- Patent Title: Point of sale (POS) personal identification number (PIN) security
-
Application No.: US16197036Application Date: 2018-11-20
-
Publication No.: US10796306B2Publication Date: 2020-10-06
- Inventor: Attaullah Baig
- Applicant: PayPal, Inc.
- Applicant Address: US CA San Jose
- Assignee: PAYPAL, INC.
- Current Assignee: PAYPAL, INC.
- Current Assignee Address: US CA San Jose
- Agency: Haynes and Boone, LLP
- Main IPC: H04L29/06
- IPC: H04L29/06 ; G06Q20/40 ; G06Q20/20 ; G07F7/10 ; H04L9/08 ; H04L9/32 ; G06Q20/32 ; G06Q20/38

Abstract:
A key is securely injected into a POS PIN pad processor in its usual operating environment. In response to entry of a personal identification number (PIN) into a PIN pad, the processor puts the PIN into a PIN block; puts additional random data into the PIN block; and encrypts the entire PIN block using asymmetric cryptography with a public key derived from the injected key residing in the PIN pad processor. The corresponding private key may be held securely and secretly by an acquirer processor for decrypting the PIN block to retrieve the PIN. The encrypted random data defends the PIN against dictionary attacks. Time stamp data and constant data encrypted with the PIN block enables a defense of the PIN against replay attacks and tampering. The method may also include accepting the PIN from a mobile phone in communication with the processor.
Public/Granted literature
- US20190087819A1 POINT OF SALE (POS) PERSONAL IDENTIFICATION NUMBER (PIN) SECURITY Public/Granted day:2019-03-21
Information query