Browse Prior Art Database

Method for Controlling Pin Reformat via a Reformat Field in a Control Vector

IP.com Disclosure Number: IPCOM000104186D
Original Publication Date: 1993-Mar-01
Included in the Prior Art Database: 2005-Mar-18
Document File: 4 page(s) / 143K

Publishing Venue

IBM

Related People

Johnson, DB: AUTHOR [+4]

Abstract

Described is a method for controlling allowed PIN reformats from a first PIN block format to a second PIN block format. A PIN Reformat instruction provides for a first encrypted PIN block in a first format to be reformatted to a second encrypted PIN block in a second format. Reformat is under control of a PIN Reformat bit table of 1's and 0's. Each row in the table corresponds to an input PIN block format and each column in the table corresponds to an output PIN block format. That is, a "1" bit at the intersection of row i and column j indicates that PIN format i can be reformatted to PIN format j, whereas a "0" bit at the intersection of row i and column j indicates that the reformat is not allowed.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 41% of the total text.

Method for Controlling Pin Reformat via a Reformat Field in a Control Vector

      Described is a method for controlling allowed PIN reformats
from a first PIN block format to a second PIN block format.  A PIN
Reformat instruction provides for a first encrypted PIN block in a
first format to be reformatted to a second encrypted PIN block in a
second format.  Reformat is under control of a PIN Reformat bit table
of 1's and 0's.  Each row in the table corresponds to an input PIN
block format and each column in the table corresponds to an output
PIN block format.  That is, a "1" bit at the intersection of row i
and column j indicates that PIN format i can be reformatted to PIN
format j, whereas a "0" bit at the intersection of row i and column j
indicates that the reformat is not allowed.

      The PIN reformat bit map table allows a customer to tailor the
PIN reformat function according to the particular PIN processing
requirements imposed by a network.  The potential security exposure
of concern is that some PIN block formats are deemed more secure than
others, since it is more difficult for an adversary to construct a
dictionary of plain and encrypted PINs with some PIN block formats
than with others [1].  Thus, a general capability to reformat
encrypted PIN blocks from one PIN block format to another may
unnecessarily weaken the strength inherent in using a certain PIN
block format and allow an avenue of attack.  An insider adversary
will, it must be assumed, reformat received encrypted PIN blocks to
the PIN block format that is the most feasible to subvert.
Therefore, the PIN reformat bit map table affords system owners a
method to disallow unnecessary PIN reformats and expose only those
that are required.  This is a good policy in any case, since limiting
the potential for attack is always a good precautionary measure and
follows the principle of limited function, i.e., giving an employee
the abilities to accomplish his job and no more.

      Fig. 1 illustrates a cryptographic facility 1 (CF) capable of
executing a set of cryptographic instructions in crypto instruction
execution engine 2 (CIEE), a key storage 3 (KS), cryptographic
facility access program 4 (CFAP), and application programs 5 (APPL).

      The process of initializing the PIN reformat bit map table
consists of the following steps.  The bit map table is first prepared
off-line by authorized installation personnel.  The bit map table is
then converted into a string of hexadecimal digits, by processing the
bits from left to right and top to bottom.  The so-produced
hexadecimal digits are entered into the cryptographic facility 1 via
a hand held key entry device 11 (KEY PAD) attached to the
cryptographic facility via a protected front panel interface 12.  The
entered bit map table is temporarily stored in storage register 13.
Methods for validating the bit map table in storage register 13 may
be used to ensure that the bit map table is correct bef...