• Though I could not understand the question completely but let me briefly share the standard way of encryption/decryption in any issuing system using HSM. There are 2 types of keys one is "Key Encryption Key" and the other one is "Data Encryption Key". Examples of KEK --> ZMK, TMK etc Examples of DEK --> PVK, CVK, IWK, ZPK etc. So if we talk about a PIN, when a PIN is received, the PIN block is encrypted under a ZPK.IWK/or AWK depending on the trxn flow, And these keys are normally shared between the 2 entities (Issuer/Scheme/POS Vendor etc) under the ZMK or TMK. So ZMK is used to encrypt another key. When issuer receive the encrypted PIN block, they use IWK to decrypt the same and then use PVK to validate the PIN offset. So PVK is used to validate the Data. Now in Issuing System IWK is stored under the ZMK (can also be stored under the LMK but to decrypt the PIN block issuer will encrypt the key under ZMK and then pass it to HSM to decrypt the PIN block) and PVK will be stored under the LMK. This is really a big topic and I am preparing some tutorials for my youtube channel. Feel free to ask if you have any further question. Regards, Ramesh Chugh

    Answered By:



Ask Question