October 7, 2011 at 7:46 am
Hello all,
I am seeking advice on how to handle a sensitive data field, specifically PIN's (Personal Identification Numbers) associated with an identity card proposed by our business.
We are currently on Microsoft SQL Server 2005 - 9.00.3054.00 (Intel X86) Mar 23 2007 16:28:52 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) , but will upgrade to 2008 by the time this is in production.
These cards would be used to universally identify a person at a variety of outlets in our organization, and then allow them to interact with various applications to access products and services. While they are not credit cards, they could be used to identify/validate a person to make a payment or purchase goods on an internal line of credit available to them. (PCI compliance required?).
The Statement of Requirements indicates that they want a secret PIN associated with these cards and I'm not sure how to store these in a database.
One thought is that we could immediately migrate to 2008 and use TDE to encrypt the entire database. Or, could the PIN be somehow programmed in the card and avoid the database altogether?
Does anyone have any thoughts on handling this ?
As always, your input is deeply valued.
Steve
October 7, 2011 at 8:14 am
Storing the PIN on the card is definitely a bad idea. Would defeat the purpose of having a PIN in the first place, since the PIN would have to be readable off the card for that to work.
Hash the PINs in the database. Pass in the hashed PIN, if the hashes match, it's a valid PIN. Don't store or transmit the clear-text PIN at all, if you can avoid it. Just like passwords.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
October 7, 2011 at 8:19 am
Much appreciated.
Thank you for the direction.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply