Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!mailrus!accuvax.nwu.edu!nucsrl!telecom-request
From: msa3b!kevin@gatech.edu (Kevin P. Kleinfelter)
Newsgroups: comp.dcom.telecom
Subject: Re: ATM at Retailers (was: Voice Mail Passwords)
Message-ID: <12622@accuvax.nwu.edu>
Date: 25 Sep 90 16:27:43 GMT
Sender: news@accuvax.nwu.edu
Organization: Management Science America, Inc., Atlanta, GA
Lines: 23
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 680, Message 6 of 10


motcid!king@uunet.uu.net (Steven King) writes:


>In article <12439@accuvax.nwu.edu> kaufman@Neon.Stanford.EDU (Marc T.
>Kaufman) writes:

>>You are not giving your PIN number to the merchant.  The PIN is
>>encrypted (mixed with your bank card number) in a ONE WAY algorithm by
>>a chip that is in the PIN pad itself.  The plaintext PIN never sees
>>the light of day.

>A one way algorithm?  Pray, how does the bank decode it to verify you?
>A gigantic lookup table?

One way encryption is very common.  You store the encrypted PIN on the
card.  Then when the user enters his PIN, it is encrypted using the
same algorithm.  If the two encrypted PINs match, the original PINs
were the same.


Kevin Kleinfelter @ Dun and Bradstreet Software, Inc (404) 239-2347
{emory,gatech}!nanovx!msa3b!kevin