堆栈内存溢出
  简体   繁体   English

chipTAN:没有PIN码怎么可能

[英]chipTAN: How is it possible without PIN

 原文  2018-05-21 11:57:27       smartcard/ onlinebanking

问题描述

For my online banking I have a Smartcard-Reader with optical sensors for data transaction by what is called 'flickering'. 对于我的网上银行,我有一个带有光学传感器的智能卡读卡器,用于通过所谓的“闪烁”进行数据交易。 The Reader then shows the Receivers IBAN and amount of money to transfer and generates a TAN without asking me for my PIN, which I need to get money at the ATM. 然后,阅读器会显示接收方的IBAN和要转账的金额,并生成TAN,而无需询问我的PIN(我需要在ATM上取款)。 As far as I know each Smartcard has a cryptography-co-processor (which is used to calculate a signature for a money transaction) which does nothing until it is activated by the secred personal PIN. 据我所知,每个智能卡都有一个加密协处理器(用于计算货币交易的签名),直到被安全的个人PIN激活后,该协处理器才起作用。

How can the Smartcard-Reader use the debit card to generate a TAN without activating the cryptography co-processor by my personal PIN in the first place? 首先,智能卡读取器如何在不通过我的个人PIN激活密码协处理器的情况下使用借记卡生成TAN?

2 个解决方案

解决方案1
 0  2018-05-21 12:39:22

The user has an option to set the minimum amount up to which the card don't prompt to input the PIN value. 用户可以选择设置卡不提示输入PIN值的最小金额。 If you have not chosen this minimum amount, then it may be activated by default in your card. 如果您尚未选择此最低金额,则默认情况下可以在您的卡中将其激活。 Check the terms and conditions for the card. 检查卡的条款和条件。

解决方案2
 0  2018-05-22 06:50:50

Smart cards are much more flexible than you seem to assume. 智能卡比您想象的要灵活得多。 It is responsibility of the application designer, to specify, what actions require which kind of authentication. 应用程序设计者有责任指定哪些操作需要哪种身份验证。 It is easily possible, to have keys requiring no authentication at all. 很容易拥有完全不需要身份验证的密钥。 Whether a command uses a cryptographic co-processor is completely independent of the access right specification. 命令是否使用加密协处理器完全独立于访问权限规范。 (Usally there is some coupling, but that originates from the problem domain.) (通常存在一些耦合,但这是由问题域引起的。)

Since ChipTAN only provides a TAN, you will need the PIN anyway to release the transaction, so there is no benefit to ask for it. 由于ChipTAN仅提供TAN,因此无论如何您都需要PIN才能释放事务,因此索取它没有任何好处。

A generic problem is, that humans are only able to remember quite few PINs, and it is quite difficult, to enter it as valid for one specific action only, but not for another. 一个普遍的问题是,人们只能记住很少的PIN,很难将其输入为仅对一个特定动作有效,而对另一特定动作则无效。 (Different PINs would help, but see above). (不同的PIN会有帮助,但请参见上文)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 不使用PIN读取智能卡信息吗? - Read smart card information without PIN? 如何为多个进程缓存eToken PIN - How to cache eToken PIN for multiple processes 如何提供PIN以编程方式访问智能卡? - How to provide PIN to access smartcard programmatically? 如何使用APDU将PIN验证代码发送到智能卡 - 使用.NET - How to send a PIN verification CODE to a smartcard using APDU - Using .NET 如何使用 APDU 命令设置和更新 ICC 卡 PIN - How to set and update ICC card PIN with APDU command 在 Javascript 中可以接受 PIN 缓存吗? - Is PIN caching acceptable in Javascript? PIN 块转换失败 - PIN block translation failure C# 如何在使用智能卡时防止多个 Windows PIN 提示? - C# how to prevent multiple Windows PIN prompts when using a smart card? 在多个 CMS 签名中缓存 PIN - Caching PIN in multiple CMS Signatures 使用 Chromium Embedded Framework 缓存智能卡 PIN - Caching a smart card PIN with Chromium Embedded Framework
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM