SYSTEM AND METHOD FOR SECURE COMMUNICATION IN A RETAIL ENVIRONMENT

US 20090103725A1
Filed: 10/18/2007
Published: 04/23/2009
Est. Priority Date: 10/18/2007
Status: Active Grant

First Claim

Patent Images

1. A system for secure communication in a fueling environment, comprising:

a first secure payment module (SPM) in a fuel dispenser communicably coupled to a first card reader, the first SPM storing a first public key certificate uniquely identifying the first SPM, the first public key certificate issued by a trusted certificate authority, and a first private key associated with the first public key certificate; and

a point-of-sale (POS) system storing a second public key certificate issued by the trusted certificate authority, the POS system communicably coupled to the first SPM, wherein the POS system is configured to;

retrieve the first public key certificate from the first SPM, wherein the First public key certificate contains a first public key associated with the first SPM;

verify the identity of the first SPM by authenticating the first public key certificate with the second public key certificate;

dynamically generate a first session key;

encrypt the first session key using, at least in part, the first public key; and

transmit the encrypted first session key to the first SPM;

wherein the first SPM is configured to;

receive the encrypted first session key from the POS system;

decrypt the first session key using, at least in part, the first private key,receive a first set of sensitive data from the first card reader;

encrypt the first set of sensitive data using, at least in part, the first session key; and

transmit the encrypted first set of sensitive data to the POS system.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides various embodiments of systems and methods for secure communications. In one aspect, the system includes a secure payment module (SPM) in a fuel dispenser and a point-of-sate (POS) system. The POS system stores a public key certificate uniquely identifying the SPM and is configured to dynamically generate a first session key. The POS system encrypts the first session key with a public key associated with the public key certificate, and transmits the encrypted first session key to the SPM. The SPM, which stores a private key associated with the public key certificate, is configured to receive and decrypt the first session key. The SPM is further configured to receive a set of magnetic card data from a card reader, encrypt the set of magnetic card data with the first session key, and transmit the encrypted set of magnetic card data to the POS system.

56 Citations

View as Search Results

21 Claims

1. A system for secure communication in a fueling environment, comprising:
- a first secure payment module (SPM) in a fuel dispenser communicably coupled to a first card reader, the first SPM storing a first public key certificate uniquely identifying the first SPM, the first public key certificate issued by a trusted certificate authority, and a first private key associated with the first public key certificate; and
  
  a point-of-sale (POS) system storing a second public key certificate issued by the trusted certificate authority, the POS system communicably coupled to the first SPM, wherein the POS system is configured to;
  
  retrieve the first public key certificate from the first SPM, wherein the First public key certificate contains a first public key associated with the first SPM;
  
  verify the identity of the first SPM by authenticating the first public key certificate with the second public key certificate;
  
  dynamically generate a first session key;
  
  encrypt the first session key using, at least in part, the first public key; and
  
  transmit the encrypted first session key to the first SPM;
  
  wherein the first SPM is configured to;
  
  receive the encrypted first session key from the POS system;
  
  decrypt the first session key using, at least in part, the first private key,receive a first set of sensitive data from the first card reader;
  
  encrypt the first set of sensitive data using, at least in part, the first session key; and
  
  transmit the encrypted first set of sensitive data to the POS system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein to authenticate the first public key certificate with the second public key certificate, the POS system is further configured to:
    - retrieve a first digital signature from the first public key certificate, wherein the first digital signature is embedded in the first public key certificate;
      
      retrieve a second digital signature from the second public key certificate, wherein the second digital signature is embedded in the second public key certificate, the second digital signature unique to the trust certificate authority; and
      
      compare the first digital signature with the second digital signature.
  - 3. The system of claim 1, wherein the POS system is further configured to:
    - receive the encrypted first set of sensitive data from the first SPM; and
      
      decrypt the first set of sensitive data using, at least in part, the first session key.
  - 4. The system of claim 3, wherein the POS system is further configured to:
    - dynamically generate a second session key;
      
      encrypt the second session key using, at least in part, the first public key; and
      
      transmit the encrypted second session key to the first SPM.
  - 5. The system of claim 4, wherein the first SPM is further configured to:
    - receive the encrypted second session key from the POS system;
      
      decrypt the second session key using, at least in part, the first private key;
      
      receive a second set of sensitive data from the first card reader;
      
      encrypt the second set of sensitive data using, at least in part, the second session key; and
      
      transmit the encrypted second set of sensitive data to the POS system.
  - 6. The system of claim 5, wherein the POS system is further configured to:
    - receive the encrypted second set of sensitive data from the first SPM; and
      
      decrypt the second set of sensitive data using, at least in part, the second session key.
  - 7. The system of claim 1, wherein dynamically generating the first session key comprises using, at least in part, pseudorandom POS system entropy data.
  - 8. The system of claim 1, wherein the trusted certificate authority is the operator of the SPM.
  - 9. The system of claim 1, wherein the first set of sensitive data comprises magnetic card data.

10. The system of claim I further comprising:
- a second SPM, the second SPM storing a third public key certificate uniquely associated with the second SPM, the third public key certificate issued by the trusted certificate authority to uniquely identify the second SPM, and a second private key associated with the second public key certificate, the second SPM communicably coupled to a second card reader and the POS system.
- View Dependent Claims (11, 12)
- - 11. The system of claim 10, wherein the POS system is further configured to:
    - retrieve the third public key certificate from the second SPM, wherein the third public key certificate contains a second public key associated with the second SPM;
      
      verify the identity of the second SPM by authenticating the third public key certificate with the second public key certificate;
      
      dynamically generate a third session key;
      
      encrypt the third session key using, at least in part, the second public key; and
      
      transmit the encrypted third session key to the second SPM.
  - 12. The system of claim 11, wherein the second SPM is further configured to:
    - receive the encrypted third session key from the POS system;
      
      decrypt the third session key using, at least in part, the second private key;
      
      receive a third set of sensitive data from the second card reader;
      
      encrypt the third set of sensitive data using, at least in part, the third session key; and
      
      transmit the encrypted third set of sensitive data to the POS system.

13. A system for secure communication in a fueling environment, comprising:
- a first dispenser environment, the first dispenser environment comprising;
  
  a first secure payment module (SPM) in a first fuel dispenser coupled to a first card reader, the first SPM storing a first public key certificate issued by a trusted certificate authority to uniquely identify the first SPM, and a first private key associated with the first public key certificate;
  
  a second SPM in a second fuel dispenser coupled to a second card reader, the second SPM storing a second public key certificate issued by the trusted certificate authority to uniquely identify the second SPM, and a second private key associated with the second public key certificate; and
  
  a point-of-sale (POS) environment, the POS environment comprising a first POS server communicably coupled to the first and second SPMs, the first POS server storing a third public key certificate issued by the trusted certificate authority, wherein the POS server is configured to;
  
  dynamically generate a first session key for communication with the first SPM;
  
  dynamically generate a second session key for communication with the second SPM;
  
  encrypt the first session key using, at least in part a first public key included in the first public key certificate;
  
  encrypt the second session key using, at least in part, a second public key included in the second public key certificate;
  
  transmit the encrypted first session key to the first SPM;
  
  transmit the encrypted second session key to the second SPM;
  
  wherein the first SPM is configured to;
  
  receive the encrypted first session key from the POS server;
  
  decrypt the first session key using, at least in part, the first private key;
  
  receive a first set of magnetic card data from the first card reader;
  
  encrypt the first set of magnetic card data using, at least in part, the first session key; and
  
  transmit the encrypted first set of magnetic card data to the POS server; and
  
  wherein the second SPM is configured to;
  
  receive the encrypted second session key from die POS serve;
  
  decrypt the second session key using, at least in part, the second private key;
  
  receive a second set of magnetic card data from the second card reader;
  
  encrypt the second set of magnetic card data using, at least in part, the second session key; and
  
  transmit the encrypted second set of magnetic card data to the POS server.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the POS server is further configured to:
    - receive the encrypted first set of magnetic card data from the first SPM;
      
      decrypt the first set of magnetic card data using, at least in part, the first session key;
      
      receive the encrypted third set of magnetic card data from the second SPM; and
      
      decrypt the second set of magnetic card data using, at least in part, the second session key.
  - 15. The system of claim 14, wherein the POS server is further configured to send the decrypted first set of magnetic card data to the first authorization network communicably coupled to the POS server, wherein the first authorization network is configured to authorize the first set of magnetic card data.
  - 16. The system of claim 13, wherein the POS server is further configured to authenticate the first SPM, wherein to authenticate the first SPM the POS server is further configured to:
    - retrieve a first digital signature from the first public key certificate, wherein the first digital signature is embedded in the first public key certificate;
      
      retrieve a second digital signature from the third public key certificate, wherein the second digital signature is embedded in the third public key certificate, the second digital signature unique to the trust certificate authority; and
      
      compare the first digital signature with the second digital signature.
  - 17. The system of claim 16, wherein the POS server is further configured to authenticate the second SPM, wherein to authenticate the second SPM the POS server is further configured to:
    - retrieve a third digital signature from the second public key certificate, wherein the third digital signature is embedded in the second public key certificate;
      
      compare the third digital signature with the second digital signature.

18. A method for secure communications in a fueling environment, comprising:
- dynamically generating a first session key at a point-of-sale (POS) system;
  
  encrypting the first session key using, at least in part, a first public key associated with a first public key certificate issued to a first secure payment module (SPM) by a certificate authority, the first SPM located at a fuel dispenser;
  
  transmitting the encrypted first session key to the first SPM;
  
  receiving a first set of magnetic card data encrypted with the first session key at the POS system; and
  
  decrypting the first set of magnetic card data using, at least in part, the first session key.
- View Dependent Claims (19)
- - 19. The method of claim 18, further comprising:
    - dynamically generating a second session key at the POS system;
      
      encrypting the second session key using, at least in part, the first public key;
      
      transmitting the encrypted second session key to the first SPM;
      
      receiving a second set of magnetic card data encrypted with the second session key at the POS system; and
      
      decrypting the second set of magnetic card data using, at least in part, the second session key.

20. A method for secure communication in a fueling environment, comprising:
- receiving a first session key from a point-of-sale (POS) system, the first session key encrypted with a first public key associated with a first public key certificate uniquely identifying a secure payment module (SPM), the SPM associated with a first fuel dispenser;
  
  decrypting the first session key using, at least in part, a first private key associated with the first public key, the first private key stored at the SPM;
  
  receiving a first set of magnetic card data at the SPM;
  
  encrypting the first set of magnetic card data using, at least in part, the first session key; and
  
  transmitting the encrypted first set of magnetic card data from the SPM to a POS system.
- View Dependent Claims (21)
- - 21. The method of claim 20, further comprising:
    - receiving a second session key, the second session key encrypted with the first public key;
      
      decrypting the second session key using, at least in part, the first private key;
      
      receiving a second set of magnetic card data;
      
      encrypting the second set of magnetic card data using, at least in part, the second session key; and
      
      transmitting the encrypted second set of magnetic card data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wayne Fueling Systems LLC (Dover Corporation)
Original Assignee
Wayne Fueling Systems LLC (Dover Corporation)
Inventors
TANG, Weiming, Weston, Timothy Martin

Granted Patent

US 10,558,961 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/45
CPC Class Codes

G06Q 20/18   involving self-service term...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3823   combining multiple encrypti...

H04L 2463/102   applying security measure f...

H04L 63/045   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

SYSTEM AND METHOD FOR SECURE COMMUNICATION IN A RETAIL ENVIRONMENT

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURE COMMUNICATION IN A RETAIL ENVIRONMENT

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links