Purchase transaction system with encrypted payment card data

US 8,571,995 B2
Filed: 06/01/2010
Issued: 10/29/2013
Est. Priority Date: 06/02/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for securing payment card data in a system having at least one point of sale terminal and at least one payment card transaction processing gateway, the method comprising:

deriving, by a key server, an intermediate key from a master key;

sending, by the key server, the intermediate key to the at least one payment card transaction processing gateway;

deriving, by the key server, a first terminal key from the intermediate key;

sending, by the key server, the first terminal key to the at least one point of sale terminal;

obtaining, by the at least one point of sale terminal, payment card data associated with a payment card of a user during a purchase transaction;

encrypting, by the at least one point of sale terminal, the payment card data using an encryption algorithm that takes as inputs a first part of the payment card data, a tweak formed from a second part of the payment card data, and the first terminal key;

transmitting, by the at least point of sale terminal, the encrypted payment card data and the tweak, to the at least one payment card transaction processing gateway;

deriving, by the at least one payment card transaction processing gateway, a second terminal key from the intermediate key; and

decrypting, by the at least one payment card transaction processing gateway, the encrypted payment card data using the second terminal key and the tweak.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for securing payment card information. A user may present a payment card such as a credit card to point-of-sale equipment. The point-of-sale equipment may encrypt the payment card information. An encryption algorithm may be used that takes as inputs a first part of the payment card information, a tweak formed by a second part of the payment card information, and an encryption key. The encrypted payment card information may be conveyed to a gateway over a communications network. The gateway may identify which encryption algorithm was used in encrypting the payment card information and may re-encrypt the payment card information using a format preserving encryption algorithm. A network-based service may be used to remotely perform functions for the gateway.

50 Citations

View as Search Results

8 Claims

1. A computer-implemented method for securing payment card data in a system having at least one point of sale terminal and at least one payment card transaction processing gateway, the method comprising:
- deriving, by a key server, an intermediate key from a master key;
  
  sending, by the key server, the intermediate key to the at least one payment card transaction processing gateway;
  
  deriving, by the key server, a first terminal key from the intermediate key;
  
  sending, by the key server, the first terminal key to the at least one point of sale terminal;
  
  obtaining, by the at least one point of sale terminal, payment card data associated with a payment card of a user during a purchase transaction;
  
  encrypting, by the at least one point of sale terminal, the payment card data using an encryption algorithm that takes as inputs a first part of the payment card data, a tweak formed from a second part of the payment card data, and the first terminal key;
  
  transmitting, by the at least point of sale terminal, the encrypted payment card data and the tweak, to the at least one payment card transaction processing gateway;
  
  deriving, by the at least one payment card transaction processing gateway, a second terminal key from the intermediate key; and
  
  decrypting, by the at least one payment card transaction processing gateway, the encrypted payment card data using the second terminal key and the tweak.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method defined in claim 1, further comprising:
    - with the at least one payment card transaction processing gateway, encrypting the payment card data that has been decrypted.
  - 3. The computer-implemented method defined in claim 1, the method further comprising:
    - at the at least one payment card transaction processing gateway, receiving encrypted payment card data from a plurality of point of sale terminals, wherein the plurality of point of sale terminals include the at least one point of sale terminal.
  - 4. The computer-implemented method defined in claim 1, wherein the payment card data comprises a 16-digit primary account number, wherein the first part of the payment card data is the last 10 digits of the 16-digit primary account number, the method further comprising:
    - at the at least one point of sale terminal, forming the tweak from the second part of the payment card data.
  - 5. The computer-implemented method defined in claim 1, wherein the second part of the payment card data is the first 6 digits of the 16-digit primary account number, the method further comprising:
    - at the at least one point of sale terminal, forming the tweak from the second part of the payment card data.
  - 6. The computer-implemented method defined in claim 1, wherein the step of encrypting the payment card data comprises encrypting the payment card data using a format preserving encryption algorithm.
  - 7. The computer-implemented method defined in claim 1, wherein the first terminal key comprises a symmetric key, the method further comprising:
    - at the at least one payment card transaction processing gateway, receiving encrypted payment card data from a plurality of point of sale terminals, wherein the plurality of point of sale terminals include the at least one point of sale terminal.
  - 8. The computer-implemented method defined in claim 7, wherein the system includes a network service having a decryption engine, the method further comprising:
    - at the network service, receiving the encrypted payment card data from the at least one payment card transaction processing gateway; and
      
      with the decryption engine in the network service, decrypting the encrypted payment card data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Spies, Terence, Pauker, Matthew J.
Primary Examiner(s)
KIM, STEVEN S

Application Number

US12/791,593
Publication Number

US 20110137802A1
Time in Patent Office

1,246 Days
Field of Search

705/16, 705/17, 705/21, 705/64, 705/67, 705/71, 380/44, 380/262, 380/278, 380/279, 380/281
US Class Current

705/71
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/367   involving electronic purses...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

G07F 7/1091   Use of an encrypted form of...

Purchase transaction system with encrypted payment card data

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Purchase transaction system with encrypted payment card data

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others