| CPC G06Q 20/202 (2013.01) [H04L 9/0841 (2013.01); H04L 9/3247 (2013.01); H04L 9/3263 (2013.01)] | 23 Claims |
|
1. A point of sale device comprising:
a first casing housing an applications processor, a first security processor located within a first security mesh, and a first front end for receiving first information associated with a transaction, wherein the first security processor includes a first tamper detection circuit, and wherein the first casing, the first applications processor, and the first security processor comprise a first separable point of sale device capable of processing transactions;
a second casing housing a second security processor located within a second security mesh separate from the first security mesh and a second front end for receiving second information associated with the transaction, wherein the first casing is connected to the second casing, wherein a secure connection is established between the first security processor and the second security processor, wherein the second security processor includes a second tamper detection circuit; and
a first computer readable medium located within the first security mesh and accessible to the first security processor and storing instructions which, when executed by the first security processor cause the first security processor to:
receive, from the applications processor, an indication of a secure protocol compatible with the second security processor based on the applications processor detecting the second security processor;
in response to the received indication,
transmit a first certificate signing request from the first security processor to the applications processor;
receive a signed first certificate from the applications processor at the first security processor, wherein the signed first certificate is signed by a certificate authority and received in response to transmitting the first certificate signing request;
receive a signed second certificate from the applications processor at the first security processor, wherein the signed second certificate is signed by the certificate authority and received in response to transmitting a second certificate signing request from the second security processor to the applications processor;
verify the signed first certificate and the signed second certificate at the first security processor;
generate, subsequent to verifying the signed first certificate and the signed second certificate, a unique pre-shared key using a key generation algorithm and information from the signed first certificate and the signed second certificate;
establish the secure connection with the second security processor using the unique pre-shared key;
receive, from the first front end, the first information associated with the transaction;
receive, from the second front end, via the secure connection, the second information associated with the transaction; and
authorize the transaction based on the first information and the second information, wherein the applications processor executes additional instructions that cause the applications processor to transfer, using the secure connection, messages from the second security processor to the first security processor;
a second computer readable medium accessible to the applications processor and storing instructions which, when executed by the applications processor, cause the applications processor to:
receive capabilities information from the second security processor;
adjust at least one aspect of an operating system of the applications processor based on the capabilities information;
receive, at the applications processor, the second certificate signing request in a remote procedure call (RPC) certificate signing request from the second security processor;
translate, using the applications processor, the RPC certificate signing request from the second security processor into a hypertext transfer protocol (HTTP) certificate signing request;
transfer the HTTP certificate signing request to the certificate authority
periodically poll the second security processor for outbound messages for the first security processor; and
transfer, using the applications processor and the secure connection, the outbound messages for the first security processor to the first security processor.
|