Systems and methods for remotely loading encryption keys in a card reader systems

US 8,737,623 B2
Filed: 09/13/2011
Issued: 05/27/2014
Est. Priority Date: 09/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method for remotely loading encryption keys into a card reader system, the method comprising:

storing, at a card reader, a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second magnetic fingerprints comprises an intrinsic magnetic characteristic of the data card and was previously obtained from a reading of a magnetic stripe of the data card;

generating a first encryption key derived from the second magnetic fingerprint;

encrypting, using the first encryption key, first information comprising the device identification number and the first magnetic fingerprint;

sending the encrypted first information to an authentication server, wherein the authentication server was previously seeded with the device identification number, the first magnetic fingerprint, and the second magnetic fingerprint;

receiving, from the authentication server, a score indicative of a degree of correlation between the first magnetic fingerprint and the second magnetic fingerprint; and

receiving, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first magnetic fingerprint.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for remotely loading encryption keys in card reader systems are provided. One such method includes storing, at a card reader, a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second fingerprints includes an intrinsic magnetic characteristic of the data card, encrypting, using a first encryption key derived from the second fingerprint, information including the device identification number and first fingerprint, sending the encrypted information to an authentication server, receiving, from the authentication server, a score indicative of a degree of correlation between the first fingerprint and second fingerprint, and receiving, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first fingerprint.

43 Citations

View as Search Results

26 Claims

1. A method for remotely loading encryption keys into a card reader system, the method comprising:
- storing, at a card reader, a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second magnetic fingerprints comprises an intrinsic magnetic characteristic of the data card and was previously obtained from a reading of a magnetic stripe of the data card;
  
  generating a first encryption key derived from the second magnetic fingerprint;
  
  encrypting, using the first encryption key, first information comprising the device identification number and the first magnetic fingerprint;
  
  sending the encrypted first information to an authentication server, wherein the authentication server was previously seeded with the device identification number, the first magnetic fingerprint, and the second magnetic fingerprint;
  
  receiving, from the authentication server, a score indicative of a degree of correlation between the first magnetic fingerprint and the second magnetic fingerprint; and
  
  receiving, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first magnetic fingerprint.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first magnetic fingerprint and the second magnetic fingerprint are obtained from successive readings of information stored in the magnetic stripe of the data card.
  - 3. The method of claim 1, wherein the device identification number is provided to the card reader by an external device.
  - 4. The method of claim 1, wherein the intrinsic magnetic characteristic comprises a remanent noise characteristic of the data card.
  - 5. The method of claim 1, wherein the card reader is a component of a system selected from the group consisting of a point of sale system and an automated teller machine system.
  - 6. The method of claim 1, wherein the encrypting, using the first encryption key derived from the second magnetic fingerprint, the first information comprising the device identification number and the first magnetic fingerprint comprises:
    - storing, at the authentication server, the first magnetic fingerprint, the second magnetic fingerprint, and the device identification number; and
      
      encrypting, using the first encryption key derived from the second magnetic fingerprint, the first information comprising the device identification number and the first magnetic fingerprint.
  - 7. The method of claim 1, further comprising:
    - storing, when the score is below the preselected threshold, information indicating that the card reader is an unauthorized device.
  - 8. The method of claim 1, further comprising:
    - attempting, at the authentication server, to decrypt the encrypted first information;
      
      storing, when the attempting to decrypt is not successful, information indicating that the card reader is an unauthorized device.
  - 9. The method of claim 1, wherein the score is a numerical value in a range from 0 and 100.
  - 10. The method of claim 1, wherein the second encryption key is configured for use as a transaction key.
  - 11. The method of claim 10, wherein the transaction key is a base key for derived unique key per transaction (DUKPT).
  - 12. The method of claim 1, wherein the storing, at the card reader, the device identification number for identifying the card reader, the first magnetic fingerprint of the data card, and the second magnetic fingerprint of the data card comprises:
    - sending, from the card reader, the first and second magnetic fingerprints and the device identification number to the authentication server.
  - 13. The method of claim 1, wherein the storing, at the card reader, the device identification number for identifying the card reader, the first magnetic fingerprint of the data card, and the second magnetic fingerprint of the data card comprises:
    - receiving an analog signal indicative of the magnetic information obtained from a magnetic stripe of the data card;
      
      generating the first magnetic fingerprint based on the analog signal.
  - 14. The method of claim 1, wherein the first magnetic fingerprint comprises a digital value selected from the group consisting of an 8 byte value, a 16 byte value, a 24 byte value, and a 54 byte value.

15. A system for remotely loading encryption keys, the system comprising:
- a card reader system comprising a card reader; and
  
  an authentication server in communication with the card reader system;
  
  the card reader system configured to;
  
  store a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second magnetic fingerprints comprises an intrinsic magnetic characteristic of the data card and was previously obtained from a reading of a magnetic stripe of the data card;
  
  generate a first encryption key derived from the second magnetic fingerprint;
  
  encrypt, using the first encryption key, first information comprising the device identification number and the first magnetic fingerprint;
  
  send the encrypted first information to the authentication server, wherein the authentication server was previously seeded with the device identification number, the first magnetic fingerprint, and the second magnetic fingerprint;
  
  receive, from the authentication server, a score indicative of a degree of correlation between the first magnetic fingerprint and the second magnetic fingerprint; and
  
  receive, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first magnetic fingerprint.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The system of claim 15, wherein the authentication server is configured to:
    - generate the score indicative of a degree of correlation between the first magnetic fingerprint and the second magnetic fingerprint; and
      
      send the score to the card reader system.
  - 17. The system of claim 15, wherein the authentication server is configured to:
    - attempt to decrypt the encrypted first information;
      
      store, when the attempt to decrypt is not successful, information indicating that the card reader system is an unauthorized device.
  - 18. The system of claim 15, wherein the first magnetic fingerprint and the second magnetic fingerprint are obtained from successive readings of information stored in the magnetic stripe of the data card.
  - 19. The system of claim 15, wherein the device identification number is provided to the card reader by an external device.
  - 20. The system of claim 15, wherein the intrinsic magnetic characteristic comprises a remanent noise characteristic of the data card.
  - 21. The system of claim 15, wherein the card reader is a component of a system selected from the group consisting of a point of sale system and an automated teller machine system.
  - 22. The system of claim 15, wherein the authentication server is configured to:
    - store the first magnetic fingerprint, the second magnetic fingerprint, and the device identification number; and
      
      encrypt, using the first encryption key derived from the second magnetic fingerprint, the information comprising the device identification number and the first magnetic fingerprint.
  - 23. The system of claim 15, wherein the authentication server is configured to:
    - store, when the score is below the preselected threshold, information indicating that the card reader is an unauthorized device.
  - 24. The system of claim 15, wherein the score is a numerical value in a range from 0 and 100.
  - 25. The system of claim 15, wherein the second encryption key is configured for use as a transaction key.
  - 26. The system of claim 25, wherein the transaction key is a base key for derived unique key per transaction (DUKPT).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Magtek Incorporated
Original Assignee
Magtek Incorporated
Inventors
Hart, Annmarie D.
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US13/231,819
Publication Number

US 20120063601A1
Time in Patent Office

987 Days
Field of Search

713/159, 713/185, 713/186, 713/172, 713/169, 713/176, 380/270, 380/279, 726/2, 726/12
US Class Current

380/279
CPC Class Codes

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3829   involving key management

H04L 9/0866   involving user or device id...

H04L 9/3234   involving additional secure...

Systems and methods for remotely loading encryption keys in a card reader systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for remotely loading encryption keys in a card reader systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links