June 7, 2016 – Atlanta, GA – Bluefin, the leading provider of PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, healthcare and higher education, today announced the issuance of patent #9,355,374 by the United States Patent & Trademark Office (USPTO) on systems and methods for creating fingerprints of encryption devices specifically for a device management system that has been configured to receive information from a plurality of point of interaction (POI) devices.
In March 2014, Bluefin became the first North American-based company to receive PCI validation for a P2PE solution. Bluefin’s PCI-validated P2PE solution encrypts cardholder data within a PCI-approved P2PE device, preventing clear-text cardholder data from being available in an organization’s systems and networks where it could be accessible in the event of a data breach.
Companies and organizations that adopt a PCI-validated P2PE solution throughout their point of sale (POS) environment are eligible for reduced compliance and scope, per the PCI Council. In order to achieve this reduced PCI scope, companies must maintain specific device chain of custody and operational standards, which they attest to every year.
As a leading PCI P2PE solution provider, Bluefin developed their own proprietary online device management system called the P2PE Manager for clients to monitor, track and deploy devices and locations.
The issued patent relates to systems and methods for creating fingerprints for encryption devices, including an encryption device (payment terminal) operatively connected to a device management system – the P2PE Manager.
“POS Malware is responsible for more than 90% of card data breaches which are at an all-time high. In response, merchants all over the world are moving to encryption solutions in the card acceptance device which is critical in devaluing the card data before it reaches the merchant’s POS environment,” said Ruston Miles, Bluefin’s Chief Innovation Officer. “As dependence on these devices for encryption protection becomes pervasive, it will become important for decryption solutions to inspect each transaction to determine whether it is coming from a trusted device. This is where Bluefin’s device fingerprinting innovation plays a vital role.”
Fingerprinting, or associating unique attributes of an encryption device, is critical in the validated P2PE process. Bluefin’s fingerprinting process is used to validate every transaction from each payment terminal. A “fingerprint” of each device is stored in Bluefin’s P2PE Manager and every transaction from each device is verified against the device’s initial fingerprint. If this verification fails, this is an indication of potential device compromise. Bluefin’s P2PE Manager will mark the device as malfunctioning and suspend processing from the device in question pending research and resolution.
This fingerprinting process is part of Bluefin’s comprehensive validated P2PE solution. Bluefin has three additional patents pending related to device encryption and management.