Alex Alten (Andrade@netcom.com)
Thu, 06 Aug 1998 23:45:18 -0700
Chris is right. It is single DES. The PIN is encrypted right in the box
where the PIN keypad is attached. It is decrypted at the acquirer bank's
security module for re-encryption under an interchange key before being
sent off to the issuing bank's security module. I believe the latest
technique is to now send an encrypted hash of the PIN and account
number. This way not even the PIN is in the clear anywhere after it
leaves the EFT/ATM terminal either in the interchange or within the
issuer's secure databases.
- Alex
At 02:25 PM 8/7/98 +0000, Chris Liljenstolpe wrote:
>single DES, just like everything else in the financial world... Each ATM
>has it's own key...
>
> Chris
>
>
>--On Thursday, 06 August, 1998, 12:26 -0700 someone claiming to be bram
><bram@gawth.com> scribed:
>
>> On Thu, 6 Aug 1998, Daniel R. Oelke wrote:
>>
>>> In fact, if I'm remembering right, the ATM send the PIN to the bank
>>> encrypted such that the clearing house doesn't see it.
>>
>> Hmmm, I wonder how good THAT encryption is.
>>
>> -Bram
>
>
>
>--
>Chris Liljenstolpe - Network Engineer, NOC - McMurdo Station Antarctica
>Antarctic Supt. Assoc. - under contract to USAP, Nat. Science Foundation OPP
>mailto:cds@mcmurdo.gov TEL: +1 509 689 6270 FAX: +1 509 689 6293
>PSC 469, Box 700, APO AP 96599-5700 USA Lat: 77 50 53 S Long: 166 40 06 E
>
>
>
--Alex Alten
Andrade@Netcom.Com (home--old) Alten@Home.Com (home--new) Alten@TriStrata.Com (work)
P.O. Box 11406 Pleasanton, CA 94588 USA (510) 417-0159
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:56