SYSTEM AND METHOD FOR SECURE COMMUNICATION IN A RETAIL ENVIRONMENT
First Claim
1. A system for secure communication in a fueling environment, comprising:
- a first secure payment module (SPM) in a fuel dispenser communicably coupled to a first card reader, the first SPM storing a first public key certificate uniquely identifying the first SPM, the first public key certificate issued by a trusted certificate authority, and a first private key associated with the first public key certificate; and
a point-of-sale (POS) system storing a second public key certificate issued by the trusted certificate authority, the POS system communicably coupled to the first SPM, wherein the POS system is configured to;
retrieve the first public key certificate from the first SPM, wherein the First public key certificate contains a first public key associated with the first SPM;
verify the identity of the first SPM by authenticating the first public key certificate with the second public key certificate;
dynamically generate a first session key;
encrypt the first session key using, at least in part, the first public key; and
transmit the encrypted first session key to the first SPM;
wherein the first SPM is configured to;
receive the encrypted first session key from the POS system;
decrypt the first session key using, at least in part, the first private key,receive a first set of sensitive data from the first card reader;
encrypt the first set of sensitive data using, at least in part, the first session key; and
transmit the encrypted first set of sensitive data to the POS system.
6 Assignments
0 Petitions
Accused Products
Abstract
This disclosure provides various embodiments of systems and methods for secure communications. In one aspect, the system includes a secure payment module (SPM) in a fuel dispenser and a point-of-sate (POS) system. The POS system stores a public key certificate uniquely identifying the SPM and is configured to dynamically generate a first session key. The POS system encrypts the first session key with a public key associated with the public key certificate, and transmits the encrypted first session key to the SPM. The SPM, which stores a private key associated with the public key certificate, is configured to receive and decrypt the first session key. The SPM is further configured to receive a set of magnetic card data from a card reader, encrypt the set of magnetic card data with the first session key, and transmit the encrypted set of magnetic card data to the POS system.
56 Citations
21 Claims
-
1. A system for secure communication in a fueling environment, comprising:
-
a first secure payment module (SPM) in a fuel dispenser communicably coupled to a first card reader, the first SPM storing a first public key certificate uniquely identifying the first SPM, the first public key certificate issued by a trusted certificate authority, and a first private key associated with the first public key certificate; and a point-of-sale (POS) system storing a second public key certificate issued by the trusted certificate authority, the POS system communicably coupled to the first SPM, wherein the POS system is configured to; retrieve the first public key certificate from the first SPM, wherein the First public key certificate contains a first public key associated with the first SPM; verify the identity of the first SPM by authenticating the first public key certificate with the second public key certificate; dynamically generate a first session key; encrypt the first session key using, at least in part, the first public key; and transmit the encrypted first session key to the first SPM; wherein the first SPM is configured to; receive the encrypted first session key from the POS system; decrypt the first session key using, at least in part, the first private key, receive a first set of sensitive data from the first card reader; encrypt the first set of sensitive data using, at least in part, the first session key; and transmit the encrypted first set of sensitive data to the POS system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. The system of claim I further comprising:
a second SPM, the second SPM storing a third public key certificate uniquely associated with the second SPM, the third public key certificate issued by the trusted certificate authority to uniquely identify the second SPM, and a second private key associated with the second public key certificate, the second SPM communicably coupled to a second card reader and the POS system. - View Dependent Claims (11, 12)
-
13. A system for secure communication in a fueling environment, comprising:
-
a first dispenser environment, the first dispenser environment comprising; a first secure payment module (SPM) in a first fuel dispenser coupled to a first card reader, the first SPM storing a first public key certificate issued by a trusted certificate authority to uniquely identify the first SPM, and a first private key associated with the first public key certificate; a second SPM in a second fuel dispenser coupled to a second card reader, the second SPM storing a second public key certificate issued by the trusted certificate authority to uniquely identify the second SPM, and a second private key associated with the second public key certificate; and a point-of-sale (POS) environment, the POS environment comprising a first POS server communicably coupled to the first and second SPMs, the first POS server storing a third public key certificate issued by the trusted certificate authority, wherein the POS server is configured to; dynamically generate a first session key for communication with the first SPM; dynamically generate a second session key for communication with the second SPM; encrypt the first session key using, at least in part a first public key included in the first public key certificate; encrypt the second session key using, at least in part, a second public key included in the second public key certificate; transmit the encrypted first session key to the first SPM; transmit the encrypted second session key to the second SPM; wherein the first SPM is configured to; receive the encrypted first session key from the POS server; decrypt the first session key using, at least in part, the first private key; receive a first set of magnetic card data from the first card reader; encrypt the first set of magnetic card data using, at least in part, the first session key; and transmit the encrypted first set of magnetic card data to the POS server; and wherein the second SPM is configured to; receive the encrypted second session key from die POS serve; decrypt the second session key using, at least in part, the second private key; receive a second set of magnetic card data from the second card reader; encrypt the second set of magnetic card data using, at least in part, the second session key; and transmit the encrypted second set of magnetic card data to the POS server. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method for secure communications in a fueling environment, comprising:
-
dynamically generating a first session key at a point-of-sale (POS) system; encrypting the first session key using, at least in part, a first public key associated with a first public key certificate issued to a first secure payment module (SPM) by a certificate authority, the first SPM located at a fuel dispenser; transmitting the encrypted first session key to the first SPM; receiving a first set of magnetic card data encrypted with the first session key at the POS system; and decrypting the first set of magnetic card data using, at least in part, the first session key. - View Dependent Claims (19)
-
-
20. A method for secure communication in a fueling environment, comprising:
-
receiving a first session key from a point-of-sale (POS) system, the first session key encrypted with a first public key associated with a first public key certificate uniquely identifying a secure payment module (SPM), the SPM associated with a first fuel dispenser; decrypting the first session key using, at least in part, a first private key associated with the first public key, the first private key stored at the SPM; receiving a first set of magnetic card data at the SPM; encrypting the first set of magnetic card data using, at least in part, the first session key; and transmitting the encrypted first set of magnetic card data from the SPM to a POS system. - View Dependent Claims (21)
-
Specification