Abstract: A provisioning system is provided for terminals such as point of sale terminals. An interface device interfaces with a smart card and a provisioning server, providing initialization keys and security codes that are stored on the smart card. At a terminal, an initialization key from the smart card may be provided to the terminal if a correct security code is entered at the terminal. The terminal may then provide a terminal authorization package to the smart card. The terminal authorization package is stored on the smart card. At the interface device, the terminal authorization package is provided to the provisioning server. The terminal may then securely communicate transactions with an issuer server.

Abstract: A provisioning system is provided for terminals such as point of sale terminals. An interface device interfaces with a smart card and a provisioning server, providing initialization keys and security codes that are stored on the smart card. At a terminal, an initialization key from the smart card may be provided to the terminal if a correct security code is entered at the terminal. The terminal may then provide a terminal authorization package to the smart card. The terminal authorization package is stored on the smart card. At the interface device, the terminal authorization package is provided to the provisioning server. The terminal may then securely communicate transactions with an issuer server.

Abstract: A provisioning system is provided for terminals such as point of sale terminals. An interface device interfaces with a smart card and a provisioning server, providing initialization keys and security codes that are stored on the smart card. At a terminal, an initialization key from the smart card may be provided to the terminal if a correct security code is entered at the terminal. The terminal may then provide a terminal authorization package to the smart card. The terminal authorization package is stored on the smart card. At the interface device, the terminal authorization package is provided to the provisioning server. The terminal may then securely communicate transactions with an issuer server.

Abstract: A point of sale system has a display for receiving touch inputs, a controller to receive the touch inputs from the display, and a secure controller to receive touch input data from the controller. The system also has a card interface module and a contactless interface module to provide encrypted data to the secure controller. The secure controller can operate in either a secure mode or a non-secure mode. When a non-secure mode is engaged, the secure controller provides the touch input data to a processor. When a secure mode is engaged, the secure controller blocks at least a portion of the touch input data from the processor.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: A transaction processing system includes a payment reader for processing payment transactions. The payment reader receives payment information from a payment interface. The payment information is processed based on firmware instructions that are stored in memory and executed by a processor. A first subset of the firmware instructions is associated with transaction processing modules. Each of the transaction processing modules comprise position independent code and are located in a distinct section of memory from a second subset of firmware instructions and the position independent code associated with each of the other of the transaction processing modules.

Abstract: A payment reader includes a contactless interface for communicating with a contactless device. The payment reader has a processor that executes instructions stored in memory, and the instructions include instructions for a plurality of firmware modules including a message dispatcher module and a plurality of functional modules. The functional modules generate messages and the message dispatcher module stores the messages in a queued data structure such as a stack or a queue. The messages are provided to the functional modules from the queued data structure. Some of the messages are timed messages that are returned to the queued data structure.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: A payment reader includes a contactless interface for communicating with a contactless device. The payment reader has a processor that executes instructions stored in memory, and the instructions include instructions for a plurality of firmware modules including a message dispatcher module and a plurality of functional modules. The functional modules generate messages and the message dispatcher module stores the messages in a queued data structure such as a stack or a queue. The messages are provided to the functional modules from the queued data structure. Some of the messages are timed messages that are returned to the queued data structure.

Abstract: A payment reader includes a contactless interface for communicating with a contactless device. The payment reader has a processor that executes instructions stored in memory, and the instructions include instructions for a plurality of firmware modules including a message dispatcher module and a plurality of functional modules. The functional modules generate messages and the message dispatcher module stores the messages in a queued data structure such as a stack or a queue. The messages are provided to the functional modules from the queued data structure. Some of the messages are timed messages that are returned to the queued data structure.

Abstract: A payment reader includes a contactless interface for communicating with a contactless device. The payment reader has a processor that executes instructions stored in memory, and the instructions include instructions for a plurality of firmware modules including a message dispatcher module and a plurality of functional modules. The functional modules generate messages and the message dispatcher module stores the messages in a queued data structure such as a stack or a queue. The messages are provided to the functional modules from the queued data structure. Some of the messages are timed messages that are returned to the queued data structure.

Abstract: A payment reader includes a contactless interface for communicating with a contactless device. The payment reader has a processor that executes instructions stored in memory, and the instructions include instructions for a plurality of firmware modules including a message dispatcher module and a plurality of functional modules. The functional modules generate messages and the message dispatcher module stores the messages in a queued data structure such as a stack or a queue. The messages are provided to the functional modules from the queued data structure. Some of the messages are timed messages that are returned to the queued data structure.

Abstract: Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.

Abstract: A point of sale system has a display for receiving touch inputs, a controller to receive the touch inputs from the display, and a secure controller to receive touch input data from the controller. The system also has a card interface module and a contactless interface module to provide encrypted data to the secure controller. The secure controller can operate in either a secure mode or a non-secure mode. When a non-secure mode is engaged, the secure controller provides the touch input data to a processor. When a secure mode is engaged, the secure controller blocks at least a portion of the touch input data from the processor.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.