Protecting PINs and Sensitive Data in Transmission through Encryption
For secured environment, organizations may need to implement end-to-end application layer encryption to protect PINs and other sensitive data in communications between terminals and hosts. E2EE usually refers to End-to-End Password Protection for security-sensitive applications such as internet banking, etc.
E2EE creates a security domain between the customer’s terminal and the service provider’s Hardware Security Module (HSM) e.g. internet banking application. In this security domain, the password is encrypted at the customer’s PC (customer’s end) and the password can only be decrypted for verification at the bank’s HSM (bank’s end). Thus, password is not exposed anywhere; not even to the bank’s host. Since the HSM is an isolated and tamper-resistant environment, the only real space where the PIN can be exposed is on the customer’s PC.
The integration with HSM and the encryption infrastructure require complex programming. With our AccessMatrix UAS E2EE solution, applications developers can easily integrate E2EE authentication without any complex code to integrate with HSM and front end component for password encryption during user login.
AccessMatrix UAS E2EE solution supports most leading HSMs available in the market and the following operations can be performed within the HSM:
- Encryption/ Decryption
- Protection of master encryption key
- Random number generation
- Initial pin generation
- PIN verification
Click to know more about our Versatile Authentication Server solution.