Key loading systems and methods

US 7,627,125 B2
Filed: 06/23/2005
Issued: 12/01/2009
Est. Priority Date: 06/23/2005
Status: Active Grant

First Claim

Patent Images

1. A terminal manager system for managing communications between a terminal and a key manager system, the terminal having an authority private key from an authority system, the key manager system having the authority public key from the authority system, one of the authority public key and the authority private key encrypting information and the other of the authority public key and the authority private key decrypting the information, the terminal manager system comprising:

a terminal handler that receives, from the terminal, terminal information and a terminal public key encrypted with the authority private key, generates an authentication request including at least a portion of the terminal information and the terminal public key encrypted with the authority private key, and generates a key request including at least a portion of the terminal information; and

a server that sends the authentication request to the key manager system, sends the key request to the key manager system, receives from the key manager system an authentication response including terminal information and a key manager public key encrypted with the authority public key, and receives from the key manager system a key response including at least a portion of the terminal information and a key generated by the key manager system and encrypted by the key manager system with the terminal public key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for loading a key to a terminal. The system can include a terminal manager system including a terminal handler that receives terminal information from a terminal, generates an authentication request including at least a portion of the terminal information, and generates a key request. The system can also include a server that sends the authentication request to a key manager system and sends the key request to the key manager system.

Citations

54 Claims

1. A terminal manager system for managing communications between a terminal and a key manager system, the terminal having an authority private key from an authority system, the key manager system having the authority public key from the authority system, one of the authority public key and the authority private key encrypting information and the other of the authority public key and the authority private key decrypting the information, the terminal manager system comprising:
- a terminal handler that receives, from the terminal, terminal information and a terminal public key encrypted with the authority private key, generates an authentication request including at least a portion of the terminal information and the terminal public key encrypted with the authority private key, and generates a key request including at least a portion of the terminal information; and
  
  a server that sends the authentication request to the key manager system, sends the key request to the key manager system, receives from the key manager system an authentication response including terminal information and a key manager public key encrypted with the authority public key, and receives from the key manager system a key response including at least a portion of the terminal information and a key generated by the key manager system and encrypted by the key manager system with the terminal public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 49, 50)
- - 2. The system of claim 1 wherein the terminal handler receives the terminal information in a plurality of messages.
  - 3. The system of claim 1 wherein the terminal handler sends the authentication request to the server.
  - 4. The system of claim 1 wherein the terminal handler sends the key request to the server.
  - 5. The system of claim 1 wherein the terminal handler verifies a key entry mode of the terminal.
  - 6. The system of claim 5 wherein the terminal handler generates a change key entry mode message and sends the change key entry mode message to the terminal.
  - 7. The system of claim 1 wherein the key manager system generates an authentication response including at least a portion of the terminal information and the key manager public key encrypted with the authority public key, sends the authentication response to the server, and sends the key response to the server.
  - 8. The system of claim 7 wherein the server sends the authentication response to the terminal handler.
  - 9. The system of claim 8 wherein the server uses a terminal identifier included in the authentication response to determine how to send the authentication response to the terminal handler.
  - 10. The system of claim 7 wherein the server sends the key response to the terminal handler.
  - 11. The system of claim 10 wherein the server uses a terminal identifier included in the key response to determine how to send the key response to the terminal handler.
  - 12. The system of claim 1 wherein the server formats the authentication request before sending the authentication request to the key manager system.
  - 13. The system of claim 12 wherein the server formats the authentication request into an extensible markup language formatted request.
  - 14. The system of claim 1 wherein the server formats the key request before sending the key request to the key manager system.
  - 15. The system of claim 14 wherein the server formats the key request into an extensible markup language formatted request.
  - 16. The system of claim 1 wherein the terminal initiates a key loading message dialog with the terminal handler.
  - 17. The system of claim 1 wherein the terminal manager system allows an operator to initiate a key loading message dialog with the terminal handler.
  - 18. The system of claim 1 wherein the terminal manager system executes an extraction program to create a terminal table and provides a key manager system access to the terminal table, the terminal table including information about a plurality of terminals managed with the terminal manager system.
  - 49. The system of claim 1 wherein the terminal handler sends the authentication response to the terminal, the terminal receiving the authentication response, decrypting, with the authority private key, the authentication response to authenticate the key manager system and to obtain the key manager public key, and wherein the terminal handler sends the key response to the terminal, the terminal receiving the key response, decrypting, with the terminal private key, the key response to obtain the generated key.
  - 50. The system of claim 1 wherein the key manager receives the authentication request and decrypts, with the authority public key, the authentication request to authenticate the terminal and to obtain the terminal public key.

19. A method of loading a key to a terminal from a key manager system, the terminal having an authority private key, the key manager system having the authority public key, the method comprising:
- sending terminal information and a terminal public key encrypted with the authority private key from the terminal to a terminal handler;
  
  generating an authentication request with the terminal handler, the authentication request including at least a portion of the terminal information and including the terminal public key encrypted with the authority private key;
  
  sending the authentication request to a server and to the key manager system;
  
  at the key manager system, decrypting, with the authority public key, the terminal public key encrypted with the authority private key;
  
  generating an authentication response with the key manager system, the authentication response including a key manager public key encrypted with the authority public key;
  
  sending the authentication response to the terminal handler and to the terminal;
  
  at the terminal, decrypting, with the authority private key, the key manager public key encrypted with the authority public key;
  
  generating a key request with the terminal handler;
  
  sending the key request to the server and to the key manager system;
  
  generating, with the key manager system, a generated key and a key response, the key response including the generated key encrypted with the terminal public key;
  
  sending the key response to the terminal handler and to the terminal; and
  
  at the terminal, decrypting, with the terminal private key, the generated key encrypted with the terminal public key to obtain the generated key.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 51, 52, 53, 54)
- - 20. The method of claim 19 further comprising sending the authentication response to the server.
  - 21. The method of claim 20 further comprising determining with the server how to send the authentication response to the terminal handler using a terminal identifier included in the authentication response.
  - 22. The method of claim 19 further comprising sending the key response to the server.
  - 23. The method of claim 22 further comprising determining with the server how to send the key response to the terminal handler using a terminal identifier included in the key response.
  - 24. The method of claim 19 wherein sending terminal information to a terminal handler includes sending terminal information in a plurality of messages.
  - 25. The method of claim 19 further comprising verifying a key entry mode of the terminal with the terminal handler.
  - 26. The method of claim 25 further comprising generating a change key entry mode message with the terminal handler and sending the change key entry mode message to the terminal.
  - 27. The method of claim 19 further comprising determining how to send the authentication response to the terminal handler using a terminal identifier included in the authentication response.
  - 28. The method of claim 19 further comprising determining how to send the key response to the terminal handler using a terminal identifier included in the key response.
  - 29. The method of claim 19 further comprising formatting the authentication request with the server before sending the authentication request to the key manager system.
  - 30. The method of claim 29 wherein formatting the authentication request includes formatting the authentication request into an extensible markup language formatted request.
  - 31. The method of claim 19 further comprising formatting the key request with the server before sending the key request to the key manager system.
  - 32. The method of claim 31 wherein formatting the key request includes formatting the key request into an extensible markup language formatted request.
  - 33. The method of claim 19 further comprising initiating a key loading message dialog with the terminal handler.
  - 34. The method of claim 33 wherein initiating a key loading message dialog with the terminal handler includes sending a key loading message dialog to the terminal handler from the terminal.
  - 35. The method of claim 33 wherein initiating a key loading message dialog with the terminal handler includes sending a key loading message dialog to the terminal handler from a console.
  - 36. The method of claim 19 further comprising executing an extraction program configured to create a terminal table and providing the key manager system access to the terminal table, the terminal table including information about a plurality of terminals managed with a terminal manager system.
  - 51. The method of claim 19 wherein decrypting, with the authority public key, the terminal public key encrypted with the authority private key further includes authenticating the terminal.
  - 52. The method of claim 19 wherein decrypting, with the authority public key, the terminal public key encrypted with the authority private key further includes obtaining the terminal public key at the key manager system.
  - 53. The method of claim 19 wherein decrypting, with the authority private key, the key manager public key encrypted with the authority public key further includes authenticating the key manager system.
  - 54. The method of claim 19 wherein decrypting, with the authority private key, the key manager public key encrypted with the authority public key further includes obtaining the key manager public key at the terminal.

37. A method of exchanging cryptographic information used for loading keys from a key manager system to a plurality of terminals included in a financial transaction system, the key manager system having a key pair including a key manager public key and a corresponding key manager private key, wherein one of the key manager public key and the key manager private key encrypts information and the other of the key manager public key and the key manager private key decrypts the information, the method comprising:
- at the key manager system, encrypting the key manager public key with the key manager private key;
  
  sending the key manager public key encrypted with the key manager private key and the key manager public key to an authority system;
  
  at the authority system, decrypting, with the key manager public key, the key manager public key encrypted with the key manager private key;
  
  verifying, at the authority system, the key manager public key encrypted with the key manager private key;
  
  at the authority system, encrypting, with the authority private key, the authority public key;
  
  sending the authority public key encrypted with the authority private key and the authority public key to at least one of a terminal manager system and the key manager system; and
  
  verifying, at the at least one of the terminal manager system and the key manager system, the authority public key encrypted with the authority private key.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 38. The method of claim 37 further comprising generating a hash, the hash including a hash of at least one of the key manager public key encrypted with the key manager private key and the key manager public key, with the key manager system and sending the hash to the authority system.
  - 39. The method of claim 37 further comprising storing the key manager public key encrypted with the key manager private key to a key database.
  - 40. The method of claim 37 further comprising sending a first hash to the terminal manager system, the first hash including a hash of at least one of the authority public key encrypted with the authority private key and the authority public key.
  - 41. The method of claim 40 further comprising requesting a second hash.
  - 42. The method of claim 41 further comprising generating the second hash of at least one of the authority public key encrypted with the authority private key and the authority public key with the key manager system and sending the second hash to the terminal manager system.
  - 43. The method of claim 42 further comprising comparing the first hash and the second hash.
  - 44. The method of claim 37 further comprising storing the authority public key to a key database.
  - 45. The method of claim 37 further comprising sending a key manager public key encrypted with an authority private key to the terminal manager system.
  - 46. The method of claim 45 further comprising storing the key manager public key encrypted with the authority private key to a key database.
  - 47. The method of claim 37 wherein verifying the authority public key encrypted with the authority private key includesat the at least one of the terminal manager system and the key manager system, decrypting, with the authority public key, the authority public key encrypted with the authority private key;
    - andcomparing the authority public key to the authority public key encrypted with the authority private key decrypted with the authority public key.
  - 48. The method of claim 45 wherein verifying the key manager public key encrypted with the authority private key includes comparing the key manager public key to the key manager public key encrypted with the authority private key decrypted with the authority public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fidelity Information Services, LLC (Fidelity National Information Services Incorporated)
Original Assignee
Efunds Corporation (Fidelity National Information Services Incorporated)
Inventors
Brittain, John R., Palmer, Sandra A., Lumsden, Ian A., Statland, Scott R.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US11/165,429
Publication Number

US 20060294378A1
Time in Patent Office

1,622 Days
Field of Search

380/277, 705/71
US Class Current

380/277
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

Key loading systems and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Key loading systems and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links