ESTABLISHMENT OF A SECURE SESSION BETWEEN A CARD READER AND A MOBILE DEVICE

摘要

Disclosed is a technique for establishing a secure communication session between a mobile device and a card reader. The technique can involve using a trusted, remote validation server to validate security information of both the card reader and a POS module in the mobile device prior to, and as a precondition of, the card reader and the POS module establishing a secure communication session with each other. In certain embodiments the POS module sends the security information of both the card reader and the POS module to the validation server. The security information can include cryptographic keys of the POS module and the card reader and additional security information related to the POS module and its software environment.

主权项

1. A method comprising:
detecting, by a point-of-sale (POS) software module that executes in a mobile device, initiation of a session between the POS software module and a mobile card reader coupled to the mobile device; receiving, by the POS software module from the mobile card reader, security related information of the mobile card reader; causing the security related information of the mobile card reader and security related information of the POS software module to be transmitted from the mobile device to a remote computer system, for validation by the remote computer system, wherein the security related information of the POS software module includes data indicative of a software environment of the POS software module; receiving, by the POS software module, an indication that the security related information of the POS software module and the security related information of the mobile card reader have been validated by the remote computer system, wherein the indication includes a cryptographic key of the POS software module, signed by the remote computer; and sending the cryptographic key of the POS software module, signed by the remote computer, from the POS software module to the mobile card reader, and generating, in cooperation with the mobile card reader, a secure session key for encrypted communication between the POS software module and the mobile card reader.