Secure PIN management

US 20050055318A1
Filed: 01/26/2004
Published: 03/10/2005
Est. Priority Date: 09/04/2003
Status: Active Grant

First Claim

Patent Images

1. A method of secure PIN processing in a network transaction comprising the steps of:

sending terminal data to a terminal;

receiving corollary data generated from user input and terminal data from said terminal;

sending corollary data and HSM data to a hardware security module;

receiving a PIN block generated from corollary data and HSM data from said hardware security module.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of secure PIN processing in a network transaction includes a transaction manager that sends terminal data to a terminal. The terminal generates corollary data from user input and the terminal data. The corollary data is sent to the transaction manager. The transaction manager then sends the corollary data and HSM data to a hardware security module. The hardware security module generates a PIN from the corollary data and the HSM data, encrypts the PIN and generates a PIN block. The transaction manager uses the PIN block and transaction data to send a transaction request to the ATM Network.

30 Citations

View as Search Results

20 Claims

1. A method of secure PIN processing in a network transaction comprising the steps of:
- sending terminal data to a terminal;
  
  receiving corollary data generated from user input and terminal data from said terminal;
  
  sending corollary data and HSM data to a hardware security module;
  
  receiving a PIN block generated from corollary data and HSM data from said hardware security module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said terminal data includes algorithms.
  - 3. The method of claim 1, wherein said terminal data includes seed data.
  - 4. The method of claim 1, wherein said user input includes cursor location data.
  - 5. The method of claim 1, further comprising the step of receiving transaction data.
  - 6. The method of claim 5, further comprising the step of generating a transaction message using said PIN block and said transaction data.
  - 7. The method of claim 6, further comprising the step of sending said transaction message to a financial network.
  - 8. The method of claim 1, wherein said hardware security module generates a PIN using said corollary data and said HSM data.
  - 9. The method of claim 8, wherein said PIN block includes an encrypted PIN.
  - 10. The method of claim 9, wherein said encrypted PIN is encrypted using a split-knowledge key.

11. A system for secure PIN processing comprising:
- a transaction manager;
  
  a transaction module communicably connected to said transaction manager;
  
  a hardware security module communicably connected to said transaction manager;
  
  wherein said transaction manager sends terminal data to said transaction module such that the transaction module generates corollary data using said terminal data and user input data and said transaction manager sends said corollary data and HSM data to said hardware security module, such that the hardware security module generates a PIN block using said corollary data and said HSM data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein said transaction manager is communicably connected to said transaction module by an open network.
  - 13. The system of claim 11, wherein said transaction manager is communicably connected to said hardware security module by a direct connection.
  - 14. The system of claim 11 wherein said user input data comprises cursor location data.
  - 15. The system of claim 11 wherein said terminal data includes an algorithm.
  - 16. The system of claim 11 wherein said HSM data includes an algorithm.
  - 17. The system of claim 11, further comprising a financial network, wherein said transaction manager sends a transaction message including said PIN block to said financial network.
  - 18. The system of claim 17, wherein said financial network sends an authorization to said transaction manager in response to said transaction message.
  - 19. The system of claim 11, further comprising a merchant server communicably connected to said transaction module and said transaction manager.
  - 20. The system of claim 11, further comprising a terminal, wherein said transaction module is executed by said terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Merchant Services LLC (Fiserv Incorporated)
Original Assignee
Accullink Incorporated
Inventors
Ziegler, Robert

Granted Patent

US 7,526,652 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/72
CPC Class Codes

G06Q 20/347   Passive cards

G06Q 20/38215   Use of certificates or encr...

G06Q 20/4012   Verifying personal identifi...

G06Q 30/06   Buying, selling or leasing ...

G07F 19/211   Software architecture withi...

G07F 7/0826   Embedded security module

G07F 7/10   together with a coded signa...

G07F 7/1075   PIN is checked remotely

H04L 2209/12   Details relating to cryptog...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Secure PIN management

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure PIN management

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links