Current encryption methods for communicating information between parties require that the communicating parties are able to recognize each other aside from the encrypted message. In other words, the communicating parties need to be able to verify that they are truly communicating with whom they think they are communicating. Often, current systems rely on Certification Authorities (CA's) to verify the identity of each party and to transfer secret keys to encode communications. Use of third parties to verify identities, however, presents a “man-in-the-middle” problem, whereby the man in the middle has access to secret information in the clear.
Limitations of the current system include aspects of public key cryptography and the man-in-the-middle problem. The current system was designed as a general-purpose system in which the personal identification number (PIN) that is to be protected is given no more consideration than any other message. In such systems, secret keys must be initialized for all devices that participate in a communication. Procedures for initializing and distributing the keys are part of a key management system, which is also responsible for physically securing the keys.
The initialization procedure is a highly secretive one and relies on a master key at the top of a hierarchy. This procedure requires a special, secure environment and entrusted officers to perform the procedure. These requirements present a logistical problem, because the initialization must be done on every peripheral that handles the PIN. For these reasons, the PIN is not protected, for example, in home banking, as it is in automated teller machines (ATMs). Nor is such protection extended to other services provided by peripherals that are not readily accessible.
Even with all precautions, such a system cannot ensure complete secrecy and security. Between an input device, for example, where a customer enters her PIN and the bank system where the PIN is verified, a number of intermediate systems are involved. By necessity, the involvement of these intermediate systems results in the sharing of the secret keys on the borders of each of these systems' control or “jurisdiction.” In sharing the secret keys and responsibilities, these intermediate systems present a security problem, because the PIN is decrypted with one key and encrypted again with another and appears in the clear.
In summary, the current system is expensive and yet inadequate in both logistics and security. Proposals to simplify the logistics of the key initialization procedure by using public key cryptography address one problem, namely, the initialization of system keys and introduces another problem of the same nature, namely, the initialization of public keys. These problems persist as long as the system is a general purpose one in which the PIN is not given special consideration and the prior knowledge of the communicating parties is ignored. However, even if such proposals to simplify the logistics were implemented, the system would remain fragmented and would not be an end-to-end system.