Point of sale (POS) personal identification number (PIN) security

摘要

A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor.

主权项

1. A system comprising:
a processor configured to communicate with a merchant data center; and a data storage device including a computer-readable medium having computer readable code for instructing the processor, and when executed by the processor, the processor performs operations comprising: putting a personal identification number (PIN) into a PIN block; generating additional random data; putting the additional random data into the PIN block; encrypting the entire PIN block including the PIN and the additional random data using asymmetric cryptography, wherein:
encrypting the PIN block uses a public key stored in the data storage device;decrypting the PIN block to retrieve the PIN uses a private key corresponding to the public key, wherein the private key is not accessible from the processor or the data storage device; andthe encrypted additional random data defends the encrypted PIN block against dictionary attacks.