User Selected PIN

Jan 18, 2011 at 10:40 AM

First, Thanks for the great Simulator, it was the most helpful.

However, although I can successfully verify HSM generated PINs using command (DC). I don't this command can verify user selected PINs.
My researches suggests that I should generate the PVV and compares them with a PVV store.

Is this right?

Moreover, I asked the Bank I work with about the PVV store (I don't think they know what they're talking about), they told me it's called Cortex.
Does anyone knows what it is or how to query against it. Or at least point me to their website.

Thanks again.

Jan 18, 2011 at 11:40 AM
mohdmasd wrote:
However, although I can successfully verify HSM generated PINs using command (DC). I don't this command can verify user selected PINs. My researches suggests that I should generate the PVV and compares them with a PVV store.

I'm not sure what you're referring to. When a cardholder PIN is verified, it's done against the PIN they enter and a PVV. Usually, when the user has not changed their PIN, the PVV is taken from the card (but some systems read the PVV from the card management system database anyway). When a cardholder changes their PIN, the newly generated PVV is written to the card management system and subsequent PIN verifications are done against that PVV (ignoring any PVV written to the card).

AFAIK Cortex is a card management system.

Jan 18, 2011 at 2:06 PM

If I understood then I'd always generate the PVV and verify against the CMS. 'DC' command is unnecessary, right?

Thanks for the link, you're a life saver.

Jan 18, 2011 at 3:00 PM

The PVV is generated only during the card creation and every time the cardholder changes the PIN.

The DC command is not unnecessary at all. It's what will verify cardholder PIN entered at a terminal against the CMS PVV.

Jan 18, 2011 at 8:51 PM
Edited Jan 18, 2011 at 10:01 PM

So it's like this:

my App ---> HSM ---> CMS (or user storage)

If i wanted to load, or change PIN or data I should do so through the HSM, right?

e.g. Command 'CU' (Verify & Generate a VISA PVV) would store a new PVV inside CMS.
Or I think I should do more studying.

Thank for helping.

Jan 18, 2011 at 9:52 PM

That's right. CU is one possible command. The two others are DG (mainly used when the PVV is first generated) and FW.