Mohamed M. Atalla

Mohamed AtallaMartin Mohamed AtallaMohamed Mohamed Atalla
He invented the first hardware security module (HSM), the so-called "Atalla Box", a security system that secures a majority of transactions from ATMs today. At the same time, Atalla contributed to the development of the personal identification number (PIN) system, which has developed among others in the banking industry as the standard for identification. The work of Atalla in the early 1970s led to the use of high security modules. His "Atalla Box", a security system which encrypts PIN and ATM messages, and protected offline devices with an un-guessable PIN-generating key. He commercially released the "Atalla Box" in 1973. The product was released as the Identikey.

Utimaco Atalla

Atalla CorporationAtallaAtalla Box
Atalla provides government-grade end-to-end products in network security, and hardware security modules (HSMs) used in automated teller machines (ATMs) and Internet security. The company was founded by Egyptian engineer Mohamed M. Atalla in 1972. Atalla HSMs are the payment card industry's de facto standard, protecting 250million card transactions daily (more than billion transactions annually) as of 2013, and securing the majority of the world's ATM transactions as of 2014. The company was originally founded in 1972, initially as Atalla Technovation, before it was later called Atalla Corporation. The company was founded by Dr. Mohamed M. Atalla (alias Martin "John" M.

PIN pad

PINpadPIN entry devices
A PIN pad or PIN entry device (PED) is an electronic device used in a debit, credit or smart card-based transaction to accept and encrypt the cardholder's personal identification number (PIN). PIN pads are normally used with payment terminals, automated teller machines or integrated point of sale devices in which an electronic cash register is responsible for taking the sale amount and initiating/handling the transaction. The PIN pad is required to read the card and allow the PIN to be securely entered and encrypted before it is sent to the bank. In some cases, with chip cards, the PIN is only transferred from the PIN pad to card and it is verified by the chip card.

IBM 3624

Part of the reason for the failure of the IBM 473x to take hold in the ATM marketplace was the lack of a backward compatibility to the 3624 protocol when it was introduced. One of the most lasting features introduced with the 3624 was the IBM 3624 PIN block format used in transmission of an encrypted personal identification number (PIN). The PIN functions, with an early commercial encryption using the DES algorithm, were implemented in two modules - BQKPERS and BQKCIPH - and their export controlled under the US export munitions rules. A brief mention of the 3624 protocol from IBM. Methods to attack the 3624 PIN Block.


Chip and PINEMVCoEMV Chip
Chip and PIN is one of the two verification methods that EMV enabled cards can employ. Rather than physically signing a receipt for identification purposes, the user just enters a personal identification number (PIN), typically of 4 to 6 digits in length. This number must correspond to the information stored on the chip. Chip and PIN technology makes it much harder for fraudsters to use a found card, so if someone steals a card, they can't make fraudulent purchases unless they know the PIN. Chip and signature, on the other hand, differentiates itself from chip and PIN by verifying a consumer's identity with a signature.


bankbookA passbookbank book
Nowadays, customer verification is more likely to be by PIN and commonly from an automated teller machine. For people who feel uneasy with telephone or online banking, the use of a passbook is an alternative to obtain, in real-time, the account activity without waiting for a bank statement. However, contrary to some bank statements, some passbooks offer fewer details, replacing easy-to-understand descriptions with short codes. Bank statement. Cheque book. Deposit account. Sberkassa, the bankbook heritage from the Soviet Union.

Secure cryptoprocessor

cryptoprocessorsecurity processorcryptoprocessing
A hardware security module may also be part of a computer (for example an ATM) that operates inside a locked safe to deter theft, substitution, and tampering. Modern smartcards are probably the most widely deployed form of secure cryptoprocessor, although more complex and versatile secure cryptoprocessors are widely deployed in systems such as Automated teller machines, TV set-top boxes, military applications, and high-security portable communication equipment. Some secure cryptoprocessors can even run general-purpose operating systems such as Linux inside their security boundary.

Card reader

Biometric technology in access controlcard readerssmart card readers
A smart card reader is an electronic device that reads smart cards and can be found in the following form: External devices that can read a Personal identification number (PIN) or other information may also be connected to a keyboard (usually called "card readers with PIN pad"). This model works by supplying the integrated circuit on the smart card with electricity and communicating via protocols, thereby enabling the user to read and write to a fixed address on the card. If the card does not use any standard transmission protocol, but uses a custom/proprietary protocol, it has the communication protocol designation T=14.


In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot, Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cipher – generating ciphertext that can be read only if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm.


keypadsnumeric keypad
Keypads for the entry of PINs and for product selection appear on many devices including ATMs, vending machines, Point of Sale payment devices, time clocks, combination locks and digital door locks. The first key-activated mechanical calculators and many cash registers used "parallel" keys with one column of 0 to 9 for each position the machine could use. A smaller, 10-key input first started on the Standard Adding Machine in 1901. The calculator had the digit keys arranged in one row, with zero on the left, and 9 on the right. The modern four-row arrangement debuted with the Sundstrand Adding Machine in 1911.


passwordswatchwordcomputer passwords
In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online. The easier a password is for the owner to remember generally means it will be easier for an attacker to guess.

Data Encryption Standard

Around the same time, engineer Mohamed Atalla in 1972 founded Atalla Corporation and developed the first hardware security module (HSM), the so-called "Atalla Box" which was commercialized in 1973. It protected offline devices with an un-guessable PIN generating key, and was a commercial success. Banks and credit card companies were fearful that Atalla would dominate the market, which spurred the development of an international encryption standard. Atalla was an early competitor to IBM in the banking market, and was cited as an influence by IBM employees who worked on the DES standard. The IBM 3624 later adopted a similar PIN verification system to the earlier Atalla system.

Smart card

smartcardIC Cardsmart cards
Customers inserted the card into the merchant's point-of-sale (POS) terminal, then typed the personal identification number (PIN), before the transaction was accepted. Only very limited transactions (such as paying small highway tolls) are processed without a PIN. Smart-card-based "electronic purse" systems store funds on the card, so that readers do not need network connectivity. They entered European service in the mid-1990s.

Identity verification service

identity verificationcustomer identification systemonline identity verification
An identity verification service is used by businesses to ensure that users or customers provide information that is associated with the identity of a real person. The service may verify the authenticity of physical identity documents such as a drivers license, passport, or a nationally issued identity document through documentary verification. Additionally, also involve the verification of identity information (fields) against independent and authoritative sources, such as a credit bureau or proprietary government data.

Financial transaction

transactiontransactionsfinancial transactions
A financial transaction is an agreement, or communication, carried out between a buyer and a seller to exchange an asset for payment.


The chip was packaged in a large ceramic 64-pin DIP package, while most 8-bit microprocessors such as the Intel 8080 used the more common, smaller, and less expensive plastic 40-pin DIP. A follow-on chip, the TMS 9980, was designed to compete with the Intel 8080, had the full TI 990 16-bit instruction set, used a plastic 40-pin package, moved data 8 bits at a time, but could only address 16 KB. A third chip, the TMS 9995, was a new design. The family later expanded to include the 99105 and 99110. The Western Design Center (WDC) introduced the CMOS 65816 16-bit upgrade of the WDC CMOS 65C02 in 1984.

Payment card number

credit card numberBank card numbercredit card numbers
A payment card number, primary account number (PAN), or simply a card number, is the card identifier found on payment cards, such as credit cards and debit cards, as well as stored-value cards, gift cards and other similar cards. In some situations the card number is referred to as a bank card number. The card number is primarily a card identifier and does not directly identify the bank account number/s to which the card is/are linked by the issuing entity.

Block cipher

block ciphersblockcipher
The root of all cryptographic block formats used within the Payment Card Industry Data Security Standard (PCI DSS) and American National Standards Institute (ANSI) standards lies with the Atalla Key Block (AKB), which was a key innovation of the Atalla Box, the first hardware security module (HSM). It was developed in 1972 by Mohamed M. Atalla, founder of Atalla Corporation (now Utimaco Atalla), and released in 1973. The AKB was a key block, which is required to securely interchange symmetric keys or PINs with other actors of the banking industry. This secure interchange is performed using the AKB format.

Card Transaction Data

card datacard transactionscredit card transaction
Note: debit card-holder must input their own PIN to complete transaction.


Bankingbankerbanking system
ATM card. Current accounts. Cheque books. Automated Teller Machine (ATM). Business loan. Capital raising (equity / debt / hybrids). Revolving credit. Risk management (foreign exchange (FX)), interest rates, commodities, derivatives. Term loan. Cash management services (lock box, remote deposit capture, merchant processing). Credit services. Credit risk: risk of loss arising from a borrower who does not make payments as promised. Liquidity risk: risk that a given security or asset cannot be traded quickly enough in the market to prevent a loss (or make the required profit).

Computer security

cybersecuritycyber securitysecurity
In-store payment systems and ATMs have also been tampered with in order to gather customer account data and PINs. Computers control functions at many utilities, including coordination of telecommunications, the power grid, nuclear power plants, and valve opening and closing in water and gas networks. The Internet is a potential attack vector for such machines if connected, but the Stuxnet worm demonstrated that even equipment controlled by computers not connected to the Internet can be vulnerable. In 2014, the Computer Emergency Readiness Team, a division of the Department of Homeland Security, investigated 79 hacking incidents at energy companies.

Payment terminal

point-of-sale terminalcredit card terminalPOS
Terminals can also be used in stand alone mode, where the merchant keys the amount into the terminal before the customer present their card and personal identification number (PIN). The majority of card terminals today transmit data over cellular network connections and Wi-Fi. Legacy terminals communicate over standard telephone line or Ethernet connections. Some also have the ability to cache transactional data to be transmitted to the gateway processor when a connection becomes available; the major drawback to this is that immediate authorization is not available at the time the card was processed, which can subsequently result in failed payments.

List of National Inventors Hall of Fame inductees

inducteemember of the National Inventors Hall of Fame
The National Inventors Hall of Fame (NIHF) inductees includes over 600 inventors spanning three centuries of lifetimes. John Fitch was the earliest born inventor inducted into the NIHF (1743), while Barrett Comiskey is currently the most recently born (1975).

Payment card

cash cardcardscard payment
These terminals can also be used as cashless scrip ATMs by cashing the receipts they issue at the merchant's point of sale. Historically, bank cards have also served the purpose of a cheque guarantee card, a now almost defunct system to guarantee cheques at point of sale. The first bank cards were automated teller machine (ATM) cards issued by Barclays in London in 1967, and by Chemical Bank in Long Island, New York, in 1969. In 1972, Lloyds Bank issued the first bank card to feature an information-encoding magnetic strip, using a personal identification number (PIN) for security. Atalla Technovation (now Utimaco Atalla) was founded by Mohamed M.

Electronic cash

ECEC electronic cashEC-cards
Automated teller machine. Electronic money. Eurocheque. Debit card. Stored-value card.