Browse Prior Art Database

Secure Indication of operating Modes of Encrypting Pin Pads (EPP) used in automatic Teller Machines (ATM) .

IP.com Disclosure Number: IPCOM000016059D
Original Publication Date: 2002-Jul-12
Included in the Prior Art Database: 2003-Jun-21
Document File: 2 page(s) / 61K

Publishing Venue

IBM

Abstract

Problem:

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

  Secure Indication of operating Modes of Encrypting Pin Pads (EPP) used in automatic Teller Machines (ATM) .

Problem:

Encrypting Pin Pads (EPP) are used in automatic teller machines (ATM) for entering the personal identification number (PIN). In addition the EPPs are used to enter the amount the user of the ATM wants to withdraw from his account because most ATMs do not have a separate keyboard with numerical keys.

The first operation mode is called "PIN entry mode".

It is used for user identification by entering the personal identification number (PIN). The PIN will be encrypted inside the EPP and transmitted in encrypted form for further usage.

The second mode is called "Amount entry mode".

During this mode the EPP expects that the user enters the amount he wants to withdraw from his account. The data entered will be transmitted in a clear (non encrypted) data format.

Encrypting Pin Pads (EPP) are able to switch between this two different operation modes during a transaction.

For the user it is not visible in which mode the EPP is currently operating, because the EPPs used in ATMs don't have an integrated display controlled by the EPP to guide the user through the transaction. For user guidance the display of the ATM is used which is controlled by the application program of the ATM. This application program also controls the EPP and can switch between the two different operating modi of the EPP.

An faked application program can switch the EPP into the amount entry mode and can request the user to enter his PIN. In this case the user's PIN will be transmitted in clear by the EPP and can be easily collect...