Personal identification number

Definitions[]

A personal identification number (PIN) is

“

a security method whereby a multi-digit number is assigned to an individual and can be used to gain access to a particular system or area.

”

“

[a] number used in conjunction with an access control system as a secondary credential by the user to ensure the holder of the access control card is the authorized user.^[1]

”

A user accessing a computer system or other device is requested to enter a "shared secret" (called "shared" because it is known both to the user and to the system), such as a PIN. When the user of a system enters her name, she also enters a PIN. The system checks that PIN against data in a database to ensure its correctness and thereby "authenticates" the user.

If the authentication process is performed over an open network such as the Internet, it is usually essential that at least the shared secret be encrypted. This task can be accomplished by using a technology called Secure Sockets Layer (SSL), which uses a combination of public key technology and symmetric cryptography to automatically encrypt information as it is sent over the Internet by the user and decrypt it before it is read by the intended recipient. SSL currently is built into almost all popular Web browsers, in such a fashion that its use is transparent to the end user. Assuming the password is protected during transmission, impersonating the user requires obtaining the user's PIN. This may be relatively easy if users do not follow appropriate guidelines for PIN creation and use.

While not as robust as biometric identifiers and digital signatures, PINs have the decided advantage of proven customer and citizen acceptance, as evidenced by the universal use of PINs for automated teller machine transactions. PINs combined with encrypted Internet sessions, particularly through the use of Secure Sockets Layer (SSL) technology on the World Wide Web, are very popular for retail consumer transactions requiring credit card or other personal authenticating information.

↑ Biometrics Identity Management Agency, Biometrics Glossary, at 30 (Ver. 5) (Oct. 2010) (full-text).