News

RSA 2007: Card issuer to adopt graphical pin randomiser

GrIDsure, a British start-up providing a method to strengthen personal identification numbers (Pins), expects to announce that a major card issuer is introducing its system by the end of this year.

The card issuer is at an advanced stage of testing and implementing the system, which displays random single digits on a one-time use five-by-five grid. Rather than memorising a Pin, users have to remember a sequence of squares: obvious choices, such as the four corners, can be rejected. When authorising a transaction, the user types in the numbers found in their chosen squares.

The grid of random numbers can be displayed on devices including cash machines, mobile telephones and Chip and Pin card-readers: GrIDsure already counts French firm Ingenico, which makes such readers, among its customers.

Founder, Jonathan Craymer, says the system avoids use of biographical data, such as mother's maiden name, or biometric. "Chip and Pin has severe flaws," he says, but as his company's system could use the existing hardware to provide much improved security, "we are talking about saving it".

Craymer says the system makes shoulder-surfing much more difficult, as numbers are typed into a keypad, and it is tricky to watch both fingers and the screen. Even if the watcher does record both the numbers typed and on the grid, each 0 to 9 digit appears on average 2.5 times on each 25-digit grid, so a large number of square-sequences would still be possible.

The Cambridgeshire-based firm, which opened for business in late 2005 but launched publicly on 4 October, plans to license its concept non-exclusively. Early customers include Canadian outsourcing firm CGI, which has supplied South Lakeland district council in Cumbria with the system, Indian services group Tata Consulting and US identity supplier ActivIdentity.

This article first appeared on the web-site of Infosecurity magazine, http://www.infosecurity-magazine.com


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy