| CPC G06Q 20/401 (2013.01) [G06Q 20/34 (2013.01); G06Q 20/3829 (2013.01)] | 20 Claims |
|
1. A method comprising:
receiving, by one or more servers of a card processing system and from a payment card network, a key request to store a cryptographic key for a payment card account in a hardware security device associated with a third-party system;
generating, by the one or more servers and within a distributed database of the card processing system, a metadata layer comprising metadata associated with the cryptographic key in response to the key request;
storing, by the distributed database, the metadata layer of the cryptographic key;
transmitting, by a key exchange system, the cryptographic key to the third-party system for storing in the hardware security device;
validating, by the one or more servers, the cryptographic key based on the metadata layer comprising the metadata associated with the cryptographic key in response to the payment card network sending a transaction request to the card processing system to perform a transaction comprising the cryptographic key;
detecting, by the one or more servers utilizing a key monitoring system of the card processing system, one or more events in connection with validating the cryptographic key or based on historical data associated with the payment card account;
in response to detecting the one or more events, generating a forced exchange message from the key monitoring system to the key exchange system, the forced exchange message comprising instructions to initiate a key exchange operation;
providing, utilizing the key exchange system, a key exchange request to the payment card network in response to the forced exchange message from the key monitoring system to the key exchange system;
generating, by the payment card network, a new cryptographic key in response to the key exchange request;
in response to receiving the new cryptographic key from the payment card network:
generating, by a key metadata system, a new metadata layer for the new cryptographic key;
storing, by the distributed database, the new metadata layer;
invalidating, by the distributed database, the metadata layer associated with the cryptographic key; and
transmitting, by the key exchange system, the new cryptographic key to the third-party system for storing in the hardware security device and removing the cryptographic key from the hardware security device; and
performing, by the one or more servers in connection with the hardware security device associated with the third-party system, the transaction corresponding to the transaction request in response to validating the new cryptographic key.
|