How is online banking data decrypted securely?
Posted: Wed Apr 14, 2010 5:26 pm
Before I start, I'd like to make it quite clear that I'm interested in the theory and not the specifics... 
I'm about to start work on two systems that hold sensitive client data - not payment information but details about medical history and financial status, etc. As usual, there is zero budget for either system but the information is already being captured and stored (insecurely) and so I've been asked to do what I can to "beef up" the security. I also have PHP and MySQL at my disposal (which is a good thing of course).
Now, I'm familiar with how symmetric/asymmetric encryption schemes work and intend to use GnuPG but my problem is this - not only does the data have to be encrypted (which I can do safely) but it also has to be accessible so the user can make changes to their data, with the problem obviously being that if I want to decrypt something I've got to have the private key and the passphrase on the same system (which weakens the security of the overall system).
I know that this can be done securely because it happens in online banking - I just enter a couple of passwords and can see everything - so I'm wondering what setup the banks have in place that allows them to securely decrypt my data once I've logged in. I know one of the recommendations the credit card companies make is that any keys held on the system should be encrypted themselves, but I can't quite work out how this might be done - do I create a unique 'user' private key for each account which can decrypt a copy of the 'master' private key, and if so how do I make sure that this system isn't compromised by someone guessing the passphrase for the 'user' key. Is it possible to create a 'one time' key, or split the key in some way? Also, is it even safe to 'work' with the passphrase or key in memory (on a shared system, I'd assume not)?
As may be obvious, I have a reasonable grasp of how it might be done but would appreciate any suggestions or input. Just to make it quite clear, the "you shouldn't be doing this if you don't know what you're doing" argument is moot because I have been asked to do it, there's no budget available and the alternative is to keep everything as it is and risk the organisations involved having their data compromised! In case that sounds abrupt, it certainly isn't meant to but I've seen that sort of reply come up time-and-again and it generally doesn't reflect the reality of the situation: people do sometimes get asked to do things that they don't necessarily know how to do, and you try getting the big banks to tell you how they do things
Thank you in advance,
Mecha Godzilla
No, not the real one, just a poor facsimile...
I'm about to start work on two systems that hold sensitive client data - not payment information but details about medical history and financial status, etc. As usual, there is zero budget for either system but the information is already being captured and stored (insecurely) and so I've been asked to do what I can to "beef up" the security. I also have PHP and MySQL at my disposal (which is a good thing of course).
Now, I'm familiar with how symmetric/asymmetric encryption schemes work and intend to use GnuPG but my problem is this - not only does the data have to be encrypted (which I can do safely) but it also has to be accessible so the user can make changes to their data, with the problem obviously being that if I want to decrypt something I've got to have the private key and the passphrase on the same system (which weakens the security of the overall system).
I know that this can be done securely because it happens in online banking - I just enter a couple of passwords and can see everything - so I'm wondering what setup the banks have in place that allows them to securely decrypt my data once I've logged in. I know one of the recommendations the credit card companies make is that any keys held on the system should be encrypted themselves, but I can't quite work out how this might be done - do I create a unique 'user' private key for each account which can decrypt a copy of the 'master' private key, and if so how do I make sure that this system isn't compromised by someone guessing the passphrase for the 'user' key. Is it possible to create a 'one time' key, or split the key in some way? Also, is it even safe to 'work' with the passphrase or key in memory (on a shared system, I'd assume not)?
As may be obvious, I have a reasonable grasp of how it might be done but would appreciate any suggestions or input. Just to make it quite clear, the "you shouldn't be doing this if you don't know what you're doing" argument is moot because I have been asked to do it, there's no budget available and the alternative is to keep everything as it is and risk the organisations involved having their data compromised! In case that sounds abrupt, it certainly isn't meant to but I've seen that sort of reply come up time-and-again and it generally doesn't reflect the reality of the situation: people do sometimes get asked to do things that they don't necessarily know how to do, and you try getting the big banks to tell you how they do things
Thank you in advance,
Mecha Godzilla
No, not the real one, just a poor facsimile...