Cryptography Reference
In-Depth Information
How Does the PIN Work?
This section will first of all bring you to the technical state-of-the-art up to
1997. I will then discuss the migration at the turn of 1997/1998 further below
in an effort to represent the differences in a simpler way.
How does the bank create a PIN? Banks most frequently use a system developed
by IBM called the MM protection method (see Meyer and Matyas [MM]).
The bank takes
the last four digits of the bank code;
the customer's account number padded to 10 digits; and
a one-digit card sequential number.
These 15 decimal digits together produce a theoretical result of 10 15 or approxi-
mately 2 50 possibilities, i.e., the customer data easily fits in a 64-bit block. The
bank DES-encrypts this block with a strictly secret key, the so-called PIN key .
The bank takes two bytes from the cipher to deterministically produce the PIN;
sometimes (or always, I don't know), the bank adds an offset. In [Wcf], Anderson
states that this offset serves to produce a more easily remembered number.
In Germany, all ATMs are online-connected to the corresponding bank com-
puter. This means that the PIN key does not leave the high-security tract. The
security module that contains this key can be opened only in the presence of
two persons.
The PIN key is the vulnerability in this method. This is presumably the rea-
son why it is secret-split and fed into the system by at least two employees
independently of one another.
However, this is not quite sufficient. What happens when you withdraw cash
at an Italian ATM using your ATM card from a German bank? This ATM is
not online-connected to the pertaining computer.
To this end, every bank generates three pool keys . These pool keys are used
to create three additional PINs. The difference to the 'basic PIN' is included
in the card's magnetic strip. The foreign ATM knows only one of these three
pool keys of that German bank. So it can verify the PIN the customer types in
without having to be connected online to the German bank.
These three pool keys are changed regularly; entries that became invalid in the
meantime will be deleted from the card by the ATM.
Search WWH ::




Custom Search