System and method for securing a base derivation key for use in injection of derived unique key per transaction devices
First Claim
1. A system for securing a Base Derivation Key (BDK) at a facility for injecting Derived Unique Key Per Transaction (DUKPT) encryption devices comprising:
- a symmetrical key generator that generates a symmetrical key for each BDK segment received for encryption;
a symmetrical encryption device for encrypting a Base Derivation Key (BDK) segment using a symmetrical key received from the symmetrical key generator for the BDK segment encryption;
an asymmetrical key pair generator for generating a private/public key pair for each BDK segment symmetrically encrypted;
an asymmetrical encryption device that generates a doubly encrypted segment by encrypting the encrypted BDK segment using the public key of the private/public key pair that was generated for the BDK segment and that generates a singularly encrypted segment by encrypting the symmetrical key used to encrypt symmetrically the BDK segment, the asymmetrical encryption device destroying the public key of each private/public key pair used to encrypt an encrypted BDK segment and the corresponding symmetrical key used to encrypt the BDK segment after generation of the doubly encrypted segment and the singularly encrypted symmetrical key; and
a local memory for storing the private keys of each private/public key pair used to encrypt BDK segments and symmetrical keys.
6 Assignments
0 Petitions
Accused Products
Abstract
A system that secures a Base Derivation Key (BDK) in a facility for injecting Derived Unique Key Per Transaction (DUKPT) devices uses software for securing the BDK rather than a Tamper Resistant Security Module (TRSM). The system comprises a symmetrical key generator, a symmetric encryption device, a concatenating device, an asymmetrical key pair generator, and an asymmetrical encryption device. The symmetrical key generator randomly generates an encryption key for a symmetrical encryption method. The symmetrical key is provided to the symmetric encryption device for encrypting a segment of a BDK with a symmetrical key. The asymmetrical encryption device uses the public key of a randomly generated private/public key pair generated by the asymmetrical key pair generator to asymmetrically encrypt the symmetrically encrypted BDK segment and the symmetrical key. The public key is then destroyed and the private key is stored on the computer.
-
Citations
20 Claims
-
1. A system for securing a Base Derivation Key (BDK) at a facility for injecting Derived Unique Key Per Transaction (DUKPT) encryption devices comprising:
-
a symmetrical key generator that generates a symmetrical key for each BDK segment received for encryption; a symmetrical encryption device for encrypting a Base Derivation Key (BDK) segment using a symmetrical key received from the symmetrical key generator for the BDK segment encryption; an asymmetrical key pair generator for generating a private/public key pair for each BDK segment symmetrically encrypted; an asymmetrical encryption device that generates a doubly encrypted segment by encrypting the encrypted BDK segment using the public key of the private/public key pair that was generated for the BDK segment and that generates a singularly encrypted segment by encrypting the symmetrical key used to encrypt symmetrically the BDK segment, the asymmetrical encryption device destroying the public key of each private/public key pair used to encrypt an encrypted BDK segment and the corresponding symmetrical key used to encrypt the BDK segment after generation of the doubly encrypted segment and the singularly encrypted symmetrical key; and a local memory for storing the private keys of each private/public key pair used to encrypt BDK segments and symmetrical keys. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for preparing an encrypted Base Derivation Key (BDK) for use in injecting a Derived Unique Key Per Transaction (DUKPT) encryption device comprising:
-
an asymmetrical decryption device using a private key of a private/public key pair to decrypt asymmetrically a doubly encrypted Base Derivation Key (BDK) segment to generate a symmetrically encrypted BDK segment and to decrypt asymmetrically a singularly encrypted symmetrical key to generate the symmetrical key; a symmetrical decryption device for decrypting the symmetrically encrypted BDK segment using the symmetrical key generated by asymmetrically decrypting the singularly encrypted symmetrical key; and a BDK assembler for assembling a plurality of decrypted BDK segments, each one of which was decrypted with a different symmetrical key, the assembled BDK segments forming a single BDK for use in the injection of a Derived Unique Key Per Transaction (DUKPT) encryption device. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for securing a Base Derivation Key (BDK) at a facility for injecting Derived Unique Key Per Transaction (DUKPT) encryption devices comprising:
-
encrypting a first Base Derivation Key (BDK) segment using a first symmetrical key; encrypting a second Base Derivation Key (BDK) segment using a second symmetrical key, the second symmetrical key being different than the first symmetrical key; generating a first asymmetrical key pair; generating a second asymmetrical key pair, the second asymmetrical key pair being different than the first asymmetrical key pair; generating a first doubly encrypted BDK segment by encrypting the first symmetrically encrypted BDK segment using a public key of the first asymmetrical key pair; generating a second doubly encrypted BDK segment by encrypting the second symmetrically encrypted BDK segment using a public key of the second asymmetrical key pair; encrypting the first symmetrical key used to encrypt the first BDK segment using the public key of the first asymmetrical key pair; encrypting the second symmetrical key used to encrypt the second BDK segment using the public key of the second asymmetrical key pair; destroying the public key of the first asymmetrical key pair after the asymmetrical encryption of the first symmetrically encrypted BDK segment and the asymmetrical encryption of the first symmetrical key; destroying the public key of the second asymmetrical key pair after the asymmetrical encryption of the second symmetrically encrypted BDK segment and the asymmetrical encryption of the second symmetrical key; and storing the first private key and the second private key in a local storage device. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for preparing an encrypted Base Derivation Key (BDK) for use in generating an Initial PIN Pad Key for injection into a Derived Unique Key Per Transaction (DUKPT) encryption device comprising:
-
asymmetrically decrypting with a private key of a first private/public key pair a first doubly encrypted Base Derivation Key (BDK) segment to generate a first symmetrically encrypted BDK segment; asymmetrically decrypting with the private key of the first private/public key pair a first singularly encrypted symmetrical key to generate a first symmetrical key; symmetrically decrypting the first symmetrically encrypted BDK segment using the first symmetrical key generated from the asymmetrical decryption of the first singularly encrypted symmetrical key to generate a first decrypted BDK segment; asymmetrically decrypting with a private key of a second private/public key pair a second doubly encrypted Base Derivation Key (BDK) segment to generate a second symmetrically encrypted BDK segment; asymmetrically decrypting with the private key of the second private/public key pair a second singularly encrypted symmetrical key to generate a second symmetrical key; symmetrically decrypting the second symmetrically encrypted BDK segment using the second symmetrical key generated from the asymmetrical decryption of the second singularly encrypted symmetrical key to generate a second decrypted BDK segment; and assembling the first and the second decrypted BDK segments to form a BDK for use in the injection of a Derived Unique Key Per Transaction (DUKPT) encryption device. - View Dependent Claims (17, 18, 19, 20)
-
Specification