New Tech!

My bank, Barclays, has sent me a new toy.

And here it is, the Barclays PINsentry™:

_MG_1302, originally uploaded by RulerOfHeck.

When I want to use online banking now, I enter my User ID and an 8-digit number I get from this device after sticking my debit card into it, pressing IDENTIFY then entering my PIN.

Kudos to Barclays for this: it’s statistically significantly more secure than using the 5-digit number and memorable word I’ve had for the last 7 years; very easy to use; and because it’s a completely standalone device it doesn’t prevent me from using online banking from whatever crazy OS I feel like using today.

Technically, I’m assuming this works in the obvious way:

PINsentry sends the current time (relatively coarsely quantised I’d assume) to an application in the chip on my card which will encrypt it with the private key on my card. The application asks for my PIN, which the device acquires for it, performs the encryption operation and returns the encrypted data. This is converted into an 8-digit number and shown to me, so I can enter it into the website. A backend thing in Barclays decrypts it with the corresponding public key, and verifies that it is a time from the last 5 minutes or so.

Thus I am authenticated. There’s a similar process using the SIGN button and requiring the recipient’s account number and the amount to be transferred for when I want to send large sums of money to someone or pay a new party.

As yet, they say the RESPOND button isn’t used. I’m slightly intrigued by what it will be used for. When I press it and enter my PIN it asks for a number; enter between 1 and 8 digits and it gives an 8-digit number as output. I’m guessing they will encrypt something with my public key, tell me the encrypted digits on the web, and that the IDENTIFY button will decrypt it, then encrypt the time with it and tell me that result.

3 Responses to “New Tech!”

  1. Dee

    This is fantastic as a baclays on line user and also as a roaming baclays user roaming all over the world
    I would like to introduce this concept an technology in Nigeria where online banking is new but fraud is high. Any help

    Reply
  2. Mark Thomas

    The only annoying thing about these is that I only have one, which is in my drawer at home. If I want to do online bank stuff at work or a friend’s house or my parents’ house now, well, I can’t.

    Hopefully they’re generic devices, so before long they’ll be sufficiently scattered around that I can borrow others’, even if they use a different bank.

    Reply

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>