By sirk - 3/13/2009
Hi,
I am trying to make a basic ATM system, iv got all the interface done and I have made the link to my SQL database etc. the part i'm stuck on is how I can run a check to see if a bank card number matches up to the users PIN number.
To simulate the user putting a card into the machine I've used a combo box, and that lists all the cards, that haven't been flagged as confiscated (there's a column in my ATMCards table that I can set to true or false) then after the user has selected a relevant card there's another text box where they can enter in their PIN number. Now what I want to do is, if they chose the card number 1234567890123456 in the combo box and they enter in the PIN 1234 into the text box, then, after clicking the check PIN Button if the pin is correct they need to be taken to another from where they can check their balance etc., and if its wrong they got three attempts after which point i want to flag that card as confiscated.
I know I'm asking quite allot but I'm really stuck I don't even know where to start any help would be greatly appreciated. I'm using VB .net 2005.
Thanks in advance
|
By MaslowB - 6/11/2009
I'd recommend storing a hashed or otherwise secured version of the pin, and comparing a hash or checksum of the pin instead of the raw pin to raw pin. then when you send the hash from the atm to the database, it's already partially secured (you can encrypt this transmission as well).
then decrypt the transmission, and compare the hash. if the hashes match they are authenticated. and if someone steals data from the database they don't have the raw card numbers with pins.
|
|