Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1999-06-29
2003-06-10
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S150000, C713S153000, C713S152000, C713S152000
Reexamination Certificate
active
06578145
ABSTRACT:
TECHNICAL FIELD
The present invention relates to an apparatus having multiple point-of-sale card reading/keypad devices on each operable side of an energy dispensing apparatus. More particularly, the present invention relates to an apparatus having secure multiple point-of-sale card reading/keypad devices wherein the placement of one of the aforementioned card reader/keypad devices is such that it is conveniently accessible to disabled individuals.
BACKGROUND ART
In retail environments such as stores and service stations, there is a need for maintaining security of customer-entered Personal Identification Numbers (PINs). This is especially true in gasoline service stations where the customer may initiate the sale of the product by inserting a magnetic strip credit or debit card (or other type of information bearing card) into a card reader which is mounted on a gasoline dispenser, or perhaps elsewhere in a service station. The customer then enters a PIN number via a keypad. The PIN is transmitted along with data read from the magnetic strip to a host computer which can compare the PIN and data from the card to authorize a purchase.
The PIN must be protected from disclosure so that unauthorized persons may not use the PIN in conjunction with the card to defraud either the legitimate card holder, the vendor or an authorizing financial institution or card issuer. In some service station circumstances, the customer is requested to enter his/her PIN number using a keypad which is a part of the dispenser housing. Alternatively, he/she may enter the number using a special purpose PIN pad (commercially available from several different companies), when the sale is controlled from a point of sale console. It is desirable, and required in most instances, that the PIN number be encrypted at the point of entry so that no transmissions of the clear text (i.e. not encrypted) PIN occur across any transmission medium that is subject to interception. Thus, it is desirable to use encryption techniques in the PIN pads and in the dispensers if they are such points of entry. Typically, the PIN pads and/or dispensers must be injected with cryptographic keys which are used in the encryption process for exchange of PIN data.
The injection must be done in a secure environment because the cryptographic keys must be initially loaded into PIN pads or dispensers in their clear text form and are therefore subject to interception. PIN pads are small, easily replaceable, and easily injected with cryptographic keys in a secure environment. However, this is not true of dispensers because they require periodic service, which cause them to lose their key data and necessitate another injection process. Since the dispensers are bulky, the removal of the dispenser and shipment to a secure environment for re-keying are impractical. Installing separate, replaceable PIN pads in the dispensers is feasible, but not cost effective for service stations which have a large number of dispensers and requires a large inventory of replacement devices.
Also, it would be desirable to have the encryption keys used in the host system as secure as possible, since unauthorized access to those keys could lead to large losses. If each dispenser has the host system encryption key in it, the chances for loss increase. Accordingly, it would be desirable to avoid injecting the host keys into the dispensers, or any part of the dispenser, to enhance security.
The problem solved by the present invention is connecting two or more PIN-pad devices (e.g. Keypads), such as a Gilbarco, Inc. SmartPad™, to one CRIND® BIOS (basic input/output system) board in a way that is invisible to entities downstream of the BIOS in the communication sequence (e.g., CRIND® Application, G-SITE®, Gilbarco Security Module (GSM), etc.). Providing multiple PIN-pad devices is important in order to meet Americans with Disabilities Act (ADA) governmental requirements for providing access to energy dispensers to handicapped individuals.
CRIND® is an acronym for “Card Reader IN Dispenser” which is a style of energy dispensing apparatus made and sold by Gilbarco, Inc., of Greensboro, N.C. Usage of the term CRIND® in this application implies an energy dispensing apparatus having card reading and keypad capabilities. These capabilities typically include communication of card information to a remotely (i.e., not on the energy dispensing apparatus) situated station controller. If desired, a CRIND® board can be configured to process touchscreen input data as well. The CRIND® board need not, however, be restricted to the energy dispensing arts as it is applicable to virtually any point-of-sale device having multiple keypad inputs.
To meet the requirements under the ADA given the physical construction of some energy dispensers, it is desirable to place a second keypad on the dispenser in an area reachable to disabled persons. Where secure keypads are desired, it is then required that both keypads on the dispenser be secure keypads such as a Gilbarco, Inc. SmartPad™. Since secure keypads require a unique key per transaction (UKPT) base key in order to perform debit operations, and since the security module (GSM) device does not currently support two independent secure keypads at a single pay-point, it is desirable to add a second secure keypad to the pay-point in a manner invisible to the security module (GSM) device.
Referring now to the drawings,
FIG. 1
illustrates conventional PIN block transmission from a single secure keypad
10
to the CRIND®
12
BIOS, and to the security module
14
(GSM) for subsequent host-specific encryption and transmission. The PIN block
16
is first encrypted with a unique key per transaction (UKPT) key
19
, then encrypted with the master/session key
20
and sent to the CRIND® board
12
. The CRIND®
12
BIOS then removes the master/session encryption layer and transmits the UKPT-encrypted PIN block to the GSM
14
. The GSM
14
then decrypts the UKPT-encrypted PIN block for subsequent processing. The security module
14
cannot perform the master/session decryption because the secure keypad was added to the architecture after a period where the CRIND®
12
handled the encryption of the PIN block.
Current security modules (GSMs) do not support multiple sources of UKPT-encrypted PIN blocks from a single pay-point. To do so would require additional data blocks and protocol changes to the security module firmware in order to support the UKPT approach for each additional secure keypad. Since there is an extensive population of security module devices in the field that do not support multiple secure keypads at a single pay-point, it is most desirable to make any such change invisible to the security module (GSM).
The present invention provides a system and method of adding multiple secure keypads to a system that currently supports only one secure keypad without compromising security or backward compatibility.
DISCLOSURE OF THE INVENTION
The present invention provides a system and method of adding multiple secure keypads to a single pay-point without affecting the site security module. This is accomplished by creating a master/satellite architecture in which the original secure keypad becomes the master to additional satellite secure keypads. In this architecture, the master secure keypad becomes a “virtual site security module” to the satellite keypads, thus relaying the encryption data provided by the site security module in an equally or more secure manner to the satellites.
According to one aspect of the invention, two (2) or more secure keypad devices are connected to a single CRIND® board that communicates with a security module such that either keypad may initiate and perform a consumer transaction. Between the keypad(s) and the security module sits the CRIND® board which serves both the security module downstream (transaction authorization) and the keypad upstream (transaction initiation). The present invention presents a new architecture on the upstream side of the CRIND® board which permits multiple secure keypads to be used in a manner that
Gilbarco Inc.
Peeso Thomas R.
LandOfFree
Methods and systems for securely communicating personal... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and systems for securely communicating personal..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and systems for securely communicating personal... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3100395