This Decryption as a Service process is part of Bluefin’s comprehensive PCI-validated P2PE solution. Bluefin was awarded its first patent in June 2016 on “Systems and Methods for Creating Fingerprints of Encryption Devices.” Bluefin has five additional patents pending related to device encryption and management.
October 4, 2016 – Atlanta, GA – Bluefin, the leading provider of PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, healthcare and higher education, today announced the issuance of patent #9,461,973 by the United States Patent & Trademark Office (USPTO) on systems and methods for decryption as a service. The patent encompasses both Bluefin’s high-speed decryption platform and P2PE Manager.
In March 2014, Bluefin became the first North American-based company to receive PCI validation for a P2PE solution. Bluefin’s PCI-validated P2PE solution encrypts cardholder data within a PCI-approved P2PE device, preventing clear-text cardholder data from being available in an organization’s systems and networks where it could be accessible in the event of a data breach.
In 2015, Bluefin introduced Decryptx, the company’s Decryption as a Service (DaaS) product for enabling their PCI-validated P2PE solution on partners’ gateways and processing platforms. Decryptx enables any PCI/DSS provider to enhance their platform and offer Bluefin’s PCI-validated P2PE solution via a simple integration. Keyed, swiped, and EMV data from point of sale (POS) systems is protected via PCI-validated controls and encryption.
The issued patent relates to Bluefin’s Decryptx P2PE architecture as well as payment device and chain-of-custody management. In order to serve gateways, processors, and other large clients, Bluefin developed a high-speed and resilient decryption architecture. Specifically, the patent covers the systems and methods for parsing data from devices, device authentication and validation, key management, and decryption in a hardware security module (HSM). The patent further relates to a point to point encryption management system configured to receive information from a plurality of point of interaction devices (payment terminals).
As a leading PCI P2PE solution provider, Bluefin developed their own proprietary online device management system called the P2PE Manager for clients to monitor the complete lifecycle of a payment device. This includes key injection, device shipping and tracking for chain-of-custody, device state and attestation management, and a record of every decryption performed by every device. The P2PE Manager, together with Decryptx, provides a complete and validated P2PE platform for Bluefin partners.
“After bringing PCI-validated P2PE to the merchant community in North America, we looked for ways to distribute this important security technology through payment providers across the industry,” said Ruston Miles, Bluefin’s Chief Innovation Officer. “Our goal was to remove the re-integration headache of other P2PE solutions by requiring no change to the data flow between the merchant and their provider and delivering P2PE over existing rails. We solved this with our patented decryption as a service delivery model.”
Companies and organizations that adopt a PCI-validated P2PE solution throughout their POS environment are eligible for reduced compliance and scope, per the PCI Council. In order to achieve this reduced PCI scope, companies must maintain specific device chain of custody and operational standards, which they attest to every year.
This Decryption as a Service process is part of Bluefin’s comprehensive PCI-validated P2PE solution. Bluefin was awarded its first patent in June 2016 on “Systems and Methods for Creating Fingerprints of Encryption Devices.” Bluefin has five additional patents pending related to device encryption and management.