Re: (getting off topic) Re: ATM card pins

Alex Alten (Andrade@netcom.com)
Fri, 07 Aug 1998 21:10:04 -0700

• Next message: Alex Alten: "Re: ATM card pins"
• Previous message: Mike Acpizer: "Re: VirtualAlloc until the non-swappable memory driver gets written"
• In reply to: Mike Stay: "VirtualAlloc until the non-swappable memory driver gets written"
• Next in thread: Daniel R. Oelke: "RE: (getting off topic) Re: ATM card pins"

At 11:07 AM 8/7/98 -0400, Brian Mancuso wrote:
>: Chris is right. It is single DES. The PIN is encrypted right in the box
>: where the PIN keypad is attached.
>
>Not all banks use this method of PIN authentication, mine in particular.
>The PIN of my ATM card must be encoded on my card, for the following
>reasons:
>

You're also right. There are two possible mechanisms; offline and online.
In offline, the PIN is encrypted on the magnetic strip with a key stored
in the ATM or it is a cryptographic function of the account number. The
PIN entered via the secure keypad which is then compared against the
decrypted PIN from the card by the ATM security module (Atalla box) at
the ATM itself. This allows offline operation, an important consideration
25 years ago when most banks were not connected to the interchange network.

- Alex

--
Alex Alten
Andrade@Netcom.Com  (home--old)
Alten@Home.Com      (home--new)
Alten@TriStrata.Com (work)                
P.O. Box 11406
Pleasanton, CA  94588  USA
(510) 417-0159

• Next message: Alex Alten: "Re: ATM card pins"
• Previous message: Mike Acpizer: "Re: VirtualAlloc until the non-swappable memory driver gets written"
• In reply to: Mike Stay: "VirtualAlloc until the non-swappable memory driver gets written"
• Next in thread: Daniel R. Oelke: "RE: (getting off topic) Re: ATM card pins"