US2019325437A1PendingUtilityA1

Distributing payment keys among multiple discrete devices in a point of sale system

68
Assignee: CLOVER NETWORK INCPriority: Aug 24, 2017Filed: Jul 3, 2019Published: Oct 24, 2019
Est. expiryAug 24, 2037(~11.1 yrs left)· nominal 20-yr term from priority
G06Q 20/322G06Q 20/3827G06Q 20/20G06Q 20/3829G06Q 20/3278
68
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods and systems related to distributing payment keys to multiple discrete devices in a point of sale (POS) system are disclosed. One method includes storing a payment key on a first discrete device for a POS system and a public key certificate on a second discrete device for the POS system. The method also includes communicatively connecting the first discrete device with the second discrete device using a wire, transmitting the public key certificate from the second discrete device to the first discrete device using the wire, and verifying the public key certificate on the first discrete device. The method also includes finalizing a secure connection between the first discrete device and the second discrete device over the wire using a protocol after the public key certificate is verified.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A point of sale system comprising:
 a first discrete device with a first means for receiving payment information;   a second discrete device with a second means for receiving payment information;   a wire communicatively connecting the first discrete device to the second discrete device;   a second memory system on the second discrete device;   a public key certificate and a corresponding private key stored in the second memory system;   a first memory system on the first discrete device that stores instructions to: (i) receive the public key certificate from the second discrete device; (ii) verify the public key certificate; and (iii) form a secure connection between the first discrete device and the second discrete device over the wire using a protocol after the public key certificate is verified; and   wherein the first memory system and the second memory system store instructions to conduct a handshake for the protocol using a public key from the public key certificate and the corresponding private key.   
     
     
         2 . The point of sale system of  claim 1 , wherein:
 the first memory system stores instructions to transmit a copy of a payment key set to the second discrete device;   the second memory system stores instructions to derive a derived payment key from the copy of the payment key set;   the second memory system stores instructions to encrypt payment information received via the second means for receiving payment information using the derived payment key; and   the first memory system stores instructions to synchronize the payment key set and the copy of the payment key set using the secure connection.   
     
     
         3 . The point of sale system of  claim 1 , wherein:
 the first memory system stores instructions to transmit a copy of a payment key to the second discrete device over the wire using the secure connection;   the payment key is a derived payment key derived from a payment key set on the first discrete device;   the copy of the payment key is a copy of the derived payment key; and   the second memory system stores instructions to encrypt payment information received via the second means for receiving payment information using the copy of the derived payment key.   
     
     
         4 . The point of sale system of  claim 2 , further comprising:
 a volatile memory in the second memory system;   a nonvolatile memory in the second memory system that stores the public key certificate and the corresponding private key; and   a tamper sensor on the first discrete device;   wherein the first discrete device is configured to erase the payment key in response to the tamper sensor; and   wherein the second memory system stores instructions to provide the copy of the payment key to the volatile memory when the copy of the payment key is received via the secure connection.   
     
     
         5 . The point of sale system of  claim 2 , further comprising:
 a first universal serial bus (USB) driver located on the first discrete device;   a second USB driver located on the second discrete device;   wherein the wire is a USB;   wherein the secure connection is provided via transport layer secure (TLS) over USB between the first USB driver and the second USB driver; and   wherein a TLS handshake for the secure connection uses a public key from the public key certificate and the corresponding private key after the public key certificate is verified.   
     
     
         6 . The point of sale system of  claim 2 , further comprising:
 a first secure processor on the first discrete device;   a first tamper mesh surrounding the first secure processor;   a second secure processor on the second discrete device;   a second tamper mesh surrounding the second secure processor;   a first secure memory on the first secure processor, wherein the first secure memory is a component of the first memory system, and wherein the first secure memory stores the payment key and a second payment key; and   a second secure memory on the second secure processor, wherein the second secure memory is a component of the second memory system;   wherein the second secure memory stores instructions to encrypt payment information received via the second means for receiving payment information using the copy of the payment key; and   wherein the first secure memory system stores instructions to encrypt payment information received via the first means for receiving payment information using the second payment key.   
     
     
         7 . The point of sale system of  claim 6 , further comprising:
 an applications processor on the first discrete device;   wherein the first and second secure processors are slaves of the applications processor;   wherein the applications processor instantiates an operating system for the point of sale system;   wherein the wire is a universal serial bus (USB);   wherein the secure connection is provided via transport layer secure (TLS) over USB between the first secure processor and the second secure processor; and   wherein the applications processor is a USB intermediary on the secure connection.   
     
     
         8 . A point of sale system comprising:
 a first discrete device with a first means for receiving payment information;   a second discrete device with a second means for receiving payment information;   a wire communicatively connecting the first discrete device to the second discrete device;   a secure connection between the first discrete device and the second discrete device over the wire using a protocol;   a second secure memory on the second discrete device that stores: (i) a public key certificate and a corresponding private key; and (ii) a copy of a payment key delivered from the first discrete device over the wire via the secure connection;   a first secure memory on the first discrete device that stores: (i) a public key from the public key certificate after the public key certificate is verified; and (ii) the payment key; and   wherein the first memory system and the second memory system store instructions to conduct a handshake for the protocol using a public key from the public key certificate and the corresponding private key.   
     
     
         9 . The point of sale system of  claim 8 , further comprising:
 a first memory system on the first discrete device, wherein the first secure memory is a component of the first memory system;   a second memory system on the second discrete device, wherein the second secure memory is a component of the second memory system;   wherein the payment key is in the payment key set;   wherein the second memory system stores instructions to encrypt payment information received via the second means for receiving payment information using the copy of the payment key set; and   wherein the first memory system stores instructions to synchronize the payment key set and the copy of the payment key set using the secure connection.   
     
     
         10 . The point of sale system of  claim 8 , wherein:
 the payment key is a derived payment key derived from a payment key set on the first discrete device;   the copy of the payment key is a copy of the derived payment key; and   the second memory system stores instructions to encrypt payment information received via the second means for receiving payment information using the copy of the derived payment key.   
     
     
         11 . The point of sale system of  claim 8 , further comprising:
 a second memory system on the second discrete device, wherein the second secure memory is a component of the second memory system;   a volatile memory in the second memory system that stores the copy of the payment key;   a nonvolatile memory in the second memory system that stores the public key certificate and the corresponding private key; and   a tamper sensor on the first discrete device;   wherein the first discrete device is configured to erase the payment key in response to the tamper sensor.   
     
     
         12 . The point of sale system of  claim 8 , further comprising:
 a first universal serial bus (USB) driver located on the first discrete device;   a second USB driver located on the second discrete device;   wherein the wire is a USB;   wherein the secure connection is provided via transport layer secure (TLS) over USB between the first USB driver and the second USB driver; and   wherein a TLS handshake for the secure connection uses a public key from the public key certificate and the corresponding private key after the public key certificate is verified.   
     
     
         13 . The point of sale system of  claim 8 , further comprising:
 a first secure processor on the first discrete device, wherein the first secure memory is on the first secure processor;   a first tamper mesh surrounding the first secure processor;   a second secure processor on the second discrete device, wherein the second secure memory is on the second secure processor;   a second tamper mesh surrounding the second secure processor;   a first secure memory on the first secure processor, wherein the first secure memory is a component of the first memory system, and wherein the first secure memory stores the payment key and a second payment key; and   a second secure memory on the second secure processor, wherein the second secure memory is a component of the second memory system;   wherein the second secure memory stores instructions to encrypt payment information received via the second means for receiving payment information using the copy of the payment key; and   wherein the first secure memory system stores instructions to encrypt payment information received via the first means for receiving payment information using the second payment key.   
     
     
         14 . The point of sale system of  claim 13 , further comprising:
 an applications processor on the first discrete device;   wherein the first and second secure processors are servants of the applications processor;   wherein the applications processor instantiates an operating system for the point of sale system;   wherein the wire is a universal serial bus (USB);   wherein the secure connection is provided via transport layer secure (TLS) over USB between the first secure processor and the second secure processor; and   wherein the applications processor is a USB intermediary on the secure connection.   
     
     
         15 . A method comprising:
 storing a payment key on a first discrete device for a point of sale system;   storing a public key certificate and a corresponding private key on a second discrete device for the point of sale system;   communicatively connecting the first discrete device with the second discrete device using a wire;   transmitting the public key certificate from the second discrete device to the first discrete device using the wire;   verifying the public key certificate on the first discrete device; and   finalizing a secure connection between the first discrete device and the second discrete device, using the public key certificate and the public key, over the wire using a protocol after the public key certificate is verified.   
     
     
         16 . The method of  claim 15 , further comprising:
 storing a payment key set on the first discrete device for the point of sale system;   transmitting a copy of the payment key set to the second discrete device over the wire using the secure connection;   generating a second payment key from the copy of the payment key set on the second discrete device for the point of sale system;   accepting first payment information on the first discrete device;   encrypting the payment information using the first payment key;   accepting second payment information on the second discrete device; and   encrypting the second payment information using the second payment key.   
     
     
         17 . The method of  claim 16 , further comprising:
 generating the payment key from a second payment key set on the first discrete device for the point of sale system;   the payment key set and the second payment key set are derived unique key per transaction (DUKPT) payment key sets.   
     
     
         18 . The method of  claim 17 , further comprising:
 deleting the copy of the payment key set on the second discrete device when the second discrete device is powered down; and   transmitting a second copy of the payment key set to the second discrete device over the wire using the secure connection when the second discrete device is powered on again.   
     
     
         19 . The method of  claim 15 , further comprising:
 generating the payment key on the first discrete device from a derived unique key per transaction (DUKPT) key set;   transmitting a copy of the payment key to the second discrete device over the wire using the secure connection;   generating a second payment key on the first discrete device from a second fixed DUKPT key set;   accepting first payment information on the first discrete device;   encrypting the payment information on the first discrete device using the second payment key;   accepting second payment information on the second discrete device; and   encrypting the payment information on the second discrete device using the copy of the payment key.   
     
     
         20 . The method of  claim 19 , further comprising:
 deleting the copy of the payment key on the second discrete device if the copy of the payment key is not used within a set period of time subsequent to being transferred from the first discrete device.   
     
     
         21 . The method of  claim 15 , further comprising:
 detecting a tamper on the first discrete device; and   deleting the payment key in response to the tamper being detected;   wherein the second payment key is stored in volatile memory on the second discrete device.   
     
     
         22 . The method of  claim 15 , further comprising:
 generating the payment key on the first discrete device from a fixed derived unique key per transaction (DUKPT) key set and using a first secure processor on the first discrete device; and   encrypting the payment information on the second discrete device using the copy of the payment key and using a second secure processor on the second discrete device;   wherein the wire is a universal serial bus (USB);   wherein the secure connection is provided via transport layer secure (TLS) over USB between the first secure processor and the second secure processor; and   wherein the secure connection is formed using a public key from the public key certificate and the corresponding private key.   
     
     
         23 . The method of  claim 22 , wherein:
 the secure connection includes an applications processor serving as a USB intermediary; and   the first secure processor and the second secure processor are servants of the applications processor.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.