ATM USER AUTHENTICATION BY LINKING RANDOMLY-GENERATED AUTHENTICATION SECRET WITH PERSONALIZED SECRET

• Main Authors: Ya-Ling CHIU, 邱雅翎
• Other Authors: Jing-Jang HWANG
• Format: Others
• Language: zh-TW
• Published: 2006
• Online Access: http://ndltd.ncl.edu.tw/handle/74465959148116216215

碩士 === 長庚大學 === 資訊管理研究所 === 94 === Smart card, also known as Integrated-Circuit card, has replaced magnetic stripe card as a means of cardholder authorization, and it has been used for accessing bank accounts via Automatic Teller Machine (ATM). This master thesis presents a design to strengthen the smart card system security without changing the system infrastructure. The design is based on a split-secret theory which separates the secret identifier stored in the smart card into two parts. One of these two parts is a passcode chosen by the cardholder, and the other is used to replace the original secret identifier as the stored secret. The original secret identifier, when necessary, can be recovered from these two parts. The passcode entry is verified by comparing the recovered value against a stored verifier. This verifier is a derivative of the original secret identifier processed through, for instance, a double-hash function. Since neither the hashed values nor similar derivatives of the passcode are stored, this design strengthens the passcode protection. The security of the system is also strengthened because the smart card now stores only half of the information of the secret identifier.