This relates to encryption and, more particularly, systems for encrypting card data such as payment card data.
Credit cards and other payment cards are widely used in modern financial transactions. In a typical transaction, a cardholder swipes a payment card through a magnetic stripe reader associated with a point-of-sale system. The magnetic stripe reader extracts track data from the payment card. The point-of-sale system sends the track data to a remote payment gateway to determine whether the cardholder is authorized to make a purchase. If the cardholder is authorized, the cardholder's purchase may be charged to the cardholder's account.
The track data from a payment card may include sensitive information such as the cardholder's account number. Due to the sensitive nature of the track data, the track data is often encrypted at or near the point-of-sale system. If care is not taken, however, the encryption process will significantly change the format of the track data. An encrypted version of the track data in which the format of the track data is changed may not be compatible with systems that are interposed between the point-of-sale terminal and the payment gateway. As a result, track data is often encrypted using cryptographic systems that preserve at least the size (length) of the track data and often the character space of the data.
Modern encryption systems require support for encryption key rollover in which encryption keys used to encrypt data are periodically changed. Key rollover support requires that additional information (e.g., key version numbers) be transmitted along with encrypted data so that a decryption engine is able to generate a decryption key corresponding to the correct key version. Challenges can arise in handling key version numbers, particularly in systems that attempt to preserve the format of track data.
It would therefore be desirable to be able to provide improved ways in which to secure payment card track data such as payment card track data that is encrypted using a key rollover scheme.