Protection of financial and/or sensitive information including payment card data, personal identification numbers (PINs) and personal identification information from fraud and theft is a problem for many companies. To deal with this problem, the Payment Card Industry (PCI) provides security guidelines for payment peripherals, such as card readers, keyboards containing card readers, and PIN entry devices. The guidelines require that such peripherals meet certain requirements for data encryption and encryption key management.
In addition to payment peripherals, there are other types of peripherals that are used to input valuable and sensitive information. For example, an optical code scanner can be used to read a barcode on a personal identification document that has sensitive personal information encoded in the barcode. In another example, a radio frequency identification (RFID) reader can be used to read an RFID chip located in a personal identification document or credit card that has sensitive financial or personal information.
These and other peripherals are used to read financial or sensitive information and certain methods and devices described herein are used to secure the information. However, third parties that will at some point receive and process the information may require additional levels of security. In some cases, a third party does not want to trust the parties that make or install the peripherals with the information used to provide the additional levels of security. These additional levels of security provided by a third party are known as secret features or functions and are required by the third party to be present in a peripheral but the manufacturer of the peripheral cannot know the specifics of the secret features or functions.