Hi!
Ok, now I understand what actually you need.
You can encrypt the PIN-block by your software, but it is not the best practice from security point of view. The PIN-blocks will be transmited in encrypted manner over TCP/IP but you are able to access the key. You can make yous software ask 2/3 ZPK components to be entered during start up by 2/3 security officers, but the key will be accessible in the process (you are able to dump it).
The second way is to use HSM. But you will need to pass clear PIN to encrypt it
Why you do not use the code cards to authenticate users, eg. I have the card with 72 codes and when I am logging into my e-bank the authentication screes asks me to enter the code number X. Each time code number is different. It is very simple to create such authentication and you do not require to pass PINs over TCP/IP.
Regards,
Juris
Ok, now I understand what actually you need.
You can encrypt the PIN-block by your software, but it is not the best practice from security point of view. The PIN-blocks will be transmited in encrypted manner over TCP/IP but you are able to access the key. You can make yous software ask 2/3 ZPK components to be entered during start up by 2/3 security officers, but the key will be accessible in the process (you are able to dump it).
The second way is to use HSM. But you will need to pass clear PIN to encrypt it
Why you do not use the code cards to authenticate users, eg. I have the card with 72 codes and when I am logging into my e-bank the authentication screes asks me to enter the code number X. Each time code number is different. It is very simple to create such authentication and you do not require to pass PINs over TCP/IP.
Regards,
Juris