The present invention relates generally to improvements in the methods and apparatus used to encrypt a consumer""s personal identification number (PIN) or other data for use in financial and retail transactions, as well as other transactions where secure data transfer is desired. In particular, the invention relates to advantageous methods of implementing low cost, portable encryption apparatus allowing flexibility in changing the encryption algorithm, the encryption keys, and the like.
Financial and retail transaction systems have traditionally employed custom built encryption devices for use in the entry, storage and encryption of customer PINs. PIN devices are utilized in automated teller machines (ATMs), point-of-sale (POS) systems, consumer transaction terminals (CTT), and the like. Such PIN devices are used to allow consumers and other users to enter PINs for identification and authorization purposes. In the prior art, the design of such PIN devices generally incorporate custom circuitry to perform the encryption of the entered PIN. The most common means for PIN encryption is to utilize custom application specific integrated circuits (ASICs) or dedicated microprocessors to perform the encryption function. Although the use of ASICs or microprocessors allow great flexibility in the design of such devices, the unit cost of these devices can be substantial. Also, the ASIC designs themselves are often poorly maintained because the original ASIC designer may not be responsible for future updates, or because the ASIC design itself may be poorly documented. As a result, a given ASIC may need to be redesigned each time a change in the cryptography methodology is desired.
Consumers are advised to protect the integrity of their PINs by choosing non obvious numbers, and by committing the numbers to memory. However, the consumer cannot maintain absolute security of their PINs once the numbers are utilized in the completion of a transaction such as those described above. It is possible for a third party to electronically eavesdrop on a consumer by physically tapping the data lines leading from a PIN device, or by monitoring the electromagnetic radiation emitted by the PIN device. This problem is compounded as the systems that utilize PIN entry devices become physically smaller. For instance, a large ATM may be mounted behind a secure exterior wall or partition. In contrast, a CTT comprising a PIN entry device, or a PIN entry device connected to a POS terminal, may be quite small, and the device may be located in a public location which is not secure.
The present invention recognizes that there exists a need in a variety of contexts for methods and apparatus for storing and encrypting PIN data, or other data, in a non custom, programmable device such as a smart card, or the like, for use in a wide range of applications including financial or retail transaction systems. Such a device may advantageously be used to store a PIN encryption algorithm, encryption keys and other related algorithms. Such an apparatus also allows the encryption algorithm and encryption keys to be readily changed by authorized users. In another aspect, the methods described also advantageously allow the encryption device to authenticate the identity of other devices, such as a key initialization device and a key loading device, as well as to identify itself to other devices.