Secure data transmission can be interrupted by many factors, including network outages, poor connectivity, and blackouts. For example, an airplane may try to send access data (e.g., a PIN, password, credit card data) acquired from a passenger to an authorizing entity, but may be unable to do so, due to a poor Internet connection when in flight.
In some cases, if a connection to the authorizing entity cannot be made, a static, long-life, symmetric encryption key is used to encrypt the access data and the encrypted access data is then stored. After the airplane lands, the encrypted access data is then provided to a remote computer which decrypts the data and then obtains authorization for the transactions.
Although such data can be generally secure, it is possible that a hacker could gain possession of the encryption key. If this occurs, then data encrypted using the encryption key may be at risk. In some cases involving payment transactions, merchants need to create and maintain their own static key while complying with the payment card industry data security standard (PCI DSS) requirements. Complying with these rules can be burdensome.
In some cases, no encryption method is used when storing the access data. This is in violation of storage compliance rules as outlined in PCI DSS, and thus poses a major security risk. For example, a traveling salesman may be in areas where Internet connectivity is not reliable. The traveling salesman may store access data on their laptop computer until they regain Internet connectivity. This poses a problem, since the laptop computer can be stolen and the access data can be obtained from the laptop computer.
Embodiments of the invention address these and other problems individually and collectively.