The present invention relates to systems and methods for creating a PIN (personal identification number). The invention has utility in many circumstances, such as where a consumer selected PIN is entered at a non-secure device. As an example, a non-secure device could be a personal computer running a web-based application.
PINs are used widely to provide security in various transactions, such as ATM, credit card, and other financial transactions. There are various reasons why a consumer may, from time to time, change or select his or her own PIN. As one example, the PIN may have been initially assigned by a financial institution and the consumer (e.g., bank customer or the like) may desire to change the PIN to numbers or characters that are more easily remembered by the consumer.
The handling of PINs within a financial institution are subject to stringent security measures, to avoid being improperly disclosed or misused. Many of these security measures have been formalized into industry standards, such as ISO 9564. Among other things, such standards require that when PINs are stored at a financial institution's host computer, they must always be stored in an encrypted form, so that even if the host is compromised (e.g., an unauthorized person gets access), the actual PINs would not be recognizable.
An encrypted PIN stored at a financial host is often referred to as a PIN offset. The PIN offset is a string of characters calculated by combining and encrypting both the consumer account number (often referred to as a PAN or Primary Account number) and the actual PIN. It is irreversible (it cannot be mathematically reversed or de-combined to yield the PIN without a private encryption key).
The security and handling of encrypted PINs within the host system (at the financial institution) is typically performed by a system referred to as a host security module (HSM). For example, the HSM receives an encrypted PIN (e.g., transmitted from a financial terminal where a transaction is being attempted by a consumer), receives the stored PIN offset from financial host, decrypts the transmitted/encrypted PIN and compares it to the stored PIN offset, and then either validates or invalidates the transaction based on the comparison.
The HSM will not accept unencrypted PINs when it operates in its secure mode (when it is in its normal, secure operating condition and is receiving, decrypting, comparing and validating PINS), since there must be a high degree of security and PINs must not be exposed (other than to the HSM) during such operation. The HSM may be selected for a non-secure or “administrative” mode of operation, when it can receive unencrypted PINs, but such mode is the exception (it makes the financial host vulnerable to unauthorized access), and requires manual intervention (e.g., to operate in the administrative mode, it is common to require that two or more different employees to be present, with each having a different key that is separately inputted). There are currently many commercially available HSM systems that may be programmed to operate as just described, with examples being the Host Security Modules 7000 and 8000, sold by Thales e-Security, Inc., Weston, Fla.
The high degree of security surrounding the handling of PINs, such as at an HSM, can make it difficult for a consumer to create a new PIN. Either the PIN must be encrypted into a compatible form that can be accepted by the HSM, or the HSM must be put in a non-secure state. In order to properly encrypt the PIN using encryption techniques and keys compatible with the HSM, the consumer must enter the new PIN at a secure PIN pad device (i.e., a device designed specifically for entry and encryption of PINs), usually located at a bank or other secure location. While this may be feasible if the consumer is at an ATM, bank branch or similar location having a PIN pad, it is not feasible if the consumer desires to change the PIN at a location where there is no secure PIN pad, e.g., when the consumer wants to use a personal computer at home. If the consumer is not using a secure PIN pad, then the financial institution must manually put the HSM into a non-secure mode and, for example, have an employee take the consumer's new PIN and enter it into the financial host while the HSM is in the non-secure mode.