For a pin-pad terminal to be able to make a secure electronic payment via a merchant's acquirer, the pin-pad terminal must first be configured with a set of cryptographic keys that allows the pin-pad terminal to encrypt sensitive payment-related data transmitted from the pin-pad terminal to the acquirer via the merchant's acquirer network, and to decrypt sensitive payment-related data received at the pin-pad terminal.
To safeguard the cryptographic integrity of the pin-pad terminals, before the pin-pad manufacturer releases the pin-pad terminals to a merchant typically the manufacturer configures each virgin pin-pad terminal with a set of cryptographic keys by directly connecting the virgin pin-pad terminal to a hardware security module that generates the cryptographic keys and injects the keys directly into the pin-pad terminal. The hardware security module may also encrypt the cryptographic key sets, and transmit the encrypted key sets to a local computer for uploading to the merchant's acquirer. The pin-pad terminals are also typically stored in a secure restricted-access room for the duration of the configuration process.
While this approach to pin-pad configuration limits the likelihood of the security of the payment-related data from being compromised, this approach to pin-pad configuration is quite cumbersome and time consuming.
Fasoli (US 2013/0198067) describes using a personal communications device to remotely configure a standard EMV terminal. A merchant uses the personal communications device to provide a remote server with account information. In response, the remote server provides the personal communications device with a merchant identifier, a terminal identifier and a configuration file that includes information specific to a financial institution. The personal communications device then configures the standard EMV terminal with the merchant identifier, terminal identifier and configuration file.
Baig (U.S. Pat. No. 8,819,428) describes remotely injecting a public key into a PIN entry device that is already in use. The public key may be digitally-signed by a trusted authority to allow the PIN entry device to ensure that only a valid public key is injected into the PIN entry device. During a transaction with a merchant, the PIN entry device incorporates random data, time stamp data, device serial number and the consumer's PIN into a PIN block, and encrypts the PIN block with the public key prior to transmitting the PIN block to the acquirer. The acquirer may have the corresponding private key to validate the PIN block.