|
Overview
When a card holder enters his PIN, the information is first encoded into a plain text PIN block,
derived from the PIN length, the PIN digits, a portion of the PAN (primay account number) and padding.
The plain text PIN block is then encrypted using a standard algorithm.
Security
PIN numbers are entered on a PIN entry device, which provides a trusted and secure environment.
Such devices are tamper resistant and responsive,
which means that they can detect and respond to attempts to retreive sensitive data.
Security measures include encapsulating membranes, potting, physical sensors,
secure microcontrollers and software countermeasures.
The tamper response is erasure of protected data and the disabling of the device.
ISO-0 PIN block format
The ISO-0 PIN block format consists of the PIN length, PIN digits, and 'F' character padding,
exclusive-ORed with the rightmost 12 PAN digits, excluding the check digit.
For example, for PIN 1234, PAN 4987654321098765, we need to work out 04.1234.FFFFFFFFFF XOR 0000.765432109876 which gives us 0412.42AB.CDEF.6789.
Some PIN block encryption standards
| Standard | Mechanism | PIN block format | Encryption
|
|---|
| ANS X9.8 (1995) | MK/SK | ISO-0 | DES
| | ANS X9.8 (2003) | MK/SK | ISO-0 | triple DES
| | ANS X9.24 (1998) | DUKPT | ISO-0 | DES
| | ANS X9.24 (2004) | DUKPT | ISO-0 | triple DES
|
Abbreviations
| DES | Data encryption standard
| | DUKPT | Derived unique key per transaction
| | HSM | Hardware security module
| | MK/SK | Master key / session key
| | PAN | Primary account number
| | PED | PIN entry device
| | PIN | Personal identification number
| | TRSM | Tamper resistant/responsive security module
|
|
resources.
Save to
Call progress, handshake and data analyzer for V.22bis dial-up systems 
