DATA PROTECTION WITH TRANSLATION
First Claim
1. A method comprising:
- receiving, by an access device, a personal identification number (PIN) and sensitive data;
encrypting, by the access device, the PIN, wherein PIN encryption uses a first encryption key variant based on an initial key;
encrypting, by the access device, the sensitive data, wherein sensitive data encryption uses a second encryption key variant based on the initial key; and
transmitting, to a host server, an authorization request message including the encrypted PIN and encrypted sensitive data.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.
-
Citations
34 Claims
-
1. A method comprising:
-
receiving, by an access device, a personal identification number (PIN) and sensitive data; encrypting, by the access device, the PIN, wherein PIN encryption uses a first encryption key variant based on an initial key; encrypting, by the access device, the sensitive data, wherein sensitive data encryption uses a second encryption key variant based on the initial key; and transmitting, to a host server, an authorization request message including the encrypted PIN and encrypted sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving, by a host server, an authorization request message, wherein the authorization request message includes encrypted sensitive data; decrypting, by a secure module communicatively connected to the merchant server, the encrypted sensitive data; re-encrypting, by the secure module, the decrypted sensitive data, wherein the sensitive data re-encryption uses a first sensitive data zone encryption key associated with the first payment processing network; and transmitting, by the host server, a first translated authorization request message to the first payment processing network, wherein the translated authorization request message includes the re-encrypted sensitive data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a processor; and a computer readable medium coupled to the processor, wherein the computer readable medium comprises code executable by the processor for implementing a method of routing transactions, the method comprising; encrypting, by an access device, a personal identification number (PIN), wherein the PIN encryption uses a first encryption key variant based on an initial key; encrypting, by the access device, sensitive data, wherein the sensitive data encryption uses a second encryption key variant based on the initial key; and transmitting, to a host server, an authorization request message including the encrypted PIN and encrypted sensitive data. - View Dependent Claims (20, 21, 22)
-
-
23. A system comprising:
-
a processor; and a computer readable medium coupled to the processor, wherein the computer readable medium comprises code executable by the processor for implementing a method comprising; receiving, by a host server, an authorization request message, wherein the authorization request message includes encrypted sensitive data; decrypting, by a secure module communicatively connected to the merchant server, the encrypted sensitive data; re-encrypting, by the secure module, the decrypted sensitive data, wherein the sensitive data re-encryption uses a first sensitive data zone encryption key associated with the first payment processing network; and transmitting, by the merchant server, a first translated authorization request message to the first payment processing network, wherein the translated authorization request message includes re-encrypted sensitive data. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A method, comprising:
-
receiving data associated with a personal account identifier (PAI) encrypting, by the access device, the PAI, wherein the encrypted PAI has the same format as the PAI; writing the encrypted PAI to a field of an authorization request message, wherein the field is designated to receive a PAI; using an authorization request message data element as a signal to identify the presence of the encrypted PAI in the authorization request message; and transmitting the authorization request message. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification