Bluefin Payment Systems, the provider of PCI-validated point-to-point encryption (P2PE) solutions for retail, health care and higher education, announced on Tuesday (Oct. 4) the issuance of patent #9,461,973 by the United States Patent & Trademark Office on systems and methods for Decryption-as-a-Service (DaaS). The patent encompasses both Bluefin’s high-speed decryption platform and P2PE Manager.
In a press release, Bluefin said it became the first North American-based company to receive PCI validation for a P2PE solution in March 2014. Bluefin’s PCI-validated P2PE solution encrypts cardholder data within a PCI-approved P2PE device, preventing clear-text cardholder data from being available in an organization’s systems and networks where it could be accessible in the event of a data breach.
In 2015, Bluefin introduced Decryptx, the company’s Decryption-as-a-Service product for enabling its PCI-validated P2PE solution on partners’ gateways and processing platforms. Decryptx enables any PCI/DSS provider to enhance their platform and offer Bluefin’s PCI-validated P2PE solution via a simple integration. Keyed, swiped and EMV data from point-of-sale systems is protected via PCI-validated controls and encryption. The issued patent relates to Bluefin’s Decryptx P2PE architecture, as well as payment device and chain-of-custody management. In order to serve gateways, processors and other large clients, Bluefin developed a high-speed decryption architecture. Specifically, the patent covers the systems and methods for parsing data from devices, device authentication and validation, key management and decryption in a hardware security module. The patent also relates to a point-to-point encryption management system configured to receive information from a plurality of point-of-interaction devices (payment terminals).
“After bringing PCI-validated P2PE to the merchant community in North America, we looked for ways to distribute this important security technology through payment providers across the industry,” said Ruston Miles, Bluefin’s chief innovation officer, said in the press release. “Our goal was to remove the reintegration headache of other P2PE solutions by requiring no change to the data flow between the merchant and their provider and delivering P2PE over existing rails. We solved this with our patented Decryption-as-a-Service delivery model.”