FUEL DISPENSING PAYMENT SYSTEM FOR SECURE EVALUATION OF CARDHOLDER DATA

US 20120166343A1
Filed: 12/22/2010
Published: 06/28/2012
Est. Priority Date: 12/22/2010
Status: Active Grant

First Claim

Patent Images

1. A system used in a retail environment for providing end-to-end encryption of payment cardholder data, said system comprising:

an input device configured to receive cardholder data, said input device operative to encrypt said cardholder data according to a first encryption method to produce first encrypted cardholder data;

a cardholder data handling device in electronic communication with said input device;

a secure evaluation assembly operatively connected to said cardholder data handling device, said secure evaluation assembly comprising antitampering control electronics adapted to decrypt said first encrypted cardholder data to produce unencrypted cardholder data;

wherein said antitampering control electronics of said secure evaluation assembly evaluate said unencrypted cardholder data to determine whether said unencrypted cardholder data is payment cardholder data or nonsensitive cardholder data; and

wherein, if said unencrypted cardholder data is payment cardholder data, said antitampering control electronics of said secure evaluation assembly are adapted to encrypt said unencrypted cardholder data according to a second encryption method to produce second encrypted cardholder data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system used in a retail environment for providing end-to-end encryption of payment cardholder data. An input device configured to receive cardholder data is operative to encrypt the cardholder data according to a first encryption method to produce first encrypted cardholder data. A cardholder data handling device is in electronic communication with the input device. A secure evaluation assembly (SEA) is operatively connected to the cardholder data handling device and comprises antitampering control electronics adapted to decrypt the first encrypted cardholder data to produce unencrypted cardholder data. The antitampering control electronics evaluate the unencrypted cardholder data to determine whether the unencrypted cardholder data is payment cardholder data or nonsensitive cardholder data. Finally, if the unencrypted cardholder data is payment cardholder data, the antitampering control electronics of the SEA are adapted to encrypt the unencrypted cardholder data according to a second encryption method to produce second encrypted cardholder data.

24 Citations

View as Search Results

35 Claims

1. A system used in a retail environment for providing end-to-end encryption of payment cardholder data, said system comprising:
- an input device configured to receive cardholder data, said input device operative to encrypt said cardholder data according to a first encryption method to produce first encrypted cardholder data;
  
  a cardholder data handling device in electronic communication with said input device;
  
  a secure evaluation assembly operatively connected to said cardholder data handling device, said secure evaluation assembly comprising antitampering control electronics adapted to decrypt said first encrypted cardholder data to produce unencrypted cardholder data;
  
  wherein said antitampering control electronics of said secure evaluation assembly evaluate said unencrypted cardholder data to determine whether said unencrypted cardholder data is payment cardholder data or nonsensitive cardholder data; and
  
  wherein, if said unencrypted cardholder data is payment cardholder data, said antitampering control electronics of said secure evaluation assembly are adapted to encrypt said unencrypted cardholder data according to a second encryption method to produce second encrypted cardholder data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A system as in claim 1, wherein said secure evaluation assembly transmits said unencrypted cardholder data to a local processing system in unencrypted form if said unencrypted cardholder data is nonsensitive cardholder data.
  - 3. A system as in claim 2, wherein said secure evaluation assembly is implemented as a dongle.
  - 4. A system as in claim 3, wherein said dongle comprises a USB interface.
  - 5. A system as in claim 2, wherein said antitampering control electronics are implemented as a USIP chip.
  - 6. A system as in claim 1, wherein said secure evaluation assembly is adapted to transmit said second encrypted cardholder data to a remote host processing system.
  - 7. A system as in claim 1, wherein said first and second encryption methods are the same.
  - 8. A system as in claim 1, wherein said first and second encryption methods are different.
  - 9. A system as in claim 1, wherein said first encryption method comprises triple DES encryption of cardholder data.
  - 10. A system as in claim 9, wherein said input device is antitampering.
  - 11. A system as in claim 1, wherein said cardholder data handling device is selected from the group consisting of a fuel dispenser control system, a POS, and a site controller.

12. A secure evaluation assembly in which an encrypted communication of cardholder data from an input device to a remote host processing system may be securely evaluated, comprising:
- secure control electronics; and
  
  a secure evaluation assembly memory, said secure evaluation assembly memory containing information needed to decrypt data encrypted according to a first encryption method and information needed to encrypt data according to a second encryption method;
  
  said secure evaluation assembly memory being encrypted according to a third encryption method;
  
  wherein said secure control electronics are adapted to decrypt said secure evaluation assembly memory;
  
  wherein said secure control electronics are further adapted to decrypt cardholder data encrypted according to said first encryption method to produce unencrypted cardholder data;
  
  wherein said secure control electronics are further adapted to evaluate said unencrypted cardholder data and encrypt said unencrypted cardholder data according to said second encryption method if said unencrypted cardholder data is payment cardholder data.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 13. A secure evaluation assembly as in claim 12, wherein said first and second encryption methods are different.
  - 14. A secure evaluation assembly as in claim 13, wherein said secure evaluation assembly memory contains information needed to encrypt data according to more than one second encryption method.
  - 15. A secure evaluation assembly as in claim 14, wherein said secure control electronics selects the appropriate second encryption method after evaluating said unencrypted cardholder data.
  - 16. A secure evaluation assembly as in claim 14, wherein said secure evaluation assembly memory contains a site configuration file.
  - 17. A secure evaluation assembly as in claim 12, wherein said secure control electronics are antitampering.
  - 18. A secure evaluation assembly as in claim 12, said secure control electronics comprising an internal memory storing information needed to decrypt data encrypted according to said third encryption method.
  - 19. A secure evaluation assembly as in claim 18, wherein said secure control electronics are implemented as a USIP chip.
  - 20. A secure evaluation assembly as in claim 18, wherein said third encryption method comprises AES-128.
  - 21. A secure evaluation assembly as in claim 12, further comprising a USB interface.
  - 22. A secure evaluation assembly as in claim 21, wherein said secure evaluation assembly is located at a cardholder data handling device.
  - 23. A secure evaluation assembly as in claim 22, wherein said cardholder data handling device is selected from the group consisting of a fuel dispenser control system, a POS, and a site controller.
  - 24. A secure evaluation assembly as in claim 12, wherein said secure control electronics transmit said unencrypted cardholder data to a local processing system in unencrypted form if said unencrypted cardholder data is nonsensitive cardholder data.
  - 25. A secure evaluation assembly as in claim 12, wherein said secure control electronics are further adapted to evaluate said unencrypted cardholder data to perform transaction validation.
  - 26. A secure evaluation assembly as in claim 25, wherein said secure evaluation assembly memory contains a transaction log file.
  - 27. A secure evaluation assembly as in claim 12, wherein said secure evaluation assembly is implemented as an antitampering CPU.

28. A method for processing a transaction involving cardholder data in a retail payment system, comprising the steps of:
- receiving cardholder data at an input device;
  
  encrypting said cardholder data according to a first encryption method to produce first encrypted cardholder data;
  
  receiving said first encrypted cardholder data at a secure evaluation assembly coupled to a cardholder data handling device;
  
  decrypting said first encrypted cardholder data to produce unencrypted cardholder data;
  
  evaluating said unencrypted cardholder data in a secure control electronics to determine whether said unencrypted cardholder data is payment cardholder data or nonsensitive cardholder data; and
  
  if said unencrypted cardholder data is payment cardholder data, encrypting said unencrypted cardholder data according to a second encryption method to produce second encrypted cardholder data.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
- - 29. The method of claim 28, further comprising transmitting said unencrypted cardholder data to a local processing system in unencrypted form if said unencrypted cardholder data is nonsensitive cardholder data.
  - 30. The method of claim 28, wherein said secure control electronics are antitampering.
  - 31. The method of claim 28, wherein said first and second encryption methods are different.
  - 32. The method of claim 31, further comprising transmitting said second encrypted cardholder data to a remote host processing system.
  - 33. The method of claim 28, wherein said cardholder data handling device is selected from the group consisting of a fuel dispenser control system, a POS, and a site controller.
  - 34. The method of claim 28, further comprising evaluating said unencrypted cardholder data in said secure control electronics to perform transaction validation.
  - 35. The method of claim 28, wherein said secure evaluation assembly is implemented as a dongle having a USB interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gilbarco Italia SRL (Vontier Corp.)
Original Assignee
Gilbarco Incorporated (Vontier Corp.)
Inventors
Carapelli, Giovanni, Williams, Rodger, Ringeman, Kenneth

Granted Patent

US 9,262,760 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 2220/00   Business processing using c...

G07F 13/00   Coin-freed apparatus for co...

G07F 13/025   wherein the volume is deter...

H04L 9/50   using hash chains, e.g. blo...

FUEL DISPENSING PAYMENT SYSTEM FOR SECURE EVALUATION OF CARDHOLDER DATA

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

FUEL DISPENSING PAYMENT SYSTEM FOR SECURE EVALUATION OF CARDHOLDER DATA

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links