Problem on VerifyTerminalPinUsingComparisonMethod

Jul 13, 2011 at 11:36 AM


I'm using the host command VerifyTerminalPinUsingComparisonMethod and found out that the comparison is incorrect.

Since we compare both PIN in clear, no need to add "0". Therefore, the code should be


            'Current implementation just trims the leading zero, added here again.
            'Dim clearDBPIN As String = "0" + DecryptPINUnderHostStorage(_pinDatabase)
            Dim clearDBPIN As String = DecryptPINUnderHostStorage(_pinDatabase)

Also, the name of the file should be VerifyInterchangePinUsingComparisonMethod_BC.vb instead of VerifyInterchangePinUsingComparisonMethod_BE.vb.

Best regards,



Jul 13, 2011 at 6:49 PM

This is a topic of some confusion to readers of the simulator code. We don't compare the PIN in the clear but the PIN of the PIN block against the PIN encrypted under LMK 02-03. For this, the simulator implementation just adds a leading 0 to the PIN, hence the code you see. To make sense out of this, you first run a JA command and use the output of that with the BC or BE commands. In short, the implementation of PIN encrypted under LMK 02-03 is consistent throughout the simulator code but not coded as Thales does it internally.

I think that _BE is the correct file ending. BC is used to verify a terminal PIN. BE verifies an interchange PIN.

Jul 14, 2011 at 3:24 AM

I think that we should compare PIN of the PIN Block against the PIN that is encrypted under LMK, not the encrypted PIN itself.


For the file name, you are correct. My mistake, I did not see two files there.

Jul 14, 2011 at 8:33 AM

That's what the simulator actually does. The confusing part is that the PIN encrypted under LMK under the simulator is actually the PIN itself preceded by a zero.

Apr 18, 2013 at 6:39 AM
Edited Apr 18, 2013 at 6:43 AM
Requesting your help for a simple pin validation using thales simulator.

Below is the process i follow for using thales simulator
 * Please point my mistakes
  1. Generated a random pin for the card Number : 5239512524895006 : Considering acct No as : 951252489500
        sample pin generated for the acct is 6627 and 06627 
        acctNo = "951252489500"
  2. Generate a key using A0
    Key generated (LMK):DF4216452CAC9E6672BF185B5A904403 
    Check value: 932ECC))
  3. HC to generate a session key using Key generated (LMK)
    New key (TMK): U 77F71F1B41F05FD551FAB0903A1C09A9
    New key (LMK): U B7AA1FD0661DC76714C94A7550ED5F9A
  4. Now i generated a pin block for pin 6627 using New key (TMK). This is done by encrypted keypad.
    pin block generated by EPP : 1875C09B117BB1DA
    pinBlk = "1875C09B117BB1DA"
  5. Now i try to validate PIN using BC command
command = "0004BC" + New key (LMK) + pinBlk + "01" + acctNo + "06762";

i get an exception while calculating key length.Below is the exception

Parameter name: length
at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
at System.String.Substring(Int32 startIndex, Int32 length)
at ThalesSim.Core.PIN.PINBlockFormat.ToPIN(String PINBlock, String AccountNumber_Or_PaddingString, PIN_Block_Format Format) in C:\venkat\test\learnings\HSM\ThalesSim\ThalesCore\PIN\PINBlockFormat.vb:line 180
at ThalesSim.Core.HostCommands.BuildIn.VerifyTerminalPinUsingComparisonMethod_BC.ConstructResponse() in C:\venkat\test\learnings\HSM\ThalesSim\ThalesCore\HostCommands\BuildIn\VerifyTerminalPINUsingComparisonMethod_BC.vb:line 93
at ThalesSim.Core.ThalesMain.WCMessageArrived(WorkerClient sender, Byte[]& b, Int32 len) in C:\venkat\test\learnings\HSM\ThalesSim\ThalesCore\ThalesMain.vb:line 780