This algorithm generates an intermediate PIN based on the specified
validation data. A part of the intermediate PIN is adjusted by adding
an offset data. A part of the result is compared with the corresponding
part of the customer-entered PIN.
The algorithm requires the following input parameters:
- A 64-bit validation data
- A 64-bit decimalization table
- A 128-bit PIN-verification key
- A 4-bit PIN check length
- An offset data
- A customer-entered PIN
The rightmost m digits of the offset data form the PIN offset,
where m is the PIN check length.
- The validation data is enciphered using the PIN verification key.
Each digit of the enciphered validation data is replaced by the digit
in the decimalization table whose displacement from the leftmost digit
of the table is the same as the value of the digit of enciphered validation
data.
- The leftmost n digits of the result is added (modulo 10) to the
offset data value, where n is the length of the customer-entered PIN.
The modulo 10 addition ignores carries.
- The rightmost m digits of the result of the addition operation
form the PIN check number. The PIN check number is compared with the
rightmost m digits of the customer-entered PIN. If they match, PIN
verification is successful; otherwise, verification is unsuccessful.
When a nonzero PIN offset is used, the length of the customer-entered
PIN is equal to the assigned PIN length.
Figure 1 illustrates the PIN verification
algorithm.
Figure 1. PIN Verification Algorithm