Browse Prior Art Database

Method for Employing Dynamic PIN Encrypting Keys Generated via a PIN Translate Instruction and Input to a PIN Verify Instruction

IP.com Disclosure Number: IPCOM000108942D
Original Publication Date: 1992-Jul-01
Included in the Prior Art Database: 2005-Mar-23
Document File: 3 page(s) / 123K

Publishing Venue

IBM

Related People

Abraham, D: AUTHOR [+6]

Abstract

This article describes a method for employing dynamic PIN encrypting keys as a vehicle for encrypting the output PIN block of a PIN translate instruction such that the encrypted PIN block is useful only as an input to a PIN Verify instruction. The method provides for a very secure intermediate output from the PIN Translate instruction, which thwarts insider attacks aimed at using the output of the PIN Translate instruction for constructing a dictionary of known encrypted PIN values.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Method for Employing Dynamic PIN Encrypting Keys Generated via a PIN Translate Instruction and Input to a PIN Verify Instruction

       This article describes a method for employing dynamic PIN
encrypting keys as a vehicle for encrypting the output PIN block of a
PIN translate instruction such that the encrypted PIN block is useful
only as an input to a PIN Verify instruction.  The method provides
for a very secure intermediate output from the PIN Translate
instruction, which thwarts insider attacks aimed at using the output
of the PIN Translate instruction for constructing a dictionary of
known encrypted PIN values.

      Fig. 1 illustrates a cryptographic facility (CF) 1 capable of
executing a set of cryptographic instructions in crypto instruction
execution engine (CIEE) 2, a key storage (KS) 3, cryptographic
facility access program (CFAP) 4, and application programs (APPL) 5.
A typical sequence of steps involved in translating an encrypted PIN
block from a first PIN block format to a second PIN block format can
be traced.  An application program 5 issues a PINTRANS 6 macro
instruction to CFAP 4, which, in turn, issues a PIN translate (PINT)
7 instruction to the CF 1.

      The input parameters of the PINT instruction are informat,
outformat, enc.pin, enc.KPE1, enc.KPE2, C1, C2, and mode.  Informat
is an 8-bit code indicating the type of input pin format, outformat
is a 8-bit code indicating the type of output pin format, enc.pin is
a 64-bit encrypted PIN of the form eKPE1(PIN), enc.KPE1 is a 64-bit
encrypted key KPE1 of the form e*KM.C1(KPE1), enc.KPE2 is a 64-bit
encrypted key KP2 of the form e*KM.C1(KPE2), which is specified only
if mode = 0 is specified, C1 is a 64-bit control vector for key KPE1,
C2 is a 64-bit control vector for key KPE2, and mode is a mode
parameter specifying the type of output desired.

      The output parameters are reenc.pin and enc.KPE3. reenc.pin is
a 64-bit encrypted PIN of the form eKPE2(PIN) or eKPE3(PIN),
depending on whether the mode parameter specifies mode = 0 or mode =
1, respectively enc.KPE3 is a 64-bit encrypted key of the form
e*KM.C2(KPE3), and is provided as an output parameter only when mode
= 1 is specified.  Upon completion of the instruction execution, CIEE
2 outputs reenc.pin to CFAP at 9.  CFAP st...