1. Field of the Invention
The present invention relates to secured transaction systems and more particularly to systems for encrypting a Personal Identification Number (PIN) from a remote site.
2. Description of the Related Art
Systems that are secured for use only by authorized individuals commonly rely upon a PIN that is assigned to, or selected by, the individual and which must be remembered by the individual for use in the system to verify his or her identity as an authorized user. For enhanced security against unauthorized users, a secured system should permit selection of a PIN by the authorized user rather having the PIN be assigned by, or otherwise known to, the authorizing institution that operates the secured system. Additionally, any use made of the PIN by the authorizing institution should ideally be only in encrypted form (i.e., encoded in a manner to mask the PIN) or within a security module so that the PIN of an authorized user is never available in unsecured form or in clear, readable text. Further, where large populations of users must be authorized to use the secured system, each user should be provided with a unique authorization by a scheme that is conducive to mass handling, with little opportunity for error and at low cost. In order to enhance security, the institution operating the secured system usually requires a record signature of the authorized user.
Conventional secured transaction systems typically assign a PIN or require the user to appear in person to select a PIN and to provide other information and the record signature. Alternatively, at least one existing secured transaction system allows the user to select a PIN from a remote location using a paper encryptor which is mailed or otherwise transmitted to the operator of the secured system without compromising the security of the PIN or other information about the user. Such a system is described in U.S. Pat. No. 4,870,683 to Atalla. The procedure described in this patent requires either clear text transfer of the user-selected PIN or that the user have one of the paper encryptors available to encrypt the PIN. Additionally, the user must typically wait several days or longer for the user-selected PIN to be activated by the operator of the secured system before access to the system is allowed.