Misrouting Attack Protection
Original Publication Date: 1983-Nov-01
Included in the Prior Art Database: 2005-Feb-07
This article discloses alternative methods to enforce proper routing of personal verification information through various nodes in an interchange network. In an electronic funds transfer (EFT) application, personal verification often involves a user-remembered, secret personal identification number (PIN). The user provides the PIN at an entry point in the system together with additional information, e.g., the user's primary account number (PAN) and the issuer bank identifier (BID), on a plastic, embossed, magnetic stripe bank card. Good security requires that the PIN never appear in the clear except in secure hardware. Therefore, it is necessary to encrypt the PIN when it is routed through the network. Fig. 1 illustrates an EFT network involving a multiplicity of institutions.