Bluefin expands their patent portfolio with additional patents that cover the company’s Decryptx® P2PE architecture as well as payment device and chain-of-custody management
June 27, 2017 – Atlanta, GA – Bluefin Payment Systems, the leading provider of PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, healthcare and higher education, today announced the issuance of two new patents by the United States Patent & Trademark Office (USPTO).
The patents are #9,686,250, Systems and methods for decryption as a service via a hardware security module and #9,692,735, Systems and methods for decryption as a service via a message queuing protocol. The patents encompass both Bluefin’s high-speed decryption platform, Decryptx®, and the company’s online P2PE Manager® System.
Bluefin was the first North American-based company to receive PCI validation for a P2PE solution in 2014. The company’s PCI-validated P2PE solution encrypts cardholder data within a PCI-approved P2PE payment device, preventing clear-text cardholder data from being available in an organization’s systems and networks where it could be accessible in the event of a data breach.
In 2015, Bluefin introduced Decryptx, the company’s Decryption as a Service (DaaS) product for enabling their PCI-validated P2PE solution on partners’ gateways and processing platforms. Decryptx enables any PCI/DSS provider to enhance their platform and offer Bluefin’s PCI-validated P2PE solution via a simple integration. Keyed, swiped, and EMV data from point of sale (POS) systems is protected via PCI-validated controls and encryption.
To date, Bluefin has enabled 30 partners to offer their PCI-validated P2PE solution through their platforms, including CyberSource, Merchant Link, USAePay, TNS, Spectra Ticketing, OnPlan Health and more.
The issued patents relate to Bluefin’s Decryptx P2PE architecture as well as payment device and chain-of-custody management. In order to serve gateways, processors, and other large clients, Bluefin developed a high-speed and resilient decryption architecture.
Patent #9,686,250, Systems and methods for decryption as a service via a hardware security module, covers the architecture and transaction handling for a high-speed, resilient decryption platform where hardware security modules (HSM’s) are used to decrypt the protected sensitive data. Patent #9,692,735, Systems and methods for decryption as a service via a message queuing protocol, is a continuation of patent #9,531,712 issued in December 2016 and includes additional claims for data queuing and event notification.
Both of the new patents continue to cover scalable systems and methods for decrypting thousands of transactions per second. Both also cover the systems and methods for parsing data from devices (payment terminals), device authentication and validation, key management, and decryption via HSMs. The patents further relate to a point-to-point encryption management system configured to receive information from a multitude of point of interaction devices (payment terminals).
As a leading PCI P2PE solution provider, Bluefin developed their own proprietary online device management system called the P2PE Manager for clients to monitor the complete lifecycle of a payment device. This includes key injection, device shipping and tracking for chain-of-custody, device state and attestation management, and a record of every decryption performed by every device. The P2PE Manager, together with Decryptx, provides a complete and validated P2PE platform for Bluefin partners.
“We are very excited to be awarded these two new patents,” said Ruston Miles, Bluefin’s Chief Innovation Officer. “These patents represent Bluefin’s commitment to thought leadership in the data security space. They are a cornerstone of our platform to deliver a PCI-validated P2PE service to payment providers worldwide.”
Companies and organizations that adopt a PCI-validated P2PE solution throughout their POS environment are eligible for reduced compliance and scope, per the PCI Council. In order to achieve this reduced PCI scope, companies must maintain specific device chain of custody and operational standards, which they attest to every year.
Bluefin’s Decryption as a Service process is part of the company’s comprehensive PCI-validated P2PE solution. Bluefin has now been awarded six patents since June 2016 on its DaaS Decryptx product and P2PE Manager.