Strengthening Authentication Patterns
Original Publication Date: 1984-Jan-01
Included in the Prior Art Database: 2005-Feb-02
This article discloses a method for strengthening authentication patterns (AP) used as part of a personal verification process in an electronic funds transfer (EFT) system. The first step in performing a user verification process is for the user to enter a personal identification number (PIN) into an EFT terminal. Numerous techniques exist for protecting the PIN once it is entered into the system via the EFT terminal, almost all of which begin by combining the PIN with some other, non-secret, static information to eliminate certain dictionary attacks. PINs are then encrypted with secret system keys affording the PIN protection during periods of transmission or storage. However, where access to the encrypt function can be obtained, certain exhaustive attacks may be performed to recover the key.