Skip to content

/AWS1/IF_PCD=>GENERATEPINDATA()

About GeneratePinData

Generates pin-related data such as PIN, PIN Verification Value (PVV), PIN Block, and PIN Offset during new card issuance or reissuance. For more information, see Generate PIN data in the Amazon Web Services Payment Cryptography User Guide.

PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation generates PIN, PVV, or PIN Offset and then encrypts it using Pin Encryption Key (PEK) to create an EncryptedPinBlock for transmission from Amazon Web Services Payment Cryptography. This operation uses a separate Pin Verification Key (PVK) for VISA PVV generation.

Using ECDH key exchange, you can receive cardholder selectable PINs into Amazon Web Services Payment Cryptography. The ECDH derived key protects the incoming PIN block. You can also use it for reveal PIN, wherein the generated PIN block is protected by the ECDH derived key before transmission from Amazon Web Services Payment Cryptography. For more information on establishing ECDH derived keys, see the Generating keys in the Amazon Web Services Payment Cryptography User Guide.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

Method Signature

METHODS /AWS1/IF_PCD~GENERATEPINDATA
  IMPORTING
    !IV_GENERATIONKEYIDENTIFIER TYPE /AWS1/PCDKEYARNORKEYALIASTYPE OPTIONAL
    !IV_ENCRYPTIONKEYIDENTIFIER TYPE /AWS1/PCDKEYARNORKEYALIASTYPE OPTIONAL
    !IO_GENERATIONATTRIBUTES TYPE REF TO /AWS1/CL_PCDPINGENERATIONATTRS OPTIONAL
    !IV_PINDATALENGTH TYPE /AWS1/PCDINTEGERRANGEBETWEEN03 OPTIONAL
    !IV_PRIMARYACCOUNTNUMBER TYPE /AWS1/PCDPRIMARYACCTNUMBERTYPE OPTIONAL
    !IV_PINBLOCKFORMAT TYPE /AWS1/PCDPINBLOCKFMTFORPINDATA OPTIONAL
    !IO_ENCRYPTIONWRAPPEDKEY TYPE REF TO /AWS1/CL_PCDWRAPPEDKEY OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_pcdgeneratepindataout
  RAISING
    /AWS1/CX_PCDACCESSDENIEDEX
    /AWS1/CX_PCDINTERNALSERVEREX
    /AWS1/CX_PCDRESOURCENOTFOUNDEX
    /AWS1/CX_PCDTHROTTLINGEX
    /AWS1/CX_PCDVALIDATIONEX
    /AWS1/CX_PCDCLIENTEXC
    /AWS1/CX_PCDSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_generationkeyidentifier TYPE /AWS1/PCDKEYARNORKEYALIASTYPE /AWS1/PCDKEYARNORKEYALIASTYPE

The keyARN of the PEK that Amazon Web Services Payment Cryptography uses for pin data generation.

iv_encryptionkeyidentifier TYPE /AWS1/PCDKEYARNORKEYALIASTYPE /AWS1/PCDKEYARNORKEYALIASTYPE

The keyARN of the PEK that Amazon Web Services Payment Cryptography uses to encrypt the PIN Block. For ECDH, it is the keyARN of the asymmetric ECC key.

io_generationattributes TYPE REF TO /AWS1/CL_PCDPINGENERATIONATTRS /AWS1/CL_PCDPINGENERATIONATTRS

The attributes and values to use for PIN, PVV, or PIN Offset generation.

iv_pinblockformat TYPE /AWS1/PCDPINBLOCKFMTFORPINDATA /AWS1/PCDPINBLOCKFMTFORPINDATA

The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports ISO_Format_0, ISO_Format_3 and ISO_Format_4.

The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.

The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the fill digits are random values from 10 to 15.

The ISO_Format_4 PIN block format is the only one supporting AES encryption. It is similar to ISO_Format_3 but doubles the pin block length by padding with fill digit A and random values from 10 to 15.

Optional arguments:

iv_pindatalength TYPE /AWS1/PCDINTEGERRANGEBETWEEN03 /AWS1/PCDINTEGERRANGEBETWEEN03

The length of PIN under generation.

iv_primaryaccountnumber TYPE /AWS1/PCDPRIMARYACCTNUMBERTYPE /AWS1/PCDPRIMARYACCTNUMBERTYPE

The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.

io_encryptionwrappedkey TYPE REF TO /AWS1/CL_PCDWRAPPEDKEY /AWS1/CL_PCDWRAPPEDKEY

EncryptionWrappedKey

RETURNING

oo_output TYPE REF TO /aws1/cl_pcdgeneratepindataout /AWS1/CL_PCDGENERATEPINDATAOUT

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->generatepindata(
  io_encryptionwrappedkey = new /aws1/cl_pcdwrappedkey(
    io_wrappedkeymaterial = new /aws1/cl_pcdwrappedkeymaterial(
      io_diffiehellmansymmetrickey = new /aws1/cl_pcdecdhderivationat00(
        iv_certauthoritypublickeyid = |string|
        iv_keyalgorithm = |string|
        iv_keyderivationfunction = |string|
        iv_keyderivationhashalg = |string|
        iv_publickeycertificate = |string|
        iv_sharedinformation = |string|
      )
      iv_tr31keyblock = |string|
    )
    iv_keycheckvaluealgorithm = |string|
  )
  io_generationattributes = new /aws1/cl_pcdpingenerationattrs(
    io_ibm3624naturalpin = new /aws1/cl_pcdibm3624naturalpin(
      iv_decimalizationtable = |string|
      iv_pinvalidationdata = |string|
      iv_pinvationdatapadcharacter = |string|
    )
    io_ibm3624pinfromoffset = new /aws1/cl_pcdibm3624pinfromoff(
      iv_decimalizationtable = |string|
      iv_pinoffset = |string|
      iv_pinvalidationdata = |string|
      iv_pinvationdatapadcharacter = |string|
    )
    io_ibm3624pinoffset = new /aws1/cl_pcdibm3624pinoffset(
      iv_decimalizationtable = |string|
      iv_encryptedpinblock = |string|
      iv_pinvalidationdata = |string|
      iv_pinvationdatapadcharacter = |string|
    )
    io_ibm3624randompin = new /aws1/cl_pcdibm3624randompin(
      iv_decimalizationtable = |string|
      iv_pinvalidationdata = |string|
      iv_pinvationdatapadcharacter = |string|
    )
    io_visapin = new /aws1/cl_pcdvisapin( 123 )
    io_visapinverificationvalue = new /aws1/cl_pcdvisapinverificat00(
      iv_encryptedpinblock = |string|
      iv_pinverificationkeyindex = 123
    )
  )
  iv_encryptionkeyidentifier = |string|
  iv_generationkeyidentifier = |string|
  iv_pinblockformat = |string|
  iv_pindatalength = 123
  iv_primaryaccountnumber = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_keyarn = lo_result->get_generationkeyarn( ).
  lv_keycheckvalue = lo_result->get_generationkeycheckvalue( ).
  lv_keyarn = lo_result->get_encryptionkeyarn( ).
  lv_keycheckvalue = lo_result->get_encryptionkeycheckvalue( ).
  lv_encryptedpinblocktype = lo_result->get_encryptedpinblock( ).
  lo_pindata = lo_result->get_pindata( ).
  IF lo_pindata IS NOT INITIAL.
    lv_pinoffsettype = lo_pindata->get_pinoffset( ).
    lv_verificationvaluetype = lo_pindata->get_verificationvalue( ).
  ENDIF.
ENDIF.