US20130124424A1 - System and method for point-to-point encryption with adjunct terminal - Google Patents
System and method for point-to-point encryption with adjunct terminalDownload PDFInfo
- Publication number
- US20130124424A1 US20130124424A1US13/730,594US201213730594AUS2013124424A1US 20130124424 A1US20130124424 A1US 20130124424A1US 201213730594 AUS201213730594 AUS 201213730594AUS 2013124424 A1US2013124424 A1US 2013124424A1
- Authority
- US
- United States
- Prior art keywords
- point
- data
- card
- token
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/204—Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/356—Aspects of software for card payments
- G06Q20/3567—Software being in the reader
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
- G07F7/082—Features insuring the integrity of the data on or in the card
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1091—Use of an encrypted form of the PIN
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- the inventionrelates to providing point-to-point encryption, and more particularly to a system and method for point-to-point encryption that uses an adjunct terminal to replace data reading equipment on a standardized terminal configuration.
- Equipment for reading sensitive informationis known in the art. Such equipment includes employee identification badge readers, credit card readers, and bar code readers, and the sensitive information read by each different type of reader is used to control access to the information that is being read.
- a system and method for point-to-point encryption with an adjunct terminalare provided that eliminate access to sensitive information by corruption of common readers that are used for reading devices that store sensitive information.
- a system and method for point-to-point encryption with an adjunct terminalare provided that can be used with a point of sale device and a credit card magnetic card reader.
- FIG. 1is a diagram of a system for secure transaction processing in accordance with an exemplary embodiment of the present invention
- FIG. 2is diagram of system for processing transaction data in accordance with an exemplary embodiment of the present invention
- FIG. 3is a diagram of a system for generating a token request in accordance with an exemplary embodiment of the present invention
- FIG. 4is a flowchart of a method for processing a token request in accordance with an exemplary embodiment of the present invention
- FIG. 5is a flow chart of a method for processing transaction data in accordance with an exemplary embodiment of the present invention.
- FIG. 6is a flow chart of a method for processing authorization data in accordance with an exemplary embodiment of the present invention.
- FIG. 7is a diagram of a system for a stand-alone card reader for use with a point of sale device in accordance with an exemplary embodiment of the present invention.
- FIG. 1is a diagram of a system 100 for secure transaction processing in accordance with an exemplary embodiment of the present invention.
- System 100provides an architecture that separate a card reader system from a point of sale device so that the point of sale device cannot be compromised to extract unencrypted magnetic card stripe data.
- System 100includes point of sale device 102 , card reader system 104 and authorization gateway 106 and their associated component systems, each of which can be implemented in hardware or a suitable combination of hardware and software, and which can be one or more software systems for operation on a platform such as a point of sale card reader platform, a general purpose processing platform, or other suitable platforms.
- “hardware”can include a combination of discrete components, an integrated circuit, an application-specific integrated circuit, a field programmable gate array, or other suitable hardware.
- softwarecan include one or more objects, agents, threads, lines of code, subroutines, separate software applications, two or more lines of code or other suitable software structures operating in two or more software applications or on two or more processors, or other suitable software structures.
- softwarecan include one or more lines of code or other suitable software structures operating in a general purpose software application, such as an operating system, and one or more lines of code or other suitable software structures operating in a specific purpose software application.
- Card reader system 104can provide magnetic card stripe reader functionality such as is normally found on a point of sale device.
- Authorization gateway 106can be a credit card authorization gateway used by a merchant for authorization of transactions, tracking of transaction data, and other suitable purposes.
- a credit cardrefers to any suitable payment device, such as a credit account card, a debit account card, a stored value card, a wireless device that stores account data for a payment account, or other suitable devices or accounts for performing transaction payment without currency.
- Point of sale device 102can be a general purpose computer, a dedicated point of sale device that includes a processor, data memory, one or more data ports, or other suitable devices.
- Point of sale device 102includes token handling system 108 and transaction permission system 110 , which are used to interface with card reader system 104 and authorization gateway 106 .
- Token handling system 108receives a token from authorization gateway 106 and allows a transaction to be requested.
- token handling system 108can store the token, and can generate a transaction permission request or other suitable data that is used by transaction permission system 110 to allow a transaction to proceed.
- Transaction permission system 110receives a token, a transaction permission request, or other suitable data from token handling system 108 or other suitable systems and generates transaction data.
- transaction permission system 110can receive a transaction identifier from authorization gateway 106 or token handling system 108 that is associated with a token request from a card reader system 104 and can include that transaction identifier with transaction data that is transmitted to authorization gateway 106 , so that the card read by card reader system 104 can be associated with the transaction at point of sale device 102 .
- authorization gateway 106transmits the transaction identifier to point of sale device 102 that is associated with a card reader system 104 in response to receiving encrypted or tokenized credit card data from the card reader system 104 .
- transaction permission system 110receives the transaction identifier in addition to a token that is received by token handling system 108 , such as from an authorization gateway 106 in response to credit card data received from a card reader system 104 associated with point of sale device 102 , and uses the transaction identifier and the token to request authorization, so that the card read by card reader system 104 can be associated with the transaction at point of sale device 102 .
- token handling system 108such as from an authorization gateway 106 in response to credit card data received from a card reader system 104 associated with point of sale device 102
- transaction permission system 110uses the transaction identifier and the token to request authorization, so that the card read by card reader system 104 can be associated with the transaction at point of sale device 102 .
- other suitable types of data and processescan be handled by transaction permission system 110 to coordinate the operation of card reader system 104 , point of sale device 102 and authorization gateway 106 .
- Token request system 112 of card reader system 104generates token requests based upon magnetic card data read from a magnetic card stripe reader device.
- token request system 112can read card data encoded in a magnetic data storage media of a credit card, encrypt the card data, and include the encrypted card data in the token request so that the authorization gateway 106 or other suitable systems can determine whether the card data is from a valid credit card, whether to generate a preliminary authorization confirmation, whether to authorize the amount of a transaction, or for other suitable purposes.
- Transaction request system 114requests a transaction identifier from authorization gateway 106 .
- transaction request system 114can generate an identifier associated with point of sale device 102 , such as a time, point-of-sale device identification number or other suitable data that allows the transaction associated with a credit card that has been read by card reader system 104 to be associated with a subsequent transaction authorization request.
- a purchaserpresents a credit card for payment, and the credit card data encoded in the magnetic media of the credit card is read by a card reader device.
- transaction request system 114can include certain preset flags, such as a ceiling limit of a certain predetermined dollar amount that is automatically assigned, entered by a user or provided in other suitable manners, so that an initial preliminary authorization of a transaction amount for the account associated with the credit card that has been read by card reader system 104 can be performed.
- Authorization gateway 106is coupled to point of sale device 102 and card reader system 104 over a communications medium, such as the Internet, the public switched telephone network or other suitable communications media.
- Authorization gateway 106receives a token request, a transaction request and other suitable data from card reader system 104 .
- token generation system 116decrypts the encrypted card data and performs authorization by determining whether the credit card associated with the card data is a valid credit card.
- authorizationcan include evaluation of the credit card number by checking number fields to determine whether they include invalid numbers in any fields, comparing the credit card number against a watch list of stolen credit cards, submission of the credit card number to the associated credit card network for authorization by the network or the card issuing bank, or other suitable processes can be performed. Because of the volume of credit card transactions, these authorization processes are performed by algorithms operating on general purpose processing platforms or by special purpose computers that are optimized for authorization processing.
- Transaction coordination system 118generates a transaction identifier to be transmitted to transaction permission system 110 .
- transaction coordination system 118receives a transaction request from transaction request system 114 , determines the identity of the associated point of sale device (such as from an identifier included in the transaction request or from a list identifying a point of sale device associated with transaction request system 114 ), determines whether to perform preauthorization of a fixed amount, determines whether additional authorization processing by transaction authorization system 120 is required, or whether other suitable transaction coordination processes should be performed.
- Transaction coordination system 118can coordinate with a credit card network or card issuing bank, such as to flag a transaction as requiring contact with the card issuing bank and authorization for a predetermined amount or other suitable processes.
- Transaction authorization system 120receives transaction data from point of sale device 102 and performs transaction authorization processing.
- system 100can be used with point of sale terminals in locations such as fast food restaurants, gas stations, or other locations where the amount of purchase is typically below a predetermined ceiling amount, and authorization of that amount can be initially performed at the point in the transaction processing where a token is initially requested.
- transaction authorization system 120can receive a transaction amount from point of sale device 102 after point of sale device 102 receives a preliminary authorization indication, a token, or other suitable data, and can request authorization to charge a card holder's account for that transaction amount from the card issuing bank, the credit card network or other suitable systems.
- other suitable transaction processescan be performed.
- Card issuing bank or card network 122perform authorization processing for a transaction amount and a credit card account number.
- card issuing bank or card network 122can be a card issuing bank, a credit card authorization network, a combination of a card issuing bank and a credit card authorization network, a debit network, the automated clearing house (ACM), a prepaid or stored value card services provider or other suitable systems that provide a secured approval for a transaction authorization request such that payment of the transaction amount is guaranteed by a party associated with the system.
- ACMautomated clearing house
- system 100is used to provide secure and separate magnetic credit card stripe reading functionality for point of sale devices, such as existing point of sale devices that already include a magnetic credit card stripe reader that is to be bypassed, point of sale devices that do not have a magnetic credit card stripe reader, or other suitable systems.
- System 100uses a separate card reader system 104 that is connected to an authorization gateway 106 over a communications medium, and which is typically placed next to or in the vicinity of point of sale device 102 .
- the user of point of sale device 102receives a card from a purchaser and scans the card through card reader system 104 .
- Card reader system 104then transmits a token request to authorization gateway 106 , so as to remove point of sale device 102 from having access to the magnetic card data.
- card reader system 104Because magnetic card stripe data security through point of sale devices has been compromised, the use of card reader system 104 to perform card reading eliminates the need for point of sale device 102 to access the data stored in the magnetic stripe of credit cards.
- the encryption performed by card reader system 104 and other security processes performed between card reader system 104 and authorization gateway 106can be updated as needed, independently controlled and proprietary, so as to minimize the risk of exposure of the technology of card reader system 104 to third parties, reverse engineering and “hacking” of card reader system 104 by third parties to allow for unauthorized extraction of credit card data, and prevention or mitigation of other risks.
- Point of sale device 102may require a software download or other upgrades or updates in order to interface with authorization gateway 106 , so as to exclude magnetic card data read by point of sale device 102 and to only utilize magnetic card data read by card reader system 104 .
- Additional security functionalitycan also be provided, such as de-activation of any card reader present in point of sale device 102 , the use of any such card reader for other purposes (such as to generate an alert if a user is attempting to use that card reader to read magnetic stripe data of a credit card), or other suitable functionality.
- FIG. 2is diagram of system 200 for processing transaction data in accordance with an exemplary embodiment of the present invention.
- System 200includes point of sale device 202 , card reader system 204 , and authorization gateway 206 , each of which can be implemented in hardware or a suitable combination of hardware and software, and which can be one or more software systems for operation on a general purpose processing platform, a special purpose processing platform or other suitable platforms.
- Point of sale device 202includes token handling system 208 and transaction permission system 210 .
- Token handling system 208generates a token request or other suitable data when a transaction is presented for authorization.
- transaction permission system 210reads the transaction data such as the items being purchased, the amount, and other suitable data, and generates a transaction authorization request. This transaction authorization request is transmitted to card reader system 204 .
- Card reader system 204includes token request system 212 and transaction buffer system 214 .
- point of sale device 202can insert a predetermined block of data that is detected and extracted by card reader system 204 or transaction buffer system 214 .
- an operator of point of sale device 202can scan a user identification card using a magnetic card reader on point of sale device 202 , and point of sale device 202 can generate an authorization request using existing point of sale device 202 software where the user identification card data is used to replace the field in the authorization request where the magnetic card stripe data from a presented credit card would normally be encoded.
- Card reader system 204receives the authorization request, identifies the user identification card data where the magnetic card stripe data would normally be encoded, and extracts the magnetic card stripe data and replaces it with encrypted magnetic card stripe data.
- card reader system 204allows an existing point of sale device 202 to be utilized but provides additional encryption security by excluding point of sale device 202 from accessing the magnetic card stripe data of the presented credit card.
- Token request system 212can be used to process the encrypted card data and add additional identifiers, such as to allow authorization gateway 206 to confirm that card reader system 204 has generated or requested an authorization.
- Transaction buffer system 214can be used to store the authorization request in a predetermined field format, where the user identification card data or other field is identified for extraction and replacement with the scanned credit card and encrypted credit card data.
- Authorization gateway 206includes token generation system 216 and transaction authorization system 218 . Because the transaction authorization request is received with an encrypted token request, it is unnecessary to coordinate the transaction with point of sale device 202 as in system 100 , such that token generation system 216 can decrypt the token request and provide the decrypted credit card number to transaction authorization system 218 with the amount of the transaction. Transaction authorization system 218 can perform authorization processing in conjunction with card issuing bank or a card authorization network 220 or other suitable systems and receive authorization for charging the transaction amount against the associated card.
- the transaction authorizationis then transmitted to card reader system 204 and the authorization with the token instead of a credit card account number is transmitted to point of sale device 202 , which can track the transaction and perform additional merchant-related processes utilizing the token instead of the credit card account number, so that the credit card data is never received by point of sale device 202 .
- Transaction permission system 210can then allow the transaction to proceed.
- system 200allows an existing point of sale device to interface with a separate card reader system, such as where the card reader system is placed between point of sale device 202 and a communications medium for connecting point of sale device 202 to an authorization gateway 206 .
- card reader system 204receives the authorization and transaction data and then adds the credit card data in an encrypted format so as to exclude point of sale device 202 from ever receiving credit card data.
- Card reader system 204can be proprietary and can be modified or updated as needed by authorization gateway 206 or other parties so as to ensure that the integrity of the encryption mechanism used to encrypt credit card account number data is maintained, and to prevent unauthorized third party access to the credit card account number data.
- FIG. 3is a diagram of a system 300 for generating a token request in accordance with an exemplary embodiment of the present invention.
- System 300includes point of sale device 302 , card reader system 304 , and authorization gateway 306 , each of which can be implemented in hardware or a suitable combination of hardware and software, and which can be one or more software systems for operation on a general purpose processing platform, a special purpose processing platform or other suitable platforms.
- card reader system 304is used to read a magnetic stripe of a credit card, and token request system 312 generates a token request that includes encrypted credit card account number data for the token request.
- Point of sale device 302includes token handling system 308 and transaction request system 310 , which are configured to detect a token request from token request system 312 and to generate transaction data.
- card reader system 304interfaces with point of sale device 302 through an interface, such as a USB port, an RS232 port, other suitable ports, a wireless interface such as an 802.1x device, or other suitable interfaces, and point of sale device 302 then performs standard transaction authorization request processing using the token instead of a data read from a magnetic card stripe of a credit card.
- Authorization gateway 306includes token generation system 314 and transaction authorization system 316 , which receive the token request and extract the credit card data. Token generation system 314 can then determine whether the credit card is valid, such as by submitting the transaction for authorization through transaction authorization system 316 to card issuing bank or card network 318 or in other suitable manners. Authorization gateway 306 transmits the authorization request response to point of sale device 302 .
- Point of sale device 302receives the authorization response and determines whether the authorization has been approved, the token has been denied, such as due to fraudulent credit card data, or other suitable data. If the transaction has been approved, the token is stored by token handling system 308 for subsequent merchant processing, or is otherwise used to approve the transaction and to perform suitable post-authorization processing. For example, a merchant may be required to submit transactions periodically for payment, to respond to requests for transaction verification, or to perform other suitable post-transaction processing. Likewise, transaction request system 310 closes out the transaction authorization request and approves the authorization if the authorization request indicates approval.
- system 300allows card reader system 304 to be interfaced with point of sale device 302 through an existing point of sale device 302 interface. This process allows card reader system 304 to be provided with proprietary card reading and encryption technology to prevent point of sale device 302 from receiving the unencrypted card data, and thus provides additional security and protection from point of sale device malware, viruses, or other programs from third parties that are seeking unauthorized access to credit card account number data.
- FIG. 4is a flowchart of a method 400 for processing a token request in accordance with an exemplary embodiment of the present invention.
- Method 400can be implemented as a series of algorithms operating on a general purpose computer so as to transform the general purpose computer into a special purpose processing platform. While method 400 is presented as a flow chart, each method process can be implemented in software as an algorithm, and exemplary pseudo code is provided by way of example and not by limitation for various processes shown in method 400 . Such exemplary pseudo code can be readily adapted to various similar processes as discussed herein for this or other methods or systems.
- Method 400begins at 402 where a credit card is scanned in a card reader system and encrypted.
- the card reader systemcan be a card reader system that stands beside a point of sale device and which is an add on to the point of sale device, so as to allow the point of sale device's card reader to be bypassed or disabled, or to otherwise provide card reader functionality that does not allow unencrypted credit card account number data to be processed by a point of sale device.
- the encryptioncan be performed by using a proprietary encryption technology that protects the credit card data from being intercepted by third parties, such as using a standard encryption process such as RSA or DES or a suitable proprietary equivalent.
- 402can invoke an algorithm, such as the following exemplary pseudo code:
- a token requestis generated, and at 406 , card authorization is requested.
- the card readercan be a stand-alone card reader system that is located next to a point of sale device and that encrypts the credit card data, generates the token request, and generates the transaction identifier associated with a point of sale device, so as to allow the card to be authorized as part of the token generation process, and before a transaction amount is determined.
- the card readercan be in line with the point of sale device, can interface through a data port of the point of sale device, or can otherwise be used in conjunction with a point of sale device. In this manner, the credit card reader can be a stand-alone system next to an existing point of sale device, or other suitable embodiments can be used.
- 404 and 406can invoke an algorithm, such as the following exemplary pseudo code:
- the tokencan be decrypted by an authorization gateway or suitable systems, and authorization processes using the credit card account number can be performed, such as a number validation check, a watch list check, transmission of the credit card number to a credit card network or card issuing bank for preliminary authorization, or other suitable processes.
- 408can invoke an algorithm, such as the following exemplary pseudo code:
- the methodproceeds to 410 where a decline message is generated and transmitted to the point of sale device, card reader system, or other suitable systems. Otherwise, the method proceeds to 412 where a token is generated.
- the tokencan be a number unrelated to the credit card data that is used to track the transaction and the credit card associated with the transaction so as to avoid storing and transmission of credit card data.
- 410 and 412can invoke an algorithm, such as the following exemplary pseudo code:
- point of sale deviceassociated with the token and the authorization request is determined, and the authorization request is transmitted to the associated point of sale device.
- point of sale devicecan have a unique address identifier, and data packets or other suitable data formats can be generated and addressed to that point of sale device.
- 414can invoke an algorithm, such as the following exemplary pseudo code:
- the token associated authorization request datais received at a point of sale device.
- the tokenis received and the point of sale device proceeds with transaction preparation, such as using existing authorization processes that are normally performed using a credit card account number but where the token is used instead of the credit card account number.
- transaction preparationsuch as using existing authorization processes that are normally performed using a credit card account number but where the token is used instead of the credit card account number.
- the tokencan be received at the point of sale device and the transaction authorization information can be used to allow the transaction to be performed.
- 416can invoke an algorithm, such as the following exemplary pseudo code:
- transaction authorizationis requested.
- a transaction authorizationcan be requested where an amount exceeds a predetermined transaction threshold that has already been authorized when the card was authorized, where a predetermined authorization processing method is performed, or using other suitable processes.
- 418can invoke an algorithm, such as the following exemplary pseudo code:
- the token and transaction authorization request datais transmitted to the authorization gateway.
- the tokencan be included in an authorization request response message in place of a credit card number so as to facilitate interfacing the transaction processing with the existing credit card authorization processes.
- 420can invoke an algorithm, such as the following exemplary pseudo code:
- the methodproceeds to 424 where a transaction refusal message is transmitted to the point of sale device, such as indicating that the credit card is stolen, that there are insufficient funds, or other suitable data. Otherwise, the method proceeds to 426 where the transaction data is stored at the authorization gateway, including the token number which is associated with the credit card data at the authorization gateway in a secure location, the transaction data such as transaction amount, items purchased, stored, purchased from, point of sale device number, or other suitable transaction data. The method then proceeds to 428 where the point of sale device is notified that the transaction has been authorized and can proceed.
- 422 - 428can invoke an algorithm, such as the following exemplary pseudo code:
- method 400can be used to perform authorization processing with a stand-alone card reader system in an existing point of sale device.
- Method 400may require the existing point of sale device to be updated to interface with token requests generated by the stand-alone card reader, and allows an authorization gateway to receive encrypted credit card data that has not been presented to or processed by the point of sale device, so as to insulate the credit card data from unauthorized access.
- FIG. 5is a flow chart of a method 500 for processing transaction data in accordance with an exemplary embodiment of the present invention.
- Method 500can be implemented as a series of algorithms on one or more processing platforms so as to convert the processing platforms from general purpose computers into special purpose processors, such as by using code similar to the disclosed pseudo code for method 400 as modified to accommodate the processes of method 500 .
- Method 500begins at 502 where a transaction is initiated.
- the transactioncan be initiated by a point of sale device, such as one that has not been modified and where the operator is using a specific or special operator identification card that inserts a placeholder code into the transaction data.
- standard point of sale softwarecan be used that monitors for the presence of a credit card account number from a magnetic card stripe reader, so that the existing system can be used without modification by using a credit card magnetic stripe surrogate. This surrogate can be a single device that is used by all employees, can be an employee-specific device that is used to identify the employee that is handling the transaction, or can be other suitable devices.
- the methodthen proceeds to 504 .
- the transaction data from the point of sale deviceis received.
- the transaction authorization requestcan have a predetermined format, and can be buffered so as to identify the expected location of the placeholder code, which will be the location in the transaction authorization request format where the credit card account data would normally be. The method then proceeds to 506 .
- a credit cardis scanned at a stand-alone card reader.
- the stand-alone card readercan be downstream from the point of sale device and can include encryption software and other systems that are used to ensure the security of the credit card data and to prevent the credit card data from being extracted or detected by unauthorized third parties.
- the credit card datais then encrypted and the method proceeds to 508 .
- the placeholder code from the transaction authorization packetis extracted and the encrypted credit card data is inserted in its place.
- encrypted credit card datacan include additional data such as a token request or other suitable data.
- 508can invoke an algorithm, such as the following exemplary pseudo code:
- a token requestis generated.
- the token requestcan include the encrypted credit card account data that has been read from the magnetic stripe and other suitable data, such as a point of sale device identifier or other suitable data. The method then proceeds to 512 .
- transaction authorizationis requested from an authorization gateway.
- the authorization requestcan be transmitted to an authorization gateway, and the token request can be extracted and decrypted, such that the credit card validity and credit limit can be determined.
- Transaction authorizationcan be performed by transmitting a transaction authorization request to a card issuing bank, a credit card authorization network or other suitable systems, and receiving authorization approval or denial or in other suitable data. The method then proceeds to 514 .
- the methodproceeds to 516 and an authorization denial code or other suitable data is transmitted to the point of sale device. Otherwise, the method proceeds to 518 where the transaction data is stored at the authorization gateway, such as to allow the token identifier, the credit card data, the transaction data, or other suitable data to be obtained in the future, to allow the merchant or card issuing bank to access such data in the future if required but to prevent third parties from accessing the data behind the secure firewall at the authorization gateway, or for other suitable purposes. The method then proceeds to 520 .
- a tokenis generated to identify the transaction, and the token is also stored with the transaction data. The method then proceeds to 522 .
- the tokenis received and stored at the point of sale device in addition to the authorization approval.
- the point of sale devicecan use an adjunct or stand-alone magnetic card stripe reader and can receive authorization for a transaction without accessing the magnetic card stripe data.
- method 500allows an existing point of sale device to be used with an adjunct or stand-alone magnetic card stripe reader, such as to allow the existing authorization process and programming to be used, but by further substituting a placeholder or employee identifier in place of the credit card account number that is stored in the magnetic card stripe data. In this manner, additional security can be provided at point of sale devices without requiring any retrofit or modification of the point of sale software.
- FIG. 6is a flow chart of a method 600 for processing authorization data in accordance with an exemplary embodiment of the present invention.
- Method 600can be implemented as one or more algorithms on one or more processing platforms, so as to transform this processing platform from general purpose processors into specific purpose processors, such as by using code similar to the disclosed pseudo code for method 400 as modified to accommodate the processes of method 600 .
- Method 600begins at 602 where the magnetic stripe of a credit card is scanned and encrypted.
- a stand-alone card reader systemcan be used to read and encrypt the magnetic stripe data from a credit card using a proprietary encryption process. The method then proceeds to 604 .
- a token requestis generated.
- the token requestcan include the encrypted credit card account data that has been read from the magnetic stripe and other suitable data, such as a point of sale device identifier or other suitable data. The method then proceeds to 606 .
- a point of sale devicecan be interfaced with a stand-alone magnetic card stripe reader through a wireless interface, a data port (such as a RS232 port, a USB port, or other suitable ports), or in other suitable manners, and can receive the token request and process that request in addition to a transaction authorization request, such as by including the token request with the transaction authorization.
- the methodproceeds to 608 .
- the token requestis acceptable, such as at an authorization gateway that receives the transaction authorization request and token request, and which extracts the token request and decrypts the credit card data from the token request.
- the authorization gatewaycan be behind the secure firewall such that decryption and extraction of the credit card data can be secured from third parties. If it is determined at 608 that the token request is not acceptable, such as by checking the credit card number for proper form, against a watch list or by running a preliminary authorization request to a card issuing bank, or using other suitable processes, the method proceeds to 610 where the point of sale device is notified that the authorization request has been denied. Otherwise, the method proceeds to 612 where a token is generated. The method then proceeds to 614 .
- authorizationis not performed prior to token generation, it is determined at 614 whether the transaction amount has been authorized. If the transaction has not been authorized, the method proceeds to 616 where the point of sale device is notified without the generation of a token. Otherwise, the method proceeds to 618 where the token and authorization request is transmitted to the point of sale device from the authorization gateway. The method then proceeds to 620 .
- the token and authorization responseis received and stored at the point of sale device.
- point of sale devicecan store a token number instead of the credit card data and associate that with the authorization transaction data, so as to allow the merchant to subsequently identify the token number if there are any questions about the transaction, and the token number can be used to identify the credit card that was presented for payment.
- method 600allows a point of sale device to be connected to an adjunct magnetic card stripe reader, and to receive encrypted credit card data from the magnetic card stripe reader, so as to replace the magnetic card stripe data with a token request that protects the magnetic card stripe data from ever being read from any point of sale device software or hardware.
- a point of sale deviceto be connected to an adjunct magnetic card stripe reader, and to receive encrypted credit card data from the magnetic card stripe reader, so as to replace the magnetic card stripe data with a token request that protects the magnetic card stripe data from ever being read from any point of sale device software or hardware.
- FIG. 7is a diagram of a system 700 for a stand-alone card reader for use with a point of sale device in accordance with an exemplary embodiment of the present invention.
- System 700can be implemented in hardware or a combination of hardware and software and can be a stand-alone card reader system having hardware components such as a magnetic card stripe reader, data ports and a processor, and associated processing software.
- System 700includes magnetic card reader system 702 , which can be a standard or proprietary magnetic card stripe reader that detects data stored on the magnetic card stripe and stores it in a buffer for further processing.
- magnetic card reader system 702can perform encryption on the card stripe data as it is extracted from the magnetic card stripe, such as in addition to encryption system 704 or using encryption system 704 .
- encryption system 704can be the operating system that is used to operate magnetic card reader system 702 or other suitable systems.
- Encryption system 704generates encrypted data containing credit card data, such as a credit card account number. This encrypted data can be submitted to token request generator 710 and transmitted by gateway interface system 706 to an authorization gateway over a suitable data transmission medium. Likewise, a token request can be submitted from token request generator 710 through point of sale interface system 708 to a point of sale device, such as a point of sale device that is connected to the magnetic card reader system 702 . In addition, encryption system 704 can provide the encrypted card data to string detect and replace 716 . String detect and replace 716 can receive authorization approval request data from buffer 714 , which can receive the authorization request from point of sale interface system 708 and store the authorization request in buffer 714 .
- String detect and replace 716can store the encrypted credit card data in a predetermined location of buffer 714 , can search buffer 714 for a predetermined text string or alphanumeric string associated with the credit card data or can perform other suitable processes to replace placeholder data with encrypted credit card data.
- point of sale interface system 708can receive an authorization request from an existing point of sale device, such as by allowing the user to use an identification card that takes the place of a credit card or other suitable devices or systems, and where the authorization request has been modified by system 700 using the encrypted credit card data from encryption system 704 .
- point of sale interface system 708can store the authorization request in buffer 714 or in other suitable locations.
- System 700can include point of sale update system 712 , which can interface with a point of sale device through point of sale interface system 708 or in other suitable manners to update software that controls the operation of a point of sale device.
- gateway interface system 706can be used to receive point of sale updates based on point of sale identifiers associated with system 700 .
- other suitable processescan be used.
- system 700provides different exemplary embodiments for providing an adjunct card reader to an existing point of sale device, such as by using the adjunct card reader separately from the point of sale device, using it downstream from the point of sale device, between the point of sale device and an authorization gateway, or by interfacing the adjunct card reader with the existing point of sale device through a data port on the existing point of sale device casing or system hardware interfaces.
- system 700provides a flexible approach to updating existing point of sale devices to increase security of credit card data by removing known point of sale device configurations from being attacked by hackers.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
Description
- The invention relates to providing point-to-point encryption, and more particularly to a system and method for point-to-point encryption that uses an adjunct terminal to replace data reading equipment on a standardized terminal configuration.
- Equipment for reading sensitive information is known in the art. Such equipment includes employee identification badge readers, credit card readers, and bar code readers, and the sensitive information read by each different type of reader is used to control access to the information that is being read.
- Unauthorized persons often attempt to obtain such sensitive information, such as by reading the device, so as to use the sensitive information for improper and unauthorized purposes. In the U.S. alone, billions of dollars are lost every year to fraudulent activity involving the unauthorized use of sensitive information, despite ongoing attempts by numerous parties to prevent such losses.
- A system and method for point-to-point encryption with an adjunct terminal are provided that eliminate access to sensitive information by corruption of common readers that are used for reading devices that store sensitive information. In particular, a system and method for point-to-point encryption with an adjunct terminal are provided that can be used with a point of sale device and a credit card magnetic card reader.
FIG. 1 is a diagram of a system for secure transaction processing in accordance with an exemplary embodiment of the present invention;FIG. 2 is diagram of system for processing transaction data in accordance with an exemplary embodiment of the present invention;FIG. 3 is a diagram of a system for generating a token request in accordance with an exemplary embodiment of the present invention;FIG. 4 is a flowchart of a method for processing a token request in accordance with an exemplary embodiment of the present invention;FIG. 5 is a flow chart of a method for processing transaction data in accordance with an exemplary embodiment of the present invention;FIG. 6 is a flow chart of a method for processing authorization data in accordance with an exemplary embodiment of the present invention; andFIG. 7 is a diagram of a system for a stand-alone card reader for use with a point of sale device in accordance with an exemplary embodiment of the present invention.- In the description that follows, like parts are marked throughout the specification and drawings with the same reference numerals, respectively. The drawing figures might not be to scale and certain components can be shown in generalized or schematic form and identified by commercial designations in the interest of clarity and conciseness.
FIG. 1 is a diagram of asystem 100 for secure transaction processing in accordance with an exemplary embodiment of the present invention.System 100 provides an architecture that separate a card reader system from a point of sale device so that the point of sale device cannot be compromised to extract unencrypted magnetic card stripe data.System 100 includes point ofsale device 102,card reader system 104 andauthorization gateway 106 and their associated component systems, each of which can be implemented in hardware or a suitable combination of hardware and software, and which can be one or more software systems for operation on a platform such as a point of sale card reader platform, a general purpose processing platform, or other suitable platforms. As used herein, “hardware” can include a combination of discrete components, an integrated circuit, an application-specific integrated circuit, a field programmable gate array, or other suitable hardware. As used herein, “software” can include one or more objects, agents, threads, lines of code, subroutines, separate software applications, two or more lines of code or other suitable software structures operating in two or more software applications or on two or more processors, or other suitable software structures. In one exemplary embodiment, software can include one or more lines of code or other suitable software structures operating in a general purpose software application, such as an operating system, and one or more lines of code or other suitable software structures operating in a specific purpose software application.Card reader system 104 can provide magnetic card stripe reader functionality such as is normally found on a point of sale device.Authorization gateway 106 can be a credit card authorization gateway used by a merchant for authorization of transactions, tracking of transaction data, and other suitable purposes. As used herein, a credit card refers to any suitable payment device, such as a credit account card, a debit account card, a stored value card, a wireless device that stores account data for a payment account, or other suitable devices or accounts for performing transaction payment without currency.- Point of
sale device 102 can be a general purpose computer, a dedicated point of sale device that includes a processor, data memory, one or more data ports, or other suitable devices. Point ofsale device 102 includestoken handling system 108 andtransaction permission system 110, which are used to interface withcard reader system 104 andauthorization gateway 106.Token handling system 108 receives a token fromauthorization gateway 106 and allows a transaction to be requested. In one exemplary embodiment,token handling system 108 can store the token, and can generate a transaction permission request or other suitable data that is used bytransaction permission system 110 to allow a transaction to proceed. Transaction permission system 110 receives a token, a transaction permission request, or other suitable data fromtoken handling system 108 or other suitable systems and generates transaction data. In one exemplary embodiment,transaction permission system 110 can receive a transaction identifier fromauthorization gateway 106 ortoken handling system 108 that is associated with a token request from acard reader system 104 and can include that transaction identifier with transaction data that is transmitted toauthorization gateway 106, so that the card read bycard reader system 104 can be associated with the transaction at point ofsale device 102. In this exemplary embodiment,authorization gateway 106 transmits the transaction identifier to point ofsale device 102 that is associated with acard reader system 104 in response to receiving encrypted or tokenized credit card data from thecard reader system 104. In another exemplary embodiment,transaction permission system 110 receives the transaction identifier in addition to a token that is received bytoken handling system 108, such as from anauthorization gateway 106 in response to credit card data received from acard reader system 104 associated with point ofsale device 102, and uses the transaction identifier and the token to request authorization, so that the card read bycard reader system 104 can be associated with the transaction at point ofsale device 102. Likewise, other suitable types of data and processes can be handled bytransaction permission system 110 to coordinate the operation ofcard reader system 104, point ofsale device 102 andauthorization gateway 106.Token request system 112 ofcard reader system 104 generates token requests based upon magnetic card data read from a magnetic card stripe reader device. In one exemplary embodiment,token request system 112 can read card data encoded in a magnetic data storage media of a credit card, encrypt the card data, and include the encrypted card data in the token request so that theauthorization gateway 106 or other suitable systems can determine whether the card data is from a valid credit card, whether to generate a preliminary authorization confirmation, whether to authorize the amount of a transaction, or for other suitable purposes.- Transaction request system114 requests a transaction identifier from
authorization gateway 106. In one exemplary embodiment, transaction request system114 can generate an identifier associated with point ofsale device 102, such as a time, point-of-sale device identification number or other suitable data that allows the transaction associated with a credit card that has been read bycard reader system 104 to be associated with a subsequent transaction authorization request. In this exemplary embodiment, a purchaser presents a credit card for payment, and the credit card data encoded in the magnetic media of the credit card is read by a card reader device. The card data is then encoded in a token request, and the token request is transmitted with a transaction identifier, which can also be provided to point ofsale device 102, either directly (through a wireless or wire line connection) or indirectly (such as by transmitting the transaction identifier to point ofsale device 102 throughauthorization gateway 106 in combination with the token request and the subsequent token). Likewise, transaction request system114 can include certain preset flags, such as a ceiling limit of a certain predetermined dollar amount that is automatically assigned, entered by a user or provided in other suitable manners, so that an initial preliminary authorization of a transaction amount for the account associated with the credit card that has been read bycard reader system 104 can be performed. Authorization gateway 106 is coupled to point ofsale device 102 andcard reader system 104 over a communications medium, such as the Internet, the public switched telephone network or other suitable communications media.Authorization gateway 106 receives a token request, a transaction request and other suitable data fromcard reader system 104. In response to the token request,token generation system 116 decrypts the encrypted card data and performs authorization by determining whether the credit card associated with the card data is a valid credit card. In one exemplary embodiment, authorization can include evaluation of the credit card number by checking number fields to determine whether they include invalid numbers in any fields, comparing the credit card number against a watch list of stolen credit cards, submission of the credit card number to the associated credit card network for authorization by the network or the card issuing bank, or other suitable processes can be performed. Because of the volume of credit card transactions, these authorization processes are performed by algorithms operating on general purpose processing platforms or by special purpose computers that are optimized for authorization processing.Transaction coordination system 118 generates a transaction identifier to be transmitted totransaction permission system 110. In one exemplary embodiment,transaction coordination system 118 receives a transaction request from transaction request system114, determines the identity of the associated point of sale device (such as from an identifier included in the transaction request or from a list identifying a point of sale device associated with transaction request system114), determines whether to perform preauthorization of a fixed amount, determines whether additional authorization processing bytransaction authorization system 120 is required, or whether other suitable transaction coordination processes should be performed.Transaction coordination system 118 can coordinate with a credit card network or card issuing bank, such as to flag a transaction as requiring contact with the card issuing bank and authorization for a predetermined amount or other suitable processes.Transaction authorization system 120 receives transaction data from point ofsale device 102 and performs transaction authorization processing. In one exemplary embodiment,system 100 can be used with point of sale terminals in locations such as fast food restaurants, gas stations, or other locations where the amount of purchase is typically below a predetermined ceiling amount, and authorization of that amount can be initially performed at the point in the transaction processing where a token is initially requested. In another exemplary embodiment,transaction authorization system 120 can receive a transaction amount from point ofsale device 102 after point ofsale device 102 receives a preliminary authorization indication, a token, or other suitable data, and can request authorization to charge a card holder's account for that transaction amount from the card issuing bank, the credit card network or other suitable systems. Likewise, other suitable transaction processes can be performed.- Card issuing bank or
card network 122 perform authorization processing for a transaction amount and a credit card account number. In one exemplary embodiment, card issuing bank orcard network 122 can be a card issuing bank, a credit card authorization network, a combination of a card issuing bank and a credit card authorization network, a debit network, the automated clearing house (ACM), a prepaid or stored value card services provider or other suitable systems that provide a secured approval for a transaction authorization request such that payment of the transaction amount is guaranteed by a party associated with the system. - In operation,
system 100 is used to provide secure and separate magnetic credit card stripe reading functionality for point of sale devices, such as existing point of sale devices that already include a magnetic credit card stripe reader that is to be bypassed, point of sale devices that do not have a magnetic credit card stripe reader, or other suitable systems.System 100 uses a separatecard reader system 104 that is connected to anauthorization gateway 106 over a communications medium, and which is typically placed next to or in the vicinity of point ofsale device 102. The user of point ofsale device 102 receives a card from a purchaser and scans the card throughcard reader system 104.Card reader system 104 then transmits a token request toauthorization gateway 106, so as to remove point ofsale device 102 from having access to the magnetic card data. Because magnetic card stripe data security through point of sale devices has been compromised, the use ofcard reader system 104 to perform card reading eliminates the need for point ofsale device 102 to access the data stored in the magnetic stripe of credit cards. The encryption performed bycard reader system 104 and other security processes performed betweencard reader system 104 andauthorization gateway 106 can be updated as needed, independently controlled and proprietary, so as to minimize the risk of exposure of the technology ofcard reader system 104 to third parties, reverse engineering and “hacking” ofcard reader system 104 by third parties to allow for unauthorized extraction of credit card data, and prevention or mitigation of other risks. - Existing point of sale devices can be modified to interface with tokens generated by
token generation system 116. In this exemplary embodiment, point ofsale device 102 may require a software download or other upgrades or updates in order to interface withauthorization gateway 106, so as to exclude magnetic card data read by point ofsale device 102 and to only utilize magnetic card data read bycard reader system 104. Additional security functionality can also be provided, such as de-activation of any card reader present in point ofsale device 102, the use of any such card reader for other purposes (such as to generate an alert if a user is attempting to use that card reader to read magnetic stripe data of a credit card), or other suitable functionality. FIG. 2 is diagram ofsystem 200 for processing transaction data in accordance with an exemplary embodiment of the present invention.System 200 includes point ofsale device 202,card reader system 204, andauthorization gateway 206, each of which can be implemented in hardware or a suitable combination of hardware and software, and which can be one or more software systems for operation on a general purpose processing platform, a special purpose processing platform or other suitable platforms.- Point of
sale device 202 includestoken handling system 208 andtransaction permission system 210.Token handling system 208 generates a token request or other suitable data when a transaction is presented for authorization. Likewise,transaction permission system 210 reads the transaction data such as the items being purchased, the amount, and other suitable data, and generates a transaction authorization request. This transaction authorization request is transmitted tocard reader system 204. Card reader system 204 includestoken request system 212 and transaction buffer system214. In one exemplary embodiment, point ofsale device 202 can insert a predetermined block of data that is detected and extracted bycard reader system 204 or transaction buffer system214. In this exemplary embodiment, an operator of point ofsale device 202 can scan a user identification card using a magnetic card reader on point ofsale device 202, and point ofsale device 202 can generate an authorization request using existing point ofsale device 202 software where the user identification card data is used to replace the field in the authorization request where the magnetic card stripe data from a presented credit card would normally be encoded.Card reader system 204 receives the authorization request, identifies the user identification card data where the magnetic card stripe data would normally be encoded, and extracts the magnetic card stripe data and replaces it with encrypted magnetic card stripe data. In this exemplary embodiment,card reader system 204 allows an existing point ofsale device 202 to be utilized but provides additional encryption security by excluding point ofsale device 202 from accessing the magnetic card stripe data of the presented credit card.Token request system 212 can be used to process the encrypted card data and add additional identifiers, such as to allowauthorization gateway 206 to confirm thatcard reader system 204 has generated or requested an authorization. Transaction buffer system214 can be used to store the authorization request in a predetermined field format, where the user identification card data or other field is identified for extraction and replacement with the scanned credit card and encrypted credit card data.Authorization gateway 206 includestoken generation system 216 andtransaction authorization system 218. Because the transaction authorization request is received with an encrypted token request, it is unnecessary to coordinate the transaction with point ofsale device 202 as insystem 100, such thattoken generation system 216 can decrypt the token request and provide the decrypted credit card number totransaction authorization system 218 with the amount of the transaction.Transaction authorization system 218 can perform authorization processing in conjunction with card issuing bank or acard authorization network 220 or other suitable systems and receive authorization for charging the transaction amount against the associated card. The transaction authorization is then transmitted tocard reader system 204 and the authorization with the token instead of a credit card account number is transmitted to point ofsale device 202, which can track the transaction and perform additional merchant-related processes utilizing the token instead of the credit card account number, so that the credit card data is never received by point ofsale device 202.Transaction permission system 210 can then allow the transaction to proceed.- In operation,
system 200 allows an existing point of sale device to interface with a separate card reader system, such as where the card reader system is placed between point ofsale device 202 and a communications medium for connecting point ofsale device 202 to anauthorization gateway 206. In this exemplary embodiment,card reader system 204 receives the authorization and transaction data and then adds the credit card data in an encrypted format so as to exclude point ofsale device 202 from ever receiving credit card data.Card reader system 204 can be proprietary and can be modified or updated as needed byauthorization gateway 206 or other parties so as to ensure that the integrity of the encryption mechanism used to encrypt credit card account number data is maintained, and to prevent unauthorized third party access to the credit card account number data. FIG. 3 is a diagram of asystem 300 for generating a token request in accordance with an exemplary embodiment of the present invention.System 300 includes point ofsale device 302,card reader system 304, andauthorization gateway 306, each of which can be implemented in hardware or a suitable combination of hardware and software, and which can be one or more software systems for operation on a general purpose processing platform, a special purpose processing platform or other suitable platforms.- In this exemplary embodiment,
card reader system 304 is used to read a magnetic stripe of a credit card, and token request system312 generates a token request that includes encrypted credit card account number data for the token request. Point ofsale device 302 includestoken handling system 308 and transaction request system310, which are configured to detect a token request from token request system312 and to generate transaction data. In this exemplary embodiment,card reader system 304 interfaces with point ofsale device 302 through an interface, such as a USB port, an RS232 port, other suitable ports, a wireless interface such as an 802.1x device, or other suitable interfaces, and point ofsale device 302 then performs standard transaction authorization request processing using the token instead of a data read from a magnetic card stripe of a credit card. Authorization gateway 306 includestoken generation system 314 and transaction authorization system316, which receive the token request and extract the credit card data.Token generation system 314 can then determine whether the credit card is valid, such as by submitting the transaction for authorization through transaction authorization system316 to card issuing bank orcard network 318 or in other suitable manners.Authorization gateway 306 transmits the authorization request response to point ofsale device 302.- Point of
sale device 302 receives the authorization response and determines whether the authorization has been approved, the token has been denied, such as due to fraudulent credit card data, or other suitable data. If the transaction has been approved, the token is stored bytoken handling system 308 for subsequent merchant processing, or is otherwise used to approve the transaction and to perform suitable post-authorization processing. For example, a merchant may be required to submit transactions periodically for payment, to respond to requests for transaction verification, or to perform other suitable post-transaction processing. Likewise, transaction request system310 closes out the transaction authorization request and approves the authorization if the authorization request indicates approval. - In operation,
system 300 allowscard reader system 304 to be interfaced with point ofsale device 302 through an existing point ofsale device 302 interface. This process allowscard reader system 304 to be provided with proprietary card reading and encryption technology to prevent point ofsale device 302 from receiving the unencrypted card data, and thus provides additional security and protection from point of sale device malware, viruses, or other programs from third parties that are seeking unauthorized access to credit card account number data. FIG. 4 is a flowchart of amethod 400 for processing a token request in accordance with an exemplary embodiment of the present invention.Method 400 can be implemented as a series of algorithms operating on a general purpose computer so as to transform the general purpose computer into a special purpose processing platform. Whilemethod 400 is presented as a flow chart, each method process can be implemented in software as an algorithm, and exemplary pseudo code is provided by way of example and not by limitation for various processes shown inmethod 400. Such exemplary pseudo code can be readily adapted to various similar processes as discussed herein for this or other methods or systems.Method 400 begins at402 where a credit card is scanned in a card reader system and encrypted. In one exemplary embodiment, the card reader system can be a card reader system that stands beside a point of sale device and which is an add on to the point of sale device, so as to allow the point of sale device's card reader to be bypassed or disabled, or to otherwise provide card reader functionality that does not allow unencrypted credit card account number data to be processed by a point of sale device. In one exemplary embodiment, the encryption can be performed by using a proprietary encryption technology that protects the credit card data from being intercepted by third parties, such as using a standard encryption process such as RSA or DES or a suitable proprietary equivalent. In addition to a magnetic card stripe reader,402 can invoke an algorithm, such as the following exemplary pseudo code:- 10 if card present, read magnetic stripe data
- 20 execute encryption process
- 30 store read data in buffer
The method then proceeds to404.
- At404, a token request is generated, and at406, card authorization is requested. In one exemplary embodiment, the card reader can be a stand-alone card reader system that is located next to a point of sale device and that encrypts the credit card data, generates the token request, and generates the transaction identifier associated with a point of sale device, so as to allow the card to be authorized as part of the token generation process, and before a transaction amount is determined. In another exemplary embodiment, the card reader can be in line with the point of sale device, can interface through a data port of the point of sale device, or can otherwise be used in conjunction with a point of sale device. In this manner, the credit card reader can be a stand-alone system next to an existing point of sale device, or other suitable embodiments can be used. In one exemplary embodiment,404 and406 can invoke an algorithm, such as the following exemplary pseudo code:
- 40 generate token request
- 50 generate card authorization request
- 60 transmit token request, authorization request
The method then proceeds to408.
- At408, it is determined whether the card is authorized. In one exemplary embodiment, the token can be decrypted by an authorization gateway or suitable systems, and authorization processes using the credit card account number can be performed, such as a number validation check, a watch list check, transmission of the credit card number to a credit card network or card issuing bank for preliminary authorization, or other suitable processes. In one exemplary embodiment,408 can invoke an algorithm, such as the following exemplary pseudo code:
- 70 execute authorization process
- If it is determined that the card is not authorized, the method proceeds to410 where a decline message is generated and transmitted to the point of sale device, card reader system, or other suitable systems. Otherwise, the method proceeds to412 where a token is generated. In one exemplary embodiment, the token can be a number unrelated to the credit card data that is used to track the transaction and the credit card associated with the transaction so as to avoid storing and transmission of credit card data. In another exemplary embodiment,410 and412 can invoke an algorithm, such as the following exemplary pseudo code:
- 80 if card not authorized, generate decline message
- 90 if card authorized, generate token
- 100 transmit message or token
The method then proceeds to414.
- At414, the point of sale device associated with the token and the authorization request is determined, and the authorization request is transmitted to the associated point of sale device. In one exemplary embodiment, point of sale device can have a unique address identifier, and data packets or other suitable data formats can be generated and addressed to that point of sale device. In another exemplary embodiment,414 can invoke an algorithm, such as the following exemplary pseudo code:
- 110 determine associated point of sale address
- 120 address authorization request message and transmit
The method then proceeds to416.
- At416, the token associated authorization request data is received at a point of sale device. In one exemplary embodiment, where only a token is generated, the token is received and the point of sale device proceeds with transaction preparation, such as using existing authorization processes that are normally performed using a credit card account number but where the token is used instead of the credit card account number. Likewise, where a predetermined amount has been authorized, the token can be received at the point of sale device and the transaction authorization information can be used to allow the transaction to be performed. In one exemplary embodiment,416 can invoke an algorithm, such as the following exemplary pseudo code:
- 130 receive token, perform authorization processing
The method then proceeds to418.
- 130 receive token, perform authorization processing
- At418, transaction authorization is requested. In one exemplary embodiment, a transaction authorization can be requested where an amount exceeds a predetermined transaction threshold that has already been authorized when the card was authorized, where a predetermined authorization processing method is performed, or using other suitable processes. In one exemplary embodiment,418 can invoke an algorithm, such as the following exemplary pseudo code:
- 140 generate transaction authorization request
The method then proceeds to420.
- 140 generate transaction authorization request
- At420, the token and transaction authorization request data is transmitted to the authorization gateway. In one exemplary embodiment, the token can be included in an authorization request response message in place of a credit card number so as to facilitate interfacing the transaction processing with the existing credit card authorization processes. In another exemplary embodiment,420 can invoke an algorithm, such as the following exemplary pseudo code:
- 150 transmit token and transaction authorization request to authorization gateway
The method then proceeds to422.
- 150 transmit token and transaction authorization request to authorization gateway
- At422, it is determined whether the transaction has been authorized by the transaction gateway, card issuing bank, credit card authorization network or other suitable system. If the transaction has not been authorized, the method proceeds to424 where a transaction refusal message is transmitted to the point of sale device, such as indicating that the credit card is stolen, that there are insufficient funds, or other suitable data. Otherwise, the method proceeds to426 where the transaction data is stored at the authorization gateway, including the token number which is associated with the credit card data at the authorization gateway in a secure location, the transaction data such as transaction amount, items purchased, stored, purchased from, point of sale device number, or other suitable transaction data. The method then proceeds to428 where the point of sale device is notified that the transaction has been authorized and can proceed. In one exemplary embodiment,422-428 can invoke an algorithm, such as the following exemplary pseudo code:
- 160 transmit authorization request to card issuing bank over credit card authorization network
- 170 if transaction not authorized generate denial message
- 180 if transaction authorized, store transaction data generate approval message
- 190 transmit message to point of sale terminal
- In operation,
method 400 can be used to perform authorization processing with a stand-alone card reader system in an existing point of sale device.Method 400 may require the existing point of sale device to be updated to interface with token requests generated by the stand-alone card reader, and allows an authorization gateway to receive encrypted credit card data that has not been presented to or processed by the point of sale device, so as to insulate the credit card data from unauthorized access. FIG. 5 is a flow chart of a method500 for processing transaction data in accordance with an exemplary embodiment of the present invention. Method500 can be implemented as a series of algorithms on one or more processing platforms so as to convert the processing platforms from general purpose computers into special purpose processors, such as by using code similar to the disclosed pseudo code formethod 400 as modified to accommodate the processes of method500.- Method500 begins at502 where a transaction is initiated. In one exemplary embodiment, the transaction can be initiated by a point of sale device, such as one that has not been modified and where the operator is using a specific or special operator identification card that inserts a placeholder code into the transaction data. In another exemplary embodiment, standard point of sale software can be used that monitors for the presence of a credit card account number from a magnetic card stripe reader, so that the existing system can be used without modification by using a credit card magnetic stripe surrogate. This surrogate can be a single device that is used by all employees, can be an employee-specific device that is used to identify the employee that is handling the transaction, or can be other suitable devices. The method then proceeds to504.
- At504, the transaction data from the point of sale device is received. In one exemplary embodiment, the transaction authorization request can have a predetermined format, and can be buffered so as to identify the expected location of the placeholder code, which will be the location in the transaction authorization request format where the credit card account data would normally be. The method then proceeds to506.
- At506, a credit card is scanned at a stand-alone card reader. In one exemplary embodiment, the stand-alone card reader can be downstream from the point of sale device and can include encryption software and other systems that are used to ensure the security of the credit card data and to prevent the credit card data from being extracted or detected by unauthorized third parties. The credit card data is then encrypted and the method proceeds to508.
- At508, the placeholder code from the transaction authorization packet is extracted and the encrypted credit card data is inserted in its place. In one exemplary embodiment, encrypted credit card data can include additional data such as a token request or other suitable data. In another exemplary embodiment,508 can invoke an algorithm, such as the following exemplary pseudo code:
- 10 read buffer {field}
- 20 {field}=employee ID or other data?
- 30 Yes—replace with encrypted card data, other data
- 40 No—generate alert
- 50 continue
In this exemplary pseudo code, an alert is generated if the placeholder code is not an authorized employee ID or other authorized data, such as to generate an alert that an unauthorized person is attempting to submit a transaction for authorization. The method then proceeds to510.
- At510, a token request is generated. In one exemplary embodiment, the token request can include the encrypted credit card account data that has been read from the magnetic stripe and other suitable data, such as a point of sale device identifier or other suitable data. The method then proceeds to512.
- At512, transaction authorization is requested from an authorization gateway. In one exemplary embodiment, the authorization request can be transmitted to an authorization gateway, and the token request can be extracted and decrypted, such that the credit card validity and credit limit can be determined. Transaction authorization can be performed by transmitting a transaction authorization request to a card issuing bank, a credit card authorization network or other suitable systems, and receiving authorization approval or denial or in other suitable data. The method then proceeds to514.
- At514, it is determined whether authorization of the transaction has been received from a card issuing bank, a credit card authorization network or whether other suitable transaction authorization data has been received. If the transaction has not been authorized, the method proceeds to516 and an authorization denial code or other suitable data is transmitted to the point of sale device. Otherwise, the method proceeds to518 where the transaction data is stored at the authorization gateway, such as to allow the token identifier, the credit card data, the transaction data, or other suitable data to be obtained in the future, to allow the merchant or card issuing bank to access such data in the future if required but to prevent third parties from accessing the data behind the secure firewall at the authorization gateway, or for other suitable purposes. The method then proceeds to520.
- At520, a token is generated to identify the transaction, and the token is also stored with the transaction data. The method then proceeds to522.
- At522, the token is received and stored at the point of sale device in addition to the authorization approval. In this manner, the point of sale device can use an adjunct or stand-alone magnetic card stripe reader and can receive authorization for a transaction without accessing the magnetic card stripe data.
- In operation, method500 allows an existing point of sale device to be used with an adjunct or stand-alone magnetic card stripe reader, such as to allow the existing authorization process and programming to be used, but by further substituting a placeholder or employee identifier in place of the credit card account number that is stored in the magnetic card stripe data. In this manner, additional security can be provided at point of sale devices without requiring any retrofit or modification of the point of sale software.
FIG. 6 is a flow chart of a method600 for processing authorization data in accordance with an exemplary embodiment of the present invention. Method600 can be implemented as one or more algorithms on one or more processing platforms, so as to transform this processing platform from general purpose processors into specific purpose processors, such as by using code similar to the disclosed pseudo code formethod 400 as modified to accommodate the processes of method600.- Method600 begins at602 where the magnetic stripe of a credit card is scanned and encrypted. In one exemplary embodiment, a stand-alone card reader system can be used to read and encrypt the magnetic stripe data from a credit card using a proprietary encryption process. The method then proceeds to604.
- At604, a token request is generated. In one exemplary embodiment, the token request can include the encrypted credit card account data that has been read from the magnetic stripe and other suitable data, such as a point of sale device identifier or other suitable data. The method then proceeds to606.
- At606, transaction authorization is requested. In one exemplary embodiment, a point of sale device can be interfaced with a stand-alone magnetic card stripe reader through a wireless interface, a data port (such as a RS232 port, a USB port, or other suitable ports), or in other suitable manners, and can receive the token request and process that request in addition to a transaction authorization request, such as by including the token request with the transaction authorization. The method proceeds to608.
- At608, it is determined whether the token request is acceptable, such as at an authorization gateway that receives the transaction authorization request and token request, and which extracts the token request and decrypts the credit card data from the token request. The authorization gateway can be behind the secure firewall such that decryption and extraction of the credit card data can be secured from third parties. If it is determined at608 that the token request is not acceptable, such as by checking the credit card number for proper form, against a watch list or by running a preliminary authorization request to a card issuing bank, or using other suitable processes, the method proceeds to610 where the point of sale device is notified that the authorization request has been denied. Otherwise, the method proceeds to612 where a token is generated. The method then proceeds to614. Likewise, if authorization is not performed prior to token generation, it is determined at614 whether the transaction amount has been authorized. If the transaction has not been authorized, the method proceeds to616 where the point of sale device is notified without the generation of a token. Otherwise, the method proceeds to618 where the token and authorization request is transmitted to the point of sale device from the authorization gateway. The method then proceeds to620.
- At620, the token and authorization response is received and stored at the point of sale device. In one exemplary embodiment, point of sale device can store a token number instead of the credit card data and associate that with the authorization transaction data, so as to allow the merchant to subsequently identify the token number if there are any questions about the transaction, and the token number can be used to identify the credit card that was presented for payment.
- In operation, method600 allows a point of sale device to be connected to an adjunct magnetic card stripe reader, and to receive encrypted credit card data from the magnetic card stripe reader, so as to replace the magnetic card stripe data with a token request that protects the magnetic card stripe data from ever being read from any point of sale device software or hardware. In this manner, commonly used methods that are used to extract credit card data at point of sale devices for unauthorized purposes are defeated and security of the credit card data is maintained.
FIG. 7 is a diagram of asystem 700 for a stand-alone card reader for use with a point of sale device in accordance with an exemplary embodiment of the present invention.System 700 can be implemented in hardware or a combination of hardware and software and can be a stand-alone card reader system having hardware components such as a magnetic card stripe reader, data ports and a processor, and associated processing software.System 700 includes magnetic card reader system702, which can be a standard or proprietary magnetic card stripe reader that detects data stored on the magnetic card stripe and stores it in a buffer for further processing. Likewise, magnetic card reader system702 can perform encryption on the card stripe data as it is extracted from the magnetic card stripe, such as in addition to encryption system704 or using encryption system704. In one exemplary embodiment, encryption system704 can be the operating system that is used to operate magnetic card reader system702 or other suitable systems.- Encryption system704 generates encrypted data containing credit card data, such as a credit card account number. This encrypted data can be submitted to
token request generator 710 and transmitted bygateway interface system 706 to an authorization gateway over a suitable data transmission medium. Likewise, a token request can be submitted fromtoken request generator 710 through point ofsale interface system 708 to a point of sale device, such as a point of sale device that is connected to the magnetic card reader system702. In addition, encryption system704 can provide the encrypted card data to string detect and replace716. String detect and replace716 can receive authorization approval request data frombuffer 714, which can receive the authorization request from point ofsale interface system 708 and store the authorization request inbuffer 714. String detect and replace716 can store the encrypted credit card data in a predetermined location ofbuffer 714, can search buffer714 for a predetermined text string or alphanumeric string associated with the credit card data or can perform other suitable processes to replace placeholder data with encrypted credit card data. - In addition, point of
sale interface system 708 can receive an authorization request from an existing point of sale device, such as by allowing the user to use an identification card that takes the place of a credit card or other suitable devices or systems, and where the authorization request has been modified bysystem 700 using the encrypted credit card data from encryption system704. In this exemplary embodiment, point ofsale interface system 708 can store the authorization request inbuffer 714 or in other suitable locations. System 700 can include point ofsale update system 712, which can interface with a point of sale device through point ofsale interface system 708 or in other suitable manners to update software that controls the operation of a point of sale device. In this exemplary embodiment,gateway interface system 706 can be used to receive point of sale updates based on point of sale identifiers associated withsystem 700. Likewise, other suitable processes can be used.- In operation,
system 700 provides different exemplary embodiments for providing an adjunct card reader to an existing point of sale device, such as by using the adjunct card reader separately from the point of sale device, using it downstream from the point of sale device, between the point of sale device and an authorization gateway, or by interfacing the adjunct card reader with the existing point of sale device through a data port on the existing point of sale device casing or system hardware interfaces. In these exemplary embodiments,system 700 provides a flexible approach to updating existing point of sale devices to increase security of credit card data by removing known point of sale device configurations from being attacked by hackers. - While certain exemplary embodiments have been described in detail and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention. It will thus be recognized to those skilled in the art that various modifications may be made to the illustrated and other embodiments of the invention described above, without departing from the broad inventive scope thereof. It will be understood, therefore, that the invention is not limited to the particular embodiments or arrangements disclosed, but is rather intended to cover any changes, adaptations or modifications which are within the scope and the spirit of the invention defined by the appended claims.
Claims (17)
1-16. (canceled)
17. A system for point-to-point encryption comprising:
a card reader system for reading unencrypted card data stored on a magnetic stripe of a card and for encrypting the card data immediately after the card data is read and prior to subsequent processing, the card reader system being contained in a first housing;
a point of sale device coupled to the card reader system, the point of sale device being contained in a second housing separate from the first housing, the point of sale device having a user interface for obtaining a transaction amount; and
a transaction request system for transmitting the transaction amount and the encrypted card data to an authorization gateway, wherein the unencrypted card data is prevented from being processed by the point of sale device.
18. The system ofclaim 17 wherein the card reader system comprises a token request system for compiling the encrypted card data into a token request for transmission to the authorization gateway.
19. The system ofclaim 17 wherein the point of sale device comprises a token handling system receiving a token from the authorization gateway, associating the token with transaction data and storing the token and the associated transaction data in a local memory.
20. The system ofclaim 17 wherein the point of sale device comprises a transaction permission system receiving a token from the authorization gateway, associating the token with transaction data and transmitting the token and the associated transaction data to the authorization gateway.
21. The system ofclaim 17 wherein the point of sale device is only coupled to the card reader system through the authorization gateway.
22. The system ofclaim 17 wherein the point of sale device is only coupled to the card reader system through a data port of the point of sale device.
23. The system ofclaim 17 wherein the card reader system is coupled to the authorization gateway, and data from the point of sale device is only transmitted to the authorization gateway by passing through the card reader system.
24. The system ofclaim 17 further comprising an authorization gateway that further comprises:
a token generation system for receiving a token request and the encrypted card data and for decrypting the encrypted card data; and
a transaction authorization system for transmitting the decrypted card data to a card-issuing bank with an authorization request and for receiving an authorization response;
wherein the token generation system generates a token based on the authorization response.
25. A method for point-to-point encryption comprising:
reading unencrypted card data stored on a magnetic stripe of a card at a card reader system contained in a first housing;
encrypting the card data at the card reader system immediately after the card data is read and prior to subsequent processing;
obtaining a transaction amount from a point of sale device contained in a second housing separate from the first housing;
transmitting the transaction amount and the encrypted card data to an authorization gateway; and
preventing the unencrypted card data from being processed by the point of sale device.
26. The method ofclaim 25 comprising compiling the encrypted card data into a token request for transmission to the authorization gateway at the card reader system.
27. The method ofclaim 25 comprising:
receiving a token from the authorization gateway;
associating the token with transaction data; and
storing the token and the associated transaction data in a local memory.
28. The method ofclaim 25 comprising:
receiving a token from the authorization gateway;
associating the token with transaction data; and
transmitting the token and the associated transaction data to the authorization gateway.
29. The method ofclaim 25 comprising coupling the point of sale device to the authorization gateway only through the card reader system.
30. The method ofclaim 25 comprising coupling the point of sale device to the card reader system only through a data port of the point of sale device.
31. The method ofclaim 25 wherein data from the point of sale device is only transmitted to the authorization gateway by passing through the card reader system.
32. The method ofclaim 25 further comprising:
receiving a token request and the encrypted card data at the authorization gateway;
decrypting the encrypted card data;
transmitting the decrypted card data to a card-issuing bank with an authorization request;
receiving an authorization response; and generating a token based on the authorization response.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US13/730,594US20130124424A1 (en) | 2010-04-01 | 2012-12-28 | System and method for point-to-point encryption with adjunct terminal |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12/752,806US8346671B2 (en) | 2010-04-01 | 2010-04-01 | System and method for point-to-point encryption with adjunct terminal |
| US13/730,594US20130124424A1 (en) | 2010-04-01 | 2012-12-28 | System and method for point-to-point encryption with adjunct terminal |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US12/752,806ContinuationUS8346671B2 (en) | 2010-04-01 | 2010-04-01 | System and method for point-to-point encryption with adjunct terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20130124424A1true US20130124424A1 (en) | 2013-05-16 |
Family
ID=44710790
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US12/752,806Active2030-11-23US8346671B2 (en) | 2010-04-01 | 2010-04-01 | System and method for point-to-point encryption with adjunct terminal |
| US13/730,594AbandonedUS20130124424A1 (en) | 2010-04-01 | 2012-12-28 | System and method for point-to-point encryption with adjunct terminal |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US12/752,806Active2030-11-23US8346671B2 (en) | 2010-04-01 | 2010-04-01 | System and method for point-to-point encryption with adjunct terminal |
Country Status (3)
| Country | Link |
|---|---|
| US (2) | US8346671B2 (en) |
| CA (1) | CA2795249C (en) |
| WO (1) | WO2011123782A2 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3224784A4 (en)* | 2014-11-26 | 2017-11-08 | Visa International Service Association | Tokenization request via access device |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9256874B2 (en) | 2011-04-15 | 2016-02-09 | Shift4 Corporation | Method and system for enabling merchants to share tokens |
| US9602164B1 (en)* | 2011-04-29 | 2017-03-21 | United Services Automobile Association (Usaa) | Methods and systems for making a pre-payment |
| US8943574B2 (en)* | 2011-05-27 | 2015-01-27 | Vantiv, Llc | Tokenizing sensitive data |
| CA2858691A1 (en)* | 2011-12-09 | 2013-06-13 | Merchantwarehouse.Com, Llc | Payment processing and customer engagement platform methods, apparatuses and media |
| WO2013130982A1 (en)* | 2012-03-01 | 2013-09-06 | Mastercard International Incorporated Dba Mastercard Worldwide | Systems and methods for mapping a mobile cloud account to a payment account |
| US9141949B1 (en)* | 2013-07-09 | 2015-09-22 | Travis Q. Le | Point of sale transaction device |
| FR3014586B1 (en)* | 2013-12-05 | 2017-03-31 | Cie Ind Et Financiere D'ingenierie Ingenico | METHOD OF PROCESSING TRANSACTIONAL DATA, TERMINAL, SERVER AND CORRESPONDING COMPUTER PROGRAMS. |
| GB2524946A (en)* | 2014-03-04 | 2015-10-14 | Eckoh Uk Ltd | Secure gateway for payments other transactions involving sensitive information |
| CA2896763C (en)* | 2014-07-11 | 2021-01-12 | The Toronto Dominion Bank | Systems and methods for providing pre-paid multicards |
| US9953171B2 (en) | 2014-09-22 | 2018-04-24 | Infosys Limited | System and method for tokenization of data for privacy |
| WO2018057599A1 (en)* | 2016-09-21 | 2018-03-29 | Wal-Mart Stores, Inc. | System and methods for point to point encryption and tokenization in a hosted environment |
| DE102017221300A1 (en)* | 2017-11-28 | 2019-05-29 | Siemens Mobility GmbH | Method and system for providing a data-related function by means of a data-processing system of a track-bound vehicle |
| US11488154B2 (en)* | 2018-02-02 | 2022-11-01 | Cyril ROBITAILLE | Electronic payment method and system |
| US11551208B2 (en) | 2018-10-04 | 2023-01-10 | Verifone, Inc. | Systems and methods for point-to-point encryption compliance |
| US10846677B2 (en) | 2019-01-11 | 2020-11-24 | Merchant Link, Llc | System and method for secure detokenization |
| US11403646B2 (en)* | 2019-03-01 | 2022-08-02 | Shopify Inc. | Secure pin entry via mobile device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6598031B1 (en)* | 2000-07-31 | 2003-07-22 | Edi Secure Lllp | Apparatus and method for routing encrypted transaction card identifying data through a public telephone network |
| US20040182921A1 (en)* | 2000-05-09 | 2004-09-23 | Dickson Timothy E. | Card reader module with account encryption |
| US20050097261A1 (en)* | 2003-10-31 | 2005-05-05 | Samsung Electronics Co., Ltd. | User authentication system and method for controlling the same |
| US20070023504A1 (en)* | 2005-05-19 | 2007-02-01 | F.S.V. Payment Systems, Inc. | Computer implemented flexible benefit plan host based stored value card product |
| US20090144161A1 (en)* | 2007-11-30 | 2009-06-04 | Mobile Candy Dish, Inc. | Method and system for conducting an online payment transaction using a mobile communication device |
| US20110084140A1 (en)* | 2009-10-13 | 2011-04-14 | Sam Wen | Systems and methods for decoding card swipe signals |
| US20110161233A1 (en)* | 2009-12-30 | 2011-06-30 | First Data Corporation | Secure transaction management |
Family Cites Families (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5978918A (en) | 1997-01-17 | 1999-11-02 | Secure.Net Corporation | Security process for public networks |
| US6332193B1 (en) | 1999-01-18 | 2001-12-18 | Sensar, Inc. | Method and apparatus for securely transmitting and authenticating biometric data over a network |
| US6560709B1 (en) | 1999-04-30 | 2003-05-06 | 3Com Corporation | Method and apparatus for the transfer of sensitive card data over an unsecure computer network |
| US6938022B1 (en) | 1999-06-12 | 2005-08-30 | Tara C. Singhal | Method and apparatus for facilitating an anonymous information system and anonymous service transactions |
| US7627531B2 (en) | 2000-03-07 | 2009-12-01 | American Express Travel Related Services Company, Inc. | System for facilitating a transaction |
| CA2403283A1 (en) | 2000-03-15 | 2001-09-20 | Edward J. Hogan | Method and system for secure payments over a computer network |
| US7376629B1 (en) | 2000-04-03 | 2008-05-20 | Incogno Corporation | Method of and system for effecting anonymous credit card purchases over the internet |
| US6990470B2 (en) | 2000-04-11 | 2006-01-24 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
| US20030046237A1 (en) | 2000-05-09 | 2003-03-06 | James Uberti | Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens |
| AU2001253406A1 (en) | 2000-05-15 | 2001-11-26 | Efunds Corporation | System for and method of effecting an electronic transaction |
| US20020022967A1 (en) | 2000-08-18 | 2002-02-21 | International Business Machines Corporation | Goods delivery method, online shopping method, online shopping system, server, and vender server |
| US6938019B1 (en) | 2000-08-29 | 2005-08-30 | Uzo Chijioke Chukwuemeka | Method and apparatus for making secure electronic payments |
| US7292999B2 (en) | 2001-03-15 | 2007-11-06 | American Express Travel Related Services Company, Inc. | Online card present transaction |
| US6816058B2 (en)* | 2001-04-26 | 2004-11-09 | Mcgregor Christopher M | Bio-metric smart card, bio-metric smart card reader and method of use |
| US20020191020A1 (en) | 2001-06-18 | 2002-12-19 | International Business Machines Corporation | Method and apparatus for removing confindential information from a history |
| US7269737B2 (en) | 2001-09-21 | 2007-09-11 | Pay By Touch Checking Resources, Inc. | System and method for biometric authorization for financial transactions |
| US20040012567A1 (en)* | 2002-02-08 | 2004-01-22 | Ashton Jason A. | Secure input device |
| US20040073688A1 (en) | 2002-09-30 | 2004-04-15 | Sampson Scott E. | Electronic payment validation using Transaction Authorization Tokens |
| US20040172309A1 (en) | 2002-11-15 | 2004-09-02 | Selwanes Ragui N. | Method, system and storage medium for facilitating multi-party transactions |
| US7512236B1 (en) | 2004-08-06 | 2009-03-31 | Mark Iv Industries Corporation | System and method for secure mobile commerce |
| US7809169B2 (en)* | 2005-03-02 | 2010-10-05 | Martinez Pamela J | Secure point of sales biometric identification process and financial system for standalone and remove device transactions (paysecure) |
| US7451481B2 (en)* | 2005-04-29 | 2008-11-11 | Merchant Link, Llc | Database system and method for encryption and protection of confidential information |
| US7757953B2 (en)* | 2006-01-13 | 2010-07-20 | Magtek, Inc. | Secure magnetic stripe reader |
| KR20070117420A (en) | 2006-06-08 | 2007-12-12 | 한국정보통신주식회사 | Payment method and system and program recording medium therefor |
| WO2008063877A2 (en)* | 2006-11-06 | 2008-05-29 | Magtek, Inc. | Card authentication system |
| US20090327701A1 (en)* | 2008-01-10 | 2009-12-31 | Holz John B | ID Card Encryption |
| KR101028106B1 (en) | 2008-05-29 | 2011-04-08 | 케이아이에스정보통신 주식회사 | How payment processing server processes encrypted card information |
| KR20100006004A (en) | 2008-07-08 | 2010-01-18 | 나이스데이터(주) | Autentification processing method and system using card, card terminal for authentification processing using card |
- 2010
- 2010-04-01USUS12/752,806patent/US8346671B2/enactiveActive
- 2011
- 2011-04-01CACA2795249Apatent/CA2795249C/enactiveActive
- 2011-04-01WOPCT/US2011/030946patent/WO2011123782A2/enactiveApplication Filing
- 2012
- 2012-12-28USUS13/730,594patent/US20130124424A1/ennot_activeAbandoned
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040182921A1 (en)* | 2000-05-09 | 2004-09-23 | Dickson Timothy E. | Card reader module with account encryption |
| US6598031B1 (en)* | 2000-07-31 | 2003-07-22 | Edi Secure Lllp | Apparatus and method for routing encrypted transaction card identifying data through a public telephone network |
| US20050097261A1 (en)* | 2003-10-31 | 2005-05-05 | Samsung Electronics Co., Ltd. | User authentication system and method for controlling the same |
| US20070023504A1 (en)* | 2005-05-19 | 2007-02-01 | F.S.V. Payment Systems, Inc. | Computer implemented flexible benefit plan host based stored value card product |
| US20090144161A1 (en)* | 2007-11-30 | 2009-06-04 | Mobile Candy Dish, Inc. | Method and system for conducting an online payment transaction using a mobile communication device |
| US20110084140A1 (en)* | 2009-10-13 | 2011-04-14 | Sam Wen | Systems and methods for decoding card swipe signals |
| US20110161233A1 (en)* | 2009-12-30 | 2011-06-30 | First Data Corporation | Secure transaction management |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3224784A4 (en)* | 2014-11-26 | 2017-11-08 | Visa International Service Association | Tokenization request via access device |
| CN113537988A (en)* | 2014-11-26 | 2021-10-22 | 维萨国际服务协会 | Method and apparatus for tokenizing requests via an access device |
| US11620643B2 (en) | 2014-11-26 | 2023-04-04 | Visa International Service Association | Tokenization request via access device |
| US12112316B2 (en) | 2014-11-26 | 2024-10-08 | Visa International Service Association | Tokenization request via access device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011123782A3 (en) | 2012-01-05 |
| CA2795249A1 (en) | 2011-10-06 |
| CA2795249C (en) | 2014-01-28 |
| US20110246372A1 (en) | 2011-10-06 |
| US8346671B2 (en) | 2013-01-01 |
| WO2011123782A2 (en) | 2011-10-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8346671B2 (en) | System and method for point-to-point encryption with adjunct terminal | |
| US11240219B2 (en) | Hybrid integration of software development kit with secure execution environment | |
| US20200151725A1 (en) | Systems and methods for data desensitization | |
| US10547625B2 (en) | Software tampering detection and reporting process | |
| CN107925572B (en) | Secure binding of software applications to communication devices | |
| ES2748847T3 (en) | Secure payment card transactions | |
| JP5199095B2 (en) | System and method for secure account number in proximity device | |
| US20150199673A1 (en) | Method and system for secure password entry | |
| KR20060125835A (en) | Emv transactions in mobile terminals | |
| US8620824B2 (en) | Pin protection for portable payment devices | |
| US20110010289A1 (en) | Method And System For Controlling Risk Using Static Payment Data And An Intelligent Payment Device | |
| WO2013103991A1 (en) | Data protection with translation | |
| JP2009507308A5 (en) | ||
| BRPI0710319A2 (en) | SYSTEM FOR APPROVING TRANSACTION CARD TRANSACTIONS AND METHOD FOR APPROVING A FUNDS TRANSFER TRANSFER BY A USER USING A TRANSACTION CARD | |
| CN116195231A (en) | Token fault protection system and method | |
| WO2022040762A1 (en) | Electronic payments systems, methods and apparatus | |
| KR100408890B1 (en) | Method for certificating an credit dealing using a multi-certificated path and system thereof | |
| KR100598573B1 (en) | Disposable card information generation and authentication method using smart card and system for this | |
| EP3095081A1 (en) | Authentication method and system | |
| WO2005024743A1 (en) | Granting access to a system based on the use of a card having stored user data thereon | |
| HK40055820A (en) | Contactless card with multiple rotating security keys | |
| WO2021054854A1 (en) | Generation and use of a trusted digital image of a document |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |