You've correctly identified that a Custom Data Identifier is the way to go on this. I believe the prefix validation that you're using (there are a few ways to do that) is looking at the beginning of the matched string (not the characters preceding the matched string as you would think), hence you still detect on that last example.
What you need is a Custom Script Validator on that DI to check your prefix. I've done these scripts for many reasons, usually for tuning on standard CCN and SSN identifiers.
If I had to take a quick guess, I'd think your script validator would look something like this:
$prefixLength = datalength($matchPrefix);
if ($prefixLength == 10)
{
$chkValue = getStringValueAt($matchPrefix, 0x6, 3);
assertFalse($chkValue == 'inn');
}
That's completely untested, unverified, etc. Just basing it on scripts I've written before, so use at your own risk, and test/tweak as necessary. Do the board a favor and post the final code up here as well when you're done.
Regards,
~Keith