The present invention relates to data processing, and more specifically, to enhancing security of personal identification numbers (PINs).
A PIN is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, a PIN is a quantity derived from a function of an account number and a PIN generating cryptographic key, and other inputs, such as a decimalization table. This derived quantity is used by an individual to identify himself/herself to the system. Generally, the user is required to provide a non-confidential user identifier (a user ID) and a confidential PIN to gain access to the system. Upon receiving the user ID and the PIN, the system looks up the PIN based upon the user ID and compares the looked-up PIN with the received PIN. The user is granted access only when the number entered matches with the number stored in the system.
Typically, PINs for payment cards are generated by encrypting the card number under a secret key held securely by a payment card issuing entity, such as a bank. The encryption produces a hexadecimal value with digits in the range 0 to 9 and A to F. A PIN decimalization table is then used to convert the hexadecimal value to a PIN with digits in the range 0 to 9, for instance mapping A to 0, B to 1. When a transaction is authorized, the PIN is verified when the entity's software sends the encrypted PIN to a hardware security module (HSM), which then indicates whether the PIN was correct or not. Some HSMs require the entity's software to send the PIN decimalization table to the HSM, which is often located at the entity. Thus, a PIN decimalization table attack is the technique where a corrupt entity insider, such as a computer programmer, with access to the entity's HSM, manipulates the PIN decimalization table in order to guess the PIN quicker than should otherwise be possible.
One approach to reducing an occurrence of the PIN decimalization table attack has been to cryptographically protect the PIN decimalization table input so that only authorized PIN decimalization table can be used i.e. specify an approved set of PIN decimalization tables for the HSM. However, using encryption to protect PIN decimalization tables prohibits revocation of decimalization tables, such as during a security breach. Further, encrypted PIN decimalization tables are not transparent to the software application because the software application must possess the encrypted version of the PIN decimalization table and the encryption key used to encrypt the PIN decimalization table generally cannot be changed without impact on the software application and its data. Also, application programming interface (API) calls to the HSM may need new or modified parameters upon use of a new or a modified encrypted PIN decimalization table.