Bluefin expands their patent portfolio with additional patents that cover the company’s Decryptx P2PE architecture as well as payment device and chain-of-custody management
January 10, 2017 – Atlanta, GA – Bluefin Payment Systems, the leading provider of PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, healthcare and higher education, today announced the issuance of two new patents by United States Patent & Trademark Office (USPTO).
The patents are #9,531,712, Systems and methods for decryption as a service via a message queuing protocol, and #9,531,684, Systems and methods for decryption as a service via a configuration of read-only databases. The patents encompass both Bluefin’s high-speed decryption platform, Decryptx, and the company’s online P2PE Manager System.
Bluefin was the first North American-based company to receive PCI validation for a P2PE solution in 2014. The company’s PCI-validated P2PE solution encrypts cardholder data within a PCI-approved P2PE device, preventing clear-text cardholder data from being available in an organization’s systems and networks where it could be accessible in the event of a data breach.
In 2015, Bluefin introduced Decryptx, the company’s Decryption as a Service (DaaS) product for enabling their PCI-validated P2PE solution on partners’ gateways and processing platforms. Decryptx enables any PCI/DSS provider to enhance their platform and offer Bluefin’s PCI-validated P2PE solution via a simple integration. Keyed, swiped, and EMV data from point of sale (POS) systems is protected via PCI-validated controls and encryption.
The issued patents relate to Bluefin’s Decryptx P2PE architecture as well as payment device and chain-of-custody management. In order to serve gateways, processors, and other large clients, Bluefin developed a high-speed and resilient decryption architecture. Both of the new patents cover scalable systems and methods for decrypting thousands of transactions per second. Both also cover the systems and methods for parsing data from devices (payment terminals), device authentication and validation, key management, and decryption in a hardware security module (HSM). The patents further relate to a point-to-point encryption management system configured to receive information from a multitude of point of interaction devices (payment terminals).
As a leading PCI P2PE solution provider, Bluefin developed their own proprietary online device management system called the P2PE Manager for clients to monitor the complete lifecycle of a payment device. This includes key injection, device shipping and tracking for chain-of-custody, device state and attestation management, and a record of every decryption performed by every device. The P2PE Manager, together with Decryptx, provides a complete and validated P2PE platform for Bluefin partners.
“Decryptx and the P2PE Manager provide a complete and validated P2PE solution for Bluefin partners because it enables these organization to provide our PCI-validated solution and device management solution through their own proprietary platforms and directly to their clients,” said Ruston Miles, Bluefin’s Chief Innovation Officer. “Now that EMV implementation is nearing a close, merchants are turning their sights toward adopting PCI-validated P2PE solutions, since EMV only authenticates the card being used and does not encrypt the data. Bluefin enables our partners to offer our validated solution, eliminating the need for gateways and processors to become a validated provider themselves.”
Companies and organizations that adopt a PCI-validated P2PE solution throughout their POS environment are eligible for reduced compliance and scope, per the PCI Council. In order to achieve this reduced PCI scope, companies must maintain specific device chain of custody and operational standards, which they attest to every year.
Bluefin’s Decryption as a Service process is part of the company’s comprehensive PCI-validated P2PE solution. Bluefin was awarded its first patent in June 2016 on “Systems and Methods for Creating Fingerprints of Encryption Devices” and its second patent in October 2016 on “Systems and Methods for Decryption as a Service.”