Cryptographic security profiles
First Claim
Patent Images
1. A method, comprising:
- receiving, by a Secure Input/Output Module (SIOM) integrated into a terminal device as an independent hardware module, a security profile list from a requesting device, the SIOM is independent of an Operating System (OS) of the terminal device'"'"'s and the SIOM acting as an interface for communications to and from peripheral devices integrated into the terminal device and the peripheral devices include;
a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, a value media dispenser, a display, and a touch screen display, and the terminal is one of;
an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk;
selecting, by the SIOM, a security profile from the security profile list; and
establishing, by the SIOM, a secure communication session with the requesting device using the selected security profile for data encryption and authentication during the secure communication session by mapping numeric identifiers included in a name for the selected security profile to a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing the secure communication session.
7 Assignments
0 Petitions
Accused Products
Abstract
Two endpoint devices communicate with one another in a secure session by negotiating encrypted communications at initial establishment of the session. Each endpoint device communicates its available security profiles to the other endpoint. A specific security profile is then selected that defines the data encryption and authentication used during the secure session between the two endpoint devices.
6 Citations
14 Claims
-
1. A method, comprising:
-
receiving, by a Secure Input/Output Module (SIOM) integrated into a terminal device as an independent hardware module, a security profile list from a requesting device, the SIOM is independent of an Operating System (OS) of the terminal device'"'"'s and the SIOM acting as an interface for communications to and from peripheral devices integrated into the terminal device and the peripheral devices include;
a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, a value media dispenser, a display, and a touch screen display, and the terminal is one of;
an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk;selecting, by the SIOM, a security profile from the security profile list; and establishing, by the SIOM, a secure communication session with the requesting device using the selected security profile for data encryption and authentication during the secure communication session by mapping numeric identifiers included in a name for the selected security profile to a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing the secure communication session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
receiving, by a peripheral device integrated into a terminal device, a session connect message from a host device, wherein the host device is integrated into the terminal device as an independent hardware module that is independent of an Operating System (OS) of the terminal device and the host device acting as an interface for communications to and from the peripheral devices integrated into the terminal device and the peripheral devices include;
a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, a value media dispenser, a display, and a touch screen display, and wherein the terminal is one of;
an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk;providing, by the peripheral device, the host device with a list of security profiles available to the method; obtaining, by the peripheral device, a selected security profile from the host device and available in the list of security profiles and mapping from numeric identifiers included in a name of the selected security a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing a secure communication session; and sending, by the peripheral device, an announcement message to the host device requesting to begin establishing the secure communication session using the selected security profile. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A system comprising:
-
a terminal device; a first endpoint device integrated into the terminal device configured and adapted to;
i) request a secure session of a second endpoint device;
ii) select a security profile for the secure session based mapping numeric identifiers included in a name for the selected security profile to a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing the secure session, and iii) establish the secure session with the second endpoint device; andthe second endpoint device integrated into the terminal device and configured and adapted to;
i) send a list of available security profiles to the first endpoint device for the first endpoint device to select the selected security profile and ii) send an encrypted message using the selected security profile back to the first endpoint device for the first endpoint device to establish the secure session with the second endpoint device, wherein the first endpoint device is a Secure Input/Output Module (SIOM) that is an independent hardware module integrated into a terminal device and the SIOM is independent of the terminal device'"'"'s Operating System (OS) and acts as an interface for communications to and from peripheral devices integrated into the terminal device, wherein the second endpoint device is a peripheral device that is one of;
a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, and a value media dispenser, and the terminal is a Point-Of-Sale (POS) device, an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk.
-
Specification