2 FORMAT 01 3-1
3 FORMAT 02 3-1
4 FORMAT 03 3-2
5 FORMAT 04 3-2
6 FORMAT 05 3-3
1 GENERAL
For PIN verification and PIN translation, the HSM requires the PIN to be input as a 16-digit PIN
block. The HSM supports four types of PIN block formats, each identified by a 2-digit PIN block
format code.
2 FORMAT 01
Format 01 is the format adopted by the American National Standards Institute (ANSI X9.8) and
is one of two formats supported by the International Standards Organisation (ISO 95641 -
format 0).
The format combines the customer PIN and account number as follows:
A 16-digit block is made from the digit 0, the length of the PIN, the PIN, and a pad
character (hexadecimal F). For example, for the 5-digit PIN 92389, the block is:
0592 389F FFFF FFFF
Another 16-digit block is made from four zeros and the 12 right-most digits of the account
number, excluding the check digit. For example, for the 13-digit account number 4000
0012 3456 2, where the check digit is 2, the block is:
05 92 38 9F FF FF FF FF
00 00 40 00 00 12 34 56
PIN block: 05 92 78 9F FF ED CB A9
3 FORMAT 02
Format 02 supports Docutel ATMs. A PIN block is created from the PIN length, a
6-digit PIN, and a user-defined numeric padding string.
If the PIN has fewer than 6 digits, it is left-justified and zero filled.
For example, for the 5-digit PIN 92389, the PIN digits are 923890.
With pad characters added, the PIN block could be, for example:
4 FORMAT 03
Format 03 supports Diebold and IBM ATMs. It also applies to the Docutel format that does not
include a PIN length. The PIN block is created from the customer PIN and the hexadecimal F
padding character. For example, for the 5-digit PIN 92389, the PIN block is:
5 FORMAT 04
Format 04 is the PIN block format adopted by the PLUS network. The format combines the
customer PIN and the related account number as follows:
A 16-digit block is made from the digit 0, the length of the PIN, the PIN, and a pad
character (hexadecimal F). For example, for the 5-digit PIN 92389, the block is
Another 16-digit block is made from four zeros and the left-most 12 digits of the account
number. For example, for the 16-digit account number 2283 4000 0012 3456, where the
check digit is 6, the block is:
For the PIN translation CA and CC commands, there are two format
fields; if either is 04, the account number field must be 18 digits. If
the account number is less than 18 digits, it must be right-justified
and padded with XF on the left.
BC, BE, CA, CC, CG, DA, DC, EA, EC, EG, JC, JE. When reviewing the details for these
commands, consider the change to the account field that this format requires.
6 FORMAT 05
Format 05 is the ISO 9564-1 Format 1 PIN Block represented by the following 16 hexadecimal
values:
1NP 1 . . P N R . . R
Where
The following validity checks are carried out on incoming Format 05 PIN blocks:
CHAPTER 4
ERROR CODES
1 GENERAL 4-1
1 GENERAL
The standard error codes returned by the HSM to the Host are listed in the table. Details of
which error codes are applicable to each command are documented in Chapter 2.
Code Description
00 No errors.
01 Verification failure. / Warning Imported key parity error
02 Key inappropriate length for algorithm
04 Invalid key type code.
05 Invalid key length flag.
10 Source key parity error.
11 Destination key parity error. / Key all 0
12 Contents of user storage not available. Reset, power-down or overwrite.
13 Master Key parity error.
14 PIN encrypted under LMK pair 02-03 is invalid.
15 Invalid input data (invalid format, invalid characters, or not enough data provided).
16 Console or printer not ready/not connected.
17 HSM not in the Authorized state, or not enabled for clear PIN output, or both.
18 Document format definition not loaded.
19 Specified Diebold Table is invalid.
20 PIN block does not contain valid values.
21 Invalid index value, or index/block count would cause an overflow condition.
22 Invalid account number.
23 Invalid PIN block format code.
24 PIN is fewer than 4 or more than 12 digits in length.
25 Decimalization table error.
26 Invalid key scheme
27 Incompatible key length
28 Invalid key type
29 Key function not permitted
30 Invalid reference number.
31 Insufficient solicitation entries for batch.
33 LMK Key change storage is corrupted.
40 Invalid firmware checksum.
41 Internal hardware/software error: bad RAM, invalid error codes, etc.
42 DES failure.
80 Data length error. The amount of MAC data (or other data) is greater than or less than
the expected amount.
90 Data parity error in the request message received by the HSM.
91 Longitudinal Redundancy Check (LRC) character does not match the value computed
Code Description
over the input data (when the HSM has received a transparent async packet).
92 The Count value (for the Command/Data field) is not between limits, or is not correct
(when the HSM has received a transparent async packet).