VerifyPinData
Verifies pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624. For more information, see Verify PIN data in the AWS Payment Cryptography User Guide.
This operation verifies PIN data for user payment card. A card holder PIN data is never transmitted in clear to or from AWS Payment Cryptography. This operation uses PIN Verification Key (PVK) for PIN or PIN Offset generation and then encrypts it using PIN Encryption Key (PEK) to create an EncryptedPinBlock for transmission from AWS Payment Cryptography.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the AWS Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different AWS accounts.
Related operations:
Request Syntax
POST /pindata/verify HTTP/1.1
Content-type: application/json
{
"DukptAttributes": {
"DukptDerivationType": "string",
"KeySerialNumber": "string"
},
"EncryptedPinBlock": "string",
"EncryptionKeyIdentifier": "string",
"PinBlockFormat": "string",
"PinDataLength": number,
"PrimaryAccountNumber": "string",
"VerificationAttributes": { ... },
"VerificationKeyIdentifier": "string"
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- DukptAttributes
-
The attributes and values for the DUKPT encrypted PIN block data.
Type: DukptAttributes object
Required: No
- EncryptedPinBlock
-
The encrypted PIN block data that AWS Payment Cryptography verifies.
Type: String
Length Constraints: Minimum length of 16. Maximum length of 32.
Pattern:
[0-9a-fA-F]+Required: Yes
- EncryptionKeyIdentifier
-
The
keyARNof the encryption key under which the PIN block data is encrypted. This key type can be PEK or BDK.Type: String
Length Constraints: Minimum length of 7. Maximum length of 322.
Pattern:
arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+Required: Yes
- PinBlockFormat
-
The PIN encoding format for pin data generation as specified in ISO 9564. AWS Payment Cryptography supports
ISO_Format_0andISO_Format_3.The
ISO_Format_0PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.The
ISO_Format_3PIN block format is the same asISO_Format_0except that the fill digits are random values from 10 to 15.Type: String
Valid Values:
ISO_FORMAT_0 | ISO_FORMAT_3Required: Yes
- PinDataLength
-
The length of PIN being verified.
Type: Integer
Valid Range: Minimum value of 4. Maximum value of 12.
Required: No
- PrimaryAccountNumber
-
The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.
Type: String
Length Constraints: Minimum length of 12. Maximum length of 19.
Pattern:
[0-9]+Required: Yes
- VerificationAttributes
-
The attributes and values for PIN data verification.
Type: PinVerificationAttributes object
Note: This object is a Union. Only one member of this object can be specified or returned.
Required: Yes
- VerificationKeyIdentifier
-
The
keyARNof the PIN verification key.Type: String
Length Constraints: Minimum length of 7. Maximum length of 322.
Pattern:
arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"EncryptionKeyArn": "string",
"EncryptionKeyCheckValue": "string",
"VerificationKeyArn": "string",
"VerificationKeyCheckValue": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- EncryptionKeyArn
-
The
keyARNof the PEK that AWS Payment Cryptography uses for encrypted pin block generation.Type: String
Length Constraints: Minimum length of 70. Maximum length of 150.
Pattern:
arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64} - EncryptionKeyCheckValue
-
The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
AWS Payment Cryptography computes the KCV according to the CMAC specification.
Type: String
Length Constraints: Minimum length of 4. Maximum length of 16.
Pattern:
[0-9a-fA-F]+ - VerificationKeyArn
-
The
keyARNof the PIN encryption key that AWS Payment Cryptography uses for PIN or PIN Offset verification.Type: String
Length Constraints: Minimum length of 70. Maximum length of 150.
Pattern:
arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64} - VerificationKeyCheckValue
-
The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
AWS Payment Cryptography computes the KCV according to the CMAC specification.
Type: String
Length Constraints: Minimum length of 4. Maximum length of 16.
Pattern:
[0-9a-fA-F]+
Errors
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 403
- InternalServerException
-
The request processing has failed because of an unknown error, exception, or failure.
HTTP Status Code: 500
- ResourceNotFoundException
-
The request was denied due to an invalid resource error.
HTTP Status Code: 404
- ThrottlingException
-
The request was denied due to request throttling.
HTTP Status Code: 429
- ValidationException
-
The request was denied due to an invalid request error.
HTTP Status Code: 400
- VerificationFailedException
-
This request failed verification.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
