Cryptographic security profiles

US 9,871,771 B2
Filed: 11/25/2014
Issued: 01/16/2018
Est. Priority Date: 11/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a Secure Input/Output Module (SIOM) integrated into a terminal device as an independent hardware module, a security profile list from a requesting device, the SIOM is independent of an Operating System (OS) of the terminal device'"'"'s and the SIOM acting as an interface for communications to and from peripheral devices integrated into the terminal device and the peripheral devices include;

a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, a value media dispenser, a display, and a touch screen display, and the terminal is one of;

an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk;

selecting, by the SIOM, a security profile from the security profile list; and

establishing, by the SIOM, a secure communication session with the requesting device using the selected security profile for data encryption and authentication during the secure communication session by mapping numeric identifiers included in a name for the selected security profile to a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing the secure communication session.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Two endpoint devices communicate with one another in a secure session by negotiating encrypted communications at initial establishment of the session. Each endpoint device communicates its available security profiles to the other endpoint. A specific security profile is then selected that defines the data encryption and authentication used during the secure session between the two endpoint devices.

6 Citations

View as Search Results

14 Claims

1. A method, comprising:
- receiving, by a Secure Input/Output Module (SIOM) integrated into a terminal device as an independent hardware module, a security profile list from a requesting device, the SIOM is independent of an Operating System (OS) of the terminal device'"'"'s and the SIOM acting as an interface for communications to and from peripheral devices integrated into the terminal device and the peripheral devices include;
  
  a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, a value media dispenser, a display, and a touch screen display, and the terminal is one of;
  
  an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk;
  
  selecting, by the SIOM, a security profile from the security profile list; and
  
  establishing, by the SIOM, a secure communication session with the requesting device using the selected security profile for data encryption and authentication during the secure communication session by mapping numeric identifiers included in a name for the selected security profile to a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing the secure communication session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein receiving further includes sending a message to the requesting device to solicit the requesting device to provide the security profile list.
  - 3. The method of claim 1, wherein receiving further includes obtaining a requesting device identifier for the requesting device with the security profile list.
  - 4. The method of claim 3, wherein obtaining further includes receiving authentication data for authenticating the requesting device with the requesting device identifier and the security profile list.
  - 5. The method of claim 1, wherein selecting further includes identifying the selected security profile as a best available security profile capable of being supported by both the requesting device and the method.
  - 6. The method of claim 5, wherein identifying further includes comparing the security profile list to an available list of security profiles accessible to the method to identify the best available security profile as the selected security profile, the best available security profile present in the available list of security profiles.
  - 7. The method of claim 1, wherein establishing further includes notifying the requesting device of the selected security profile for use in the secure communication session and provide the requesting device a datagram of secure communication session specific information for the requesting device to establish the requesting device'"'"'s side of the secure communication session.
  - 8. The method of claim 7, wherein notifying further includes receiving a message from the requesting device encrypted using the selected security profile verifying the secure communication session has been established successfully between the method and the requesting device.

9. A method, comprising:
- receiving, by a peripheral device integrated into a terminal device, a session connect message from a host device, wherein the host device is integrated into the terminal device as an independent hardware module that is independent of an Operating System (OS) of the terminal device and the host device acting as an interface for communications to and from the peripheral devices integrated into the terminal device and the peripheral devices include;
  
  a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, a value media dispenser, a display, and a touch screen display, and wherein the terminal is one of;
  
  an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk;
  
  providing, by the peripheral device, the host device with a list of security profiles available to the method;
  
  obtaining, by the peripheral device, a selected security profile from the host device and available in the list of security profiles and mapping from numeric identifiers included in a name of the selected security a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing a secure communication session; and
  
  sending, by the peripheral device, an announcement message to the host device requesting to begin establishing the secure communication session using the selected security profile.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9 further comprising, receiving a start secure session message from the host device in response to the sent announcement message including the selected profile to start a secure session with the host device.
  - 11. The method of claim 10 further comprising, encrypting data sent to the host device during the secure session using the selected profile and decrypting other data received from the host device using the selected profile.
  - 12. The method of claim 9, wherein providing further includes including an identifier for the device that executes the method with the list of security profiles.
  - 13. The method of claim 12, wherein including further includes providing authentication data with the identifier and the list of security profiles for the host device to authenticate the device.

14. A system comprising:
- a terminal device;
  
  a first endpoint device integrated into the terminal device configured and adapted to;
  
  i) request a secure session of a second endpoint device;
  
  ii) select a security profile for the secure session based mapping numeric identifiers included in a name for the selected security profile to a specific group or grouping of encryption, a specific hashing, and a specific authentication and a size to use for one or more encryption keys used with a specific cryptographic algorithm that is processed for establishing the secure session, and iii) establish the secure session with the second endpoint device; and
  
  the second endpoint device integrated into the terminal device and configured and adapted to;
  
  i) send a list of available security profiles to the first endpoint device for the first endpoint device to select the selected security profile and ii) send an encrypted message using the selected security profile back to the first endpoint device for the first endpoint device to establish the secure session with the second endpoint device, wherein the first endpoint device is a Secure Input/Output Module (SIOM) that is an independent hardware module integrated into a terminal device and the SIOM is independent of the terminal device'"'"'s Operating System (OS) and acts as an interface for communications to and from peripheral devices integrated into the terminal device, wherein the second endpoint device is a peripheral device that is one of;
  
  a Magnetic Strip Reader (MSR), a pin pad, an encrypted pin pad, a printer, a scanner, a keyboard, and a value media dispenser, and the terminal is a Point-Of-Sale (POS) device, an Automated Teller Machine (ATM), a Self-Service Terminal (SST), and a kiosk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NCR Corporation
Original Assignee
NCR Corporation
Inventors
Antonakakis, Stavros, Corrion, Bradley William
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Getachew, Abiy

Application Number

US14/553,351
Publication Number

US 20160149865A1
Time in Patent Office

1,148 Days
Field of Search

713168
US Class Current
CPC Class Codes

G06F 21/71   to assure secure computing ...

G06F 21/82   Protecting input, output or...

G06F 21/85   interconnection devices, e....

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Cryptographic security profiles

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic security profiles

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links