Luna EFT Clear PIN User Guide_PN007-012067-001_RevA

SafeNet. Part Number: 007-012067-001 (Rev A. SafeNet invites constructive comments on the contents of this document.Clear PIN User Guide Preface Preface © 2012 SafeNet. recording or otherwise without the prior written permission of SafeNet. 06/2012) All intellectual property is protected by copyright. Software ID M090600E Action/Change Initial release. All rights reserved. No part of this document may be reproduced. Date June 2012 i . Furthermore. photocopy. These comments. stored in a retrieval system or transmitted in any form or by any means. All trademarks and product names used or referred to are the copyright of their respective owners. Inc. Inc. electronic. 4690 Millennium Drive Belcamp. SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. chemical. Maryland 21017 USA Revision A © SafeNet. SafeNet reserves the right to revise this publication and to make changes from time to time in the content hereof without the obligation upon SafeNet to notify any person or organization of any such revisions or changes. Inc. mechanical. together with your personal and/or company details. should be sent to the address below. E-mail based support support@safenet-inc. (410) 931-7520 France 0825 341000 Germany 01803 7246269 United Kingdom 01276 608000. Supports and Downloads http://www.com/Support Provides access to knowledge base and quick downloads for various products.com Existing customers with a Customer Connection Center account can log in to manage incidents. +1 410 931-7520 Australia and New Zealand 1 410 931-7520 (Intl) China (86) 10 5781 0666 India +1 410 931-7520 (Intl) © SafeNet. get latest software upgrades and access the complete SafeNet Knowledge Base repository. .safenet-inc.com Telephone-based support ii United States (800) 545-6608.safenet-inc. please contact Technical Support using this information: Customer Connection Center (C3) http://c3.Clear PIN User Guide Preface Technical Support If you have questions or need additional assistance. Inc. ............................................................................................................... 1  Common Terms and Phraseology ......................... 1  Supplemental Documentation .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. ii  Chapter 1 Introduction................................................................................................................................................................................................................................................ 3  Function Descriptions .................................................... 3  Function Message Formats ............................................................ 4  Appendix A Error Codes .................................. 2  Chapter 2 Host Functions ......................... 1  Console operations support................................................................................................................................................................................................................... 3  Overview ............ 7  Function Error Codes....... iii .......................................................................................................................... Inc..................................... 7  © SafeNet............................................... i  Technical Support ......................................................................... 4  CLR-PIN-ENCRYPT ............................................................... 1  Host functions support .....................................................................................................................................................................................Clear PIN User Guide Table of Contents Table of Contents Preface.............................................................................................................................................................................................................................................................. 1  Overview ................... Clear PIN User Guide iv Table of Contents © SafeNet. Inc. . for details of the standard functionality. The device has been renamed as SafeNet Luna EFT (PH-EFT) and is referred to as Luna EFT. Note: To enable Clear PIN option functionality. The Clear PIN option functionality incorporates HSM Console Operations and Host Functions. Supplemental Documentation This functionality is an optional extension to the standard Mark II functionality. SafeNet HSM Payment (SHP). 1 . Common Terms and Phraseology This or other documentation may refer to a SafeNet HSM security module as ESM. and SafeNet Luna EFT (PH-EFT) all refer to the same device in the context of this Guide. and the Mark II Programmer’s Guide. please contact Safenet Technical Support. ESM2000. • Luna EFT (PH-EFT) Installation Guide • Luna EFT (PH-EFT) Communications Guide – Mark II Edition • Luna EFT (PH-EFT) Programmer’s Guide – Mark II Edition • Luna EFT (PH-EFT) Console User Guide – Mark II Edition Console operations support The console operation supported by the Clear PIN Options functionality is as follows: • © SafeNet. HSM. This functionality is an optional extension to the standard SafeNet HSM functionality. PHeft. The names ESM. Please refer to the Mark II Console User Guide. Please refer to the following documentation for details of standard Mark II functionality. PHeft. ESM2000. Enabling or disabling of the Clear PIN translate host function.Clear PIN User Guide Chapter 1 Introduction Chapter 1 Introduction Overview This document defines the extended “Clear PIN” option functionality for the software operating on a MarkII HSM. hereafter. Inc. HSM or Safenet HSM Payment. Inc. © SafeNet. • The decryption of a PIN from encryption under a PPK to yield a clear PIN. . • Translation of a PIN from encryption under a PPK to encryption under another PPK.Clear PIN User Guide Chapter 1 Introduction Host functions support The host functions include options to support: 2 • The encryption of a clear PIN. Qualifier Meaning L The left part of a Key Pair R The right part of a Key Pair R Used for receiving S Used for sending V Variant * Prefix to indicate a key pair. These are always in pairs. Represents a 64 bit field. Represents a binary byte. Each field has an associated attribute and its length in bytes. For the standard Mark II functionality please refer to the Mark II Programmer’s Guide. E Encrypt in Electronic Code Book (ECB) mode. 3 . Represents an RSA public key. These are always in multiples of 8. Operator Meaning D Decrypt in Electronic Code Book (ECB) mode. Description Represents a binary digit. Represents a hexadecimal digit. Represents a 512 bit field.Clear PIN User Guide Chapter 2 Host Functions Chapter 2 Host Functions Overview This chapter details the extended formats and host functions supported by the Luna EFT for the PIN customization. Inc. Represents a BCD digit. These are always grouped in pairs. Function Message Formats Data Item Representation in Request/Response Messages Request and response content may use the following operators and qualifying letters. The attributes are defined as follows: Attribute B H D X B64 B512 P-key © SafeNet. 18. 90) Description This function accepts a clear PIN. Inc . 12. 20. PTK-EFT int EFT_EE0600_ClearPinEncrypt( 4 IN UCHAR FM. the digits must be left justified in the PIN field with one trailing decimal pad digit. 12. 10. PPK-Spec Key specifier for the PPK (eKMv1 . FM = 00. 17. Must be set to zero. 11.Clear PIN User Guide Chapter 2 Host Functions Function Descriptions CLR-PIN-ENCRYPT Request Content EE0600 FM PIN-Len PIN ANB PPK-Spec Response Content EE0600 Rc ePPK(PIN) Lengt h 3 1 Attribute 1 Var 6 Var h d d K-Spec Lengt h 3 1 Attribute h h Function Code Return Code 8 h Encrypted output PIN h h Description Function Code Function Modifier = 00 Number of digits in PIN field Clear PIN Account Number Block Key specifier for PPK (Formats: 0 . packed 2 digits per byte. 13. in the range 4 – 12. formats it into an ANSI PIN Block and encrypts the Block using the supplied PPK. 20 or 90). IN UCHAR PinLen. 14. If PIN-len is odd. ANB 12 PAN digits of the Account Number Block used to format the ANSI PIN Block. NOTES Please contact SafeNet if you require this functionality or further details.Format 0-3. © SafeNet. 11. PIN Clear PIN consisting of from 4 to 12 digits. 10. PIN-Len Identifies the number of digits in the PIN. 13.3. 14. IN UCHAR ANB[6]. OUT UCHAR ePPK_PIN[8]).Clear PIN User Guide © SafeNet. IN KEYSPEC *PPK. 5 . Chapter 2 Host Functions IN EFTBUFFER *PIN. Inc. Inc .Clear PIN User Guide Chapter 2 Host Functions 6 © SafeNet. is in an invalid PIN/PAD format. 7 . 0A Uninitialised key accessed: Key or Decimalization Table (DT) is not stored in the Eracom Security Module. © SafeNet. 05 Invalid key index: Index not defined or key with this Index not stored. Inc. A-F).g. Function Error Codes Error Code Meaning 00 No error 01 DES Fault (system disabled) 02 Illegal Function Code PIN MAILING not enabled 03 Incorrect message length 04 Invalid data in message: Character not in range (0-9. 07 PIN format error: PIN does not comply with the AS2805.Clear PIN Option User Guide Appendix A Error Codes Appendix A Error Codes Please refer to the SafeNet HSM Communications Guide for other host-connection-specific error codes. 0B Checklen error: customer PIN length is less than the minimum PVK length or less than Checklen in function.3 specification. or is in an invalid Docutel format 08 Verification failure 09 Contents of key memory destroyed: e. 06 Invalid PIN format specifier: only AS/ANSI = 1 & PIN/PAD = 3 specified. the Eracom Security Module was tampered or all KEYs deleted. .Clear PIN User Guide 8 Appendix A Error Codes © SafeNet. Inc.