Security apparatus and system for retail environments
First Claim
1. A fuel service station comprising fuel dispensers and a PIN pad including keypads for receiving personal identification numbers and assembled into a network for securely communicating personal identification numbers from the PIN pad and fuel dispensers to a host computer over unsecured data lines, said PIN pad and fuel dispensers each including means for encryption of personal identification numbers and outputting encrypted personal identification numbers,a security module including means for decryption of data associated with each of said PIN pad and fuel dispensers in a process at least unique to the respective fuel dispensers and means for encryption of data associated with the host computer in a process which is different from its decryption of data associated with said PIN pad and fuel dispensers and means for outputting encrypted data,a site controller communicatively connected to the host computer, said dispensers, said PIN pad and said security module and which is not secure from unauthorized signal detection and having means for directing encrypted data received from said PIN pad and said fuel dispensers to said security module and from said security module to said fuel dispensers or the host computer as needed for properly directing encrypted data to a desired destination,said means for encrypting in said PIN pad, fuel dispensers and said security module encrypting data in a manner which is infeasible to decrypt without possession of a decryption key,wherein said security module and only the security module includes means for receiving a cryptographic key associated with the host computer usable with the host for the encryption and decryption of data or further working keys used for the encryption and decryption of data,wherein said means for encryption in said security module encrypts with keys associated with said fuel dispensers, which keys are unrelated to the cryptographic key associated with the host, and said security module and said PIN pad and fuel dispensers may cooperatively change their respective keys in response to the passage of time or in response to the occurrence of an event,wherein at least one of said means for encryption encrypts with a process selected from the group consisting of the Rivest-Shamir-Adelman algorithm (RSA), the Diffie-Hellman algorithm (DH), the Data Encryption Standard using a unique key per transaction (DES/UKPT), the Data Encryption Standard using a Master key/Session key (DES/MKSK), and more than one of RSA, DH and DES/UKPT and DES/MKSK.
2 Assignments
0 Petitions
Accused Products
Abstract
A gasoline service station includes gasoline dispensers and a PIN pad including keypads for receiving personal identification numbers and assembled into a network for securely communicating personal identification numbers from the PIN pads and dispensers to a host computer over unsecured data lines. The PIN pads and dispensers each include means for encryption and outputting of personal identification numbers. A security module includes means for decryption of data associated with each PIN pad and dispenser in a process for the respective PIN pads and dispensers and means for encryption of data associated with the host computer in a process which is different from its decryption of data associated with the PIN pads and dispensers. A site controller, which is not secure from unauthorized signal detection, has means for directing encrypted data received from the PIN pads and the dispensers to the security module and from the security module to the dispensers or the host computer as needed for properly directing encrypted data to a desired destination.
-
Citations
6 Claims
-
1. A fuel service station comprising fuel dispensers and a PIN pad including keypads for receiving personal identification numbers and assembled into a network for securely communicating personal identification numbers from the PIN pad and fuel dispensers to a host computer over unsecured data lines, said PIN pad and fuel dispensers each including means for encryption of personal identification numbers and outputting encrypted personal identification numbers,
a security module including means for decryption of data associated with each of said PIN pad and fuel dispensers in a process at least unique to the respective fuel dispensers and means for encryption of data associated with the host computer in a process which is different from its decryption of data associated with said PIN pad and fuel dispensers and means for outputting encrypted data, a site controller communicatively connected to the host computer, said dispensers, said PIN pad and said security module and which is not secure from unauthorized signal detection and having means for directing encrypted data received from said PIN pad and said fuel dispensers to said security module and from said security module to said fuel dispensers or the host computer as needed for properly directing encrypted data to a desired destination, said means for encrypting in said PIN pad, fuel dispensers and said security module encrypting data in a manner which is infeasible to decrypt without possession of a decryption key, wherein said security module and only the security module includes means for receiving a cryptographic key associated with the host computer usable with the host for the encryption and decryption of data or further working keys used for the encryption and decryption of data, wherein said means for encryption in said security module encrypts with keys associated with said fuel dispensers, which keys are unrelated to the cryptographic key associated with the host, and said security module and said PIN pad and fuel dispensers may cooperatively change their respective keys in response to the passage of time or in response to the occurrence of an event, wherein at least one of said means for encryption encrypts with a process selected from the group consisting of the Rivest-Shamir-Adelman algorithm (RSA), the Diffie-Hellman algorithm (DH), the Data Encryption Standard using a unique key per transaction (DES/UKPT), the Data Encryption Standard using a Master key/Session key (DES/MKSK), and more than one of RSA, DH and DES/UKPT and DES/MKSK.
-
6. A method of operating a gasoline service station comprising the steps of
inserting a card belonging to a cardholder into a card reader to derive data, entering a PIN into a keypad in an enclosure, encrypting the PIN in the enclosure using a first encryption key, transmitting the encrypted PIN to a security module, de-encrypting the PIN in the security module and re-encrypting the PIN using a second encryption key, transmitting the re-encrypted PIN and data read from the card to a remote host computer, transmitting authorization of a gasoline sale to the holder of the card from the remote host computer to a gasoline dispenser at the service station.
Specification