I am trying to build a card pin solution whereby customers are able to logon to a web portal and set their own card PIN and afterwards generate a PVV value of the new PIN.
The list of commands I trying to use are
The JG\JH command requires a PIN under LMK which means I need to do a BA\BB command on the customer PIN first before I can proceed. To do this the HSM must be in an authorized state.
Is there a different way of achieving this?
Well, the right way is to do it in a similar manner as it would have been on an ATM terminal.
1. Create a clear PIN block
For ex. PIN = 1234 PAN = 400000000000002 Block 1 [0+Pin Length+Filler to make it 16]: 0+ 4+1234+FFFFFFFFFF = 41234FFFFFFFFFF Block 2 [0000 + PAN(12, exclude first 3 and last check digit)]: 0000 + 000000000000 = 0000000000000000 Clear PIN Block = XOR(Block 1 , Block 2)
2. Encrypt (apply 3DES) clear PIN block under ZPK.
If you are using java then try javax.crypto.Cipher.
3. Use encrypted PIN Block in command "FW" to generate PVV
- Command Code (FW)
- PIN Encryption Key Type (001 for ZPK)
- PIN Encryption Key (ZPK)
- PIN Verification Key
- PIN Block
- PIN Block Format Code
- PAN/Account(12)
- PVKI
