System for structured encryption of payment card track data

US 8,666,823 B2
Filed: 04/01/2011
Issued: 03/04/2014
Est. Priority Date: 04/05/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securing data conveyed over a communications network between a point-of-sale system that receives track data from payment cards and a payment gateway that performs payment card authorization operations, comprising:

with processing circuitry at the point-of-sale system, obtaining track data from a payment card;

with the processing circuitry at the point-of-sale system, removing selected primary account number digits from a primary account number in the track data;

with the processing circuitry at the point-of sale system, forming compressed primary account number data by compressing the removed primary account number digits; and

with the processing circuitry at the point-of sale system, inserting the compressed primary account number data into a discretionary field of the track data creating a modified discretionary field;

with the processing circuitry, following insertion of the compressed primary account number data into the discretionary field creating the modified discretionary field, encrypting the modified discretionary field;

with the processing circuitry, determining how many of the selected primary account number digits were removed from the primary account number in the track data; and

with the processing circuitry, inserting information into the primary account number digits in the track data that represents how many of the selected primary account number digits were removed.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment card gateway that processes the track data to authorize purchase transactions. The point-of-sale system may remove sensitive data such as a portion of a primary account number from the track data and may compress the removed data. The compressed version of the data may be appended to a discretionary field in the track data. The discretionary field may be encrypted following insertion of the compressed data. Track data that has been modified in this way may be conveyed to the payment gateway for processing.

24 Citations

View as Search Results

17 Claims

1. A method for securing data conveyed over a communications network between a point-of-sale system that receives track data from payment cards and a payment gateway that performs payment card authorization operations, comprising:
- with processing circuitry at the point-of-sale system, obtaining track data from a payment card;
  
  with the processing circuitry at the point-of-sale system, removing selected primary account number digits from a primary account number in the track data;
  
  with the processing circuitry at the point-of sale system, forming compressed primary account number data by compressing the removed primary account number digits; and
  
  with the processing circuitry at the point-of sale system, inserting the compressed primary account number data into a discretionary field of the track data creating a modified discretionary field;
  
  with the processing circuitry, following insertion of the compressed primary account number data into the discretionary field creating the modified discretionary field, encrypting the modified discretionary field;
  
  with the processing circuitry, determining how many of the selected primary account number digits were removed from the primary account number in the track data; and
  
  with the processing circuitry, inserting information into the primary account number digits in the track data that represents how many of the selected primary account number digits were removed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method defined in claim 1, wherein compressing the removed primary account number digits comprises encoding the removed primary account number digits using alphanumeric characters.
  - 3. The method defined in claim 2, wherein the primary account number has four trailing digits and wherein removing the selected primary account number digits comprises removing digits from the primary account number other than the four trailing digits.
  - 4. The method defined in claim 3, wherein the primary account number has six leading digits and wherein removing the selected primary account number digits comprises removing all digits from the primary account number between the six leading digits and the four trailing digits.
  - 5. The method defined in claim 1 further comprising:
    - inserting a checksum adjustment value into the primary account number digits.
  - 6. The method defined in claim 5 wherein inserting the information into the primary account number digits comprises inserting at least a first digit and wherein inserting the checksum adjustment value into the primary account number digits comprises inserting a second digit.
  - 7. The method defined in claim 6 wherein the first and second digits are inserted adjacent to one another within the primary account number digits and wherein the checksum adjustment value is selected by the processing circuitry to make a checksum of the primary account number digits that includes the first and second digits valid.
  - 8. The method defined in claim 6 wherein the first and second digits are inserted adjacent to one another within the primary account number digits and wherein the checksum adjustment value comprises an offset checksum value that is selected by the processing circuitry to make a checksum of the primary account number digits including the first and second digits invalid and offset by a predetermined amount from a valid checksum value for the primary account number digits.
  - 9. The method defined in claim 1 further comprising:
    - transmitting the track data with the encrypted modified discretionary field to the payment gateway from the point-of-sale system through at least one interposed system.
  - 10. The method defined in claim 9 further comprising:
    - with processing circuitry at the payment gateway, decrypting the encrypted modified discretionary field.
  - 11. The method defined in claim 10 further comprising:
    - with processing circuitry at the payment gateway, extracting the compressed primary account number data from the modified discretionary field following decryption of the encrypted modified discretionary field.

12. A method for securing data conveyed over a communications network between a point-of-sale system that receives track data from payment cards and a payment gateway that performs payment card authorization operations, wherein the track data includes personal account number data and a discretionary field, the method comprising:
- with processing circuitry at the point-of-sale system, removing selected track data from the track data and producing compressed track data by compressing the selected track data, wherein the selected track data has a length and wherein the compressed track data has a length that is shorter than the length of the selected track data;
  
  with the processing circuitry, inserting the compressed track data into the discretionary field;
  
  with the processing circuitry, following insertion of the compressed track data into the discretionary field, encrypting the discretionary field;
  
  with the processing circuitry, determining how much of the selected track data was removed from the track data; and
  
  with the processing circuitry, inserting information into the track data that represents how much of the selected track data was removed.
- View Dependent Claims (13, 14, 15)
- - 13. The method defined in claim 12 wherein the selected track data comprises part of the primary account number and wherein compressing the selected track data comprises encoding the part of the primary account number using a character space that includes at least some non-digit characters.
  - 14. The method defined in claim 12 wherein the selected track data includes payment card expiration date data and wherein compressing the selected track data comprises compressing the payment card expiration date data.
  - 15. The method defined in claim 12 further comprising:
    - with the processing circuitry at the point-of-sale system, encrypting the discretionary field using format preserving encryption.

16. A method for processing payment card track data at a point-of-sale system, the method comprising:
- with processing circuitry at the point-of-sale system, removing a part of the payment card track data, wherein the removed part of the payment card track data has a number of digits;
  
  with the processing circuitry, generating a compressed part of the payment card track data by losslessly compressing the removed part of the payment card track data so that the payment card track data shrinks from a first length to a second length that is shorter than the first length; and
  
  with the processing circuitry, inserting the compressed part of the payment card track data into a discretionary field in the payment card track data;
  
  with the processing circuitry, encrypting the discretionary field after the compressed part of the payment card track data has been inserted into the discretionary field;
  
  with the processing circuitry, determining the number of digits of the removed part of the payment card track data; and
  
  with the processing circuitry, inserting information into the payment card track data that represents the number of digits in the removed part of the payment card track data.
- View Dependent Claims (17)
- - 17. The method defined in claim 16 further comprising:
    - with the processing circuitry, removing the part of the payment card track data from a primary account number portion of the payment card track data; and
      
      with the processing circuitry, transmitting the payment card track data from which the part of the payment card track data has been removed and in which the discretionary field has been encrypted through a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Spies, Terence, Pauker, Matthew J., Green, Jacob, Leong, Michael S., Minner, Richard T.
Primary Examiner(s)
Shaawat, Mussa A
Assistant Examiner(s)
YU, ARIEL J

Application Number

US13/078,822
Publication Number

US 20110246315A1
Time in Patent Office

1,068 Days
Field of Search

None
US Class Current

705/16
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/409   Device specific authenticat...

G07F 7/1016   Devices or methods for secu...

G07F 7/1091   Use of an encrypted form of...

System for structured encryption of payment card track data

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System for structured encryption of payment card track data

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links