Patent expands Bluefin’s patent coverage of its proprietary fingerprinting methods and point-to-point encryption management computing systems
August 14, 2019 – Atlanta, GA – Bluefin, the leading provider of payment security technologies including PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, hospitality, healthcare, and higher education, has announced the issuance of a patent on core intellectual property in the U.S.
U.S. Patent No. 10,382,405, Managing Payload Decryption Via Fingerprints, is a continuation of U.S Patent No. 9,953,316, issued in April 2018, and expands Bluefin’s patent coverage of its proprietary fingerprinting methods and point-to-point encryption management computing systems.
Virtual “fingerprinting,” or associating unique attributes of an encryption device, is critical in the validated P2PE process. Bluefin’s fingerprinting process is used to validate transactions from each payment device. The digital fingerprint of a payment device extends beyond a unique serial number. Much like 2-factor authentication, the digital fingerprint is used to additionally verify the authenticity of a payment device.
When provisioned, a digital fingerprint of each device is stored. Subsequent transactions from the device are compared to the original provisioning to ensure the authenticity and nonrepudiation for the device. Failure of this verification is an indication of potential device compromise. This allows platforms such as Bluefin’s P2PE Manager® to mark the device as malfunctioning and suspend processing from the device in question pending research and resolution.
“POS malware is the hacker-preferred attack vector in more than 90% of card data breaches which have been vexing merchants globally since 2013. The payments industry has been urging merchants to encrypt card data in the device immediately at the point of entry,” said Ruston Miles, Bluefin’s Chief Strategy Officer. “Encryption is part of a chain of protection called P2PE that is now widely adopted. Certified P2PE requires decryption solutions to inspect each transaction to determine whether it is coming from a trusted device. Bluefin’s device fingerprinting patents play a vital role in this chain of protection.”
In addition to its suite of 17 U.S., Japanese and European patents, Bluefin has another 18 additional patents pending for encryption and payment security innovations. The company’s P2PE network currently includes over 110 connected partners operating in 30 countries, with over 80 devices/applications and 13 Key Injection Facilities (KIFs), as well as remote key injection services (RKI).
In June, Bluefin released a new white paper, authored by Verizon Enterprise Solutions, on the Value of Point-to-Point Encryption in Point-of-Interaction (POI) Environments. Readers can learn more about the POI threat landscape how PCI P2PE protects cardholder data (CHD), while exploring the evolution of P2PE, the differences between certified and non-certified encryption solutions, benefits of PCI-validated P2PE solutions in POI and point-of-sale (POS) environments, and the roles of tokenization, EMV and P2PE in protecting payment data. The white paper is currently available for download.