Abstract
As Electronic Funds Transfer at Point of Sale (EFT/POS) systems expand and the need for more secure key management is recognised, it becomes desirable to develop secure remote initialisation strategies for terminals across public data networks.
The Rivest, Shamir, Adleman (RSA) and Data Encryption standard (DES) algorithms are considered with attention to key management, logical security, and implementation requirements of each.
Notice: The views presented here are those of the author's based entirely on public sources reflecting the generalised experience of Australian banks in the operation of EFT/POS systems. This paper is not an official publication of the National Australia Bank Limited, nor should it be construed as specifically representing any policies, practices or products of the National Australia Bank.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
A. McCathie, ‘Integrated EFTPOS system up and running this year', Australian Financial Review, January 17, 1990, p.31.
ANSI X3.92(1981), American National Standard Data Encryption Algorithm, American National Standards Institute.
AUSTRALIAN STANDARD AS2805 Electronic Funds Transfer — Requirements for Interfaces Part 3 (1985), PIN Management and Security, Standards Association of Australia.
AUSTRALIAN STANDARD AS2805 Electronic Funds Transfer — Requirements for Interfaces Part 4 (1985), Message Authentication, Standards Association of Australia.
AUSTRALIAN STANDARD AS2805 Electronic Funds Transfer — Requirements for Interfaces Part5(1985), Data Encryption Algorithm, Standards Association of Australia.
AUSTRALIAN STANDARD AS2805 Electronic Funds Transfer — Requirements for Interfaces Part 6.1(1988), Key Management — Principles, Standards Association of Australia.
AUSTRALIAN STANDARD AS2805 Electronic Funds Transfer — Requirements for Interfaces Part 6.2(1988), Key Management — Transaction Keys, Standards Association of Australia.
AUSTRALIAN STANDARD AS2805 Electronic Funds Transfer — Requirements for Interfaces Part 6.4(1988), Key Management — Session Keys — Terminal to Acquirer, Standards Association of Australia.
Australian Banks EFT Security Code & Practice (1989), Australia & New Zealand Banking Group Ltd, Commonwealth Bank of Australia Ltd, National Australia Bank, Rural & Industries Bank of Western Australia, State Bank of Victoria, State Bank of New South Wales, State Bank of South Australia, Westpac Banking Corporation.
Henry Beker, ‘Management and Control of Systems', Information Security Guide, IBC Technical Services, London, 1989.
D.N. Chorafas, ‘EFT/POS as a secure system solution', Electronic Funds Transfer, Butterworths, London, 1988, pp. 327–332.
D.W. Davies, W.L. Price, Security for Computer Networks, Wiley, Chichester, 1982.
W. F. Ehrsam, S. M. Matyas, C. H. Meyer and W. L. Tuchman, ‘A cryptographic key management scheme for implementing the data encryption standard', IBM Systems J., Vol.17, No.2, 1978, pp.106–125.
H. Gustafson, E. Dawson, B. Caelli, ‘Comparison of Block Ciphers', Abstracts of Auscrypt90, Sydney, 8–11 January 1990, pp. 163–165.
E. A. Kemp, ‘Encryption in Electronic Funds Transfer Applications', Aust. Computer J., Vol.20,No.2, 1988, pp.170–177.
A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, J.M. Pollard, ‘The number field sieve', unpublished.
C.H. Meyer, S.M. Matyas, Cryptography: A New Dimension in Computer Data Security, Wiley, New York, 1982.
National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46, Jan. 1977.
R.L. Rivest, A. Shamir, L. Adleman, ‘A Method for Obtaining Digital Signatures and Public Key Cryptosystems', Communications of the ACM, Vol.21, No.2, 1978, pp. 120–126.
J. Seberry, J. Piepzryk, Cryptography: an introduction to computer security, Prentice Hall, Sydney, 1989.
P. Takac, Eftpos in Australia: Developments, Trends, and Market Size, Royal Melbourne Institute of Technology Centre for Technology Policy & Management, Melbourne, 1988.
R. Weber, ‘Controls in Electronic funds Transfer Systems: a Survey and Synthesis', Computers & Security, Vol.8, No. 2,1989, pp.123–137.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1990 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ames, M. (1990). Secure cryptographic initialisation of remote terminals in an electronic funds transfer/point of sale system. In: Seberry, J., Pieprzyk, J. (eds) Advances in Cryptology — AUSCRYPT '90. AUSCRYPT 1990. Lecture Notes in Computer Science, vol 453. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0030383
Download citation
DOI: https://doi.org/10.1007/BFb0030383
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-53000-8
Online ISBN: 978-3-540-46297-2
eBook Packages: Springer Book Archive