Token-based secure data management

US 10,020,942 B2
Filed: 08/03/2017
Issued: 07/10/2018
Est. Priority Date: 06/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising a processor and memory storing instructions that, if executed by the processor:

receive a request for sensitive user data from a second entity, the request including a token provided to a first entity in place of the sensitive data;

assign a time to live to the sensitive user data;

delete the sensitive user data following expiration of the time to live; and

as a result of deleting the sensitive user data, send an instruction to the first entity to delete the token corresponding to the sensitive user data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

Citations

20 Claims

1. A system, comprising a processor and memory storing instructions that, if executed by the processor:
- receive a request for sensitive user data from a second entity, the request including a token provided to a first entity in place of the sensitive data;
  
  assign a time to live to the sensitive user data;
  
  delete the sensitive user data following expiration of the time to live; and
  
  as a result of deleting the sensitive user data, send an instruction to the first entity to delete the token corresponding to the sensitive user data.
- View Dependent Claims (2, 3, 4)
- - 2. The system as recited in claim 1, wherein the sensitive user data is not provided to the first entity.
  - 3. The system as recited in claim 1, wherein the token has a value that identifies a data type of the sensitive user data.
  - 4. The system as recited in claim 1, wherein the system further:
    - receives a request including the token from a third entity; and
      
      withholds a portion of the sensitive user data from the third entity in accordance with access policies for the third entity, the portion of the sensitive user data being a proper subset of the sensitive user data provided to the second entity.

5. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,assigning a time to live to sensitive data associated with a first token provided to a first entity in place of the sensitive data;
  
  deleting the sensitive data following expiration of the time to live; and
  
  as a result of deleting the sensitive data, sending an instruction to the first entity to delete the token corresponding to the sensitive data.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The method as recited in claim 5, wherein:
    - the time to live is specified as an amount of time relative to a time associated with assigning the first token to the sensitive data; and
      
      the instruction sent to the first entity is provided by a security module within a storage service that retains the sensitive data.
  - 7. The method as recited in claim 5, wherein the sensitive data is stored in a memory as secure data in an encrypted form.
  - 8. The method as recited in claim 5, wherein:
    - receiving a form from a user, the form specifying nonsensitive data associated with the sensitive data; and
      
      providing the nonsensitive data to the first entity.
  - 9. The method as recited in claim 5, further comprising:
    - receiving the sensitive data in encrypted form from a server; and
      
      receiving nonsensitive data associated with the sensitive data from the server.
  - 10. The method as recited in claim 5, further comprising:
    - receiving a request for the sensitive data and associated nonsensitive data from one or more data consumers; and
      
      fulfilling the request in accordance with access policies defining authorizations of individual members of the one or more data consumers.
  - 11. The method as recited in claim 10, wherein the access policies specify that different data consumers are provided different portions of the sensitive data in response to requests received using a matching token.
  - 12. The method as recited in claim 5, further comprising:
    - acquiring a request from a data consumer, the request identifying the first token;
      
      determining whether the data consumer is authorized to receive the sensitive data; and
      
      as a result of having determined that the data consumer is authorized to receive the sensitive data, providing the sensitive data to the data consumer in encrypted form.
  - 13. The method as recited in claim 12, further comprising:
    - receiving an update to access policies that describe whether the data consumer is authorized to receive the sensitive data; and
      
      withholding a portion of the sensitive data from the data consumer based on the access policies.
  - 14. The method as recited in claim 5, wherein the time to live is based at least in part on a data type of the sensitive data.

15. One or more non-transitory computer-readable media storing computer-executable instructions that, as a result of being executed, cause one or more processors to:
- assign a time to live to a first piece of sensitive data associated with a first token, the first token provided to a first entity in place of the sensitive data;
  
  delete the first piece of sensitive data following expiration of the time to live; and
  
  as a result of deleting the first piece of sensitive data, send an instruction to the first entity to delete the first token corresponding to the first piece of sensitive data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more non-transitory computer-readable media as recited in claim 15, wherein:
    - the time to live designates a lifespan of the data; and
      
      the instruction identifies the first token.
  - 17. The one or more non-transitory computer-readable media as recited in claim 15, further comprising:
    - generating a second token for a second piece of sensitive data;
      
      providing the second token in place of the second piece of sensitive data to a second entity that maintains nonsensitive data associated with the second piece of sensitive data; and
      
      wherein the first token and the second token further include a same data type as part of the respective first token and second token.
  - 18. The one or more non-transitory computer-readable media as recited in claim 17, wherein:
    - the first token includes a user identifier associated with a particular user; and
      
      the second token includes a matching user identifier associated with the particular user.
  - 19. The one or more non-transitory computer-readable media as recited in claim 17, wherein the first piece of sensitive data is received by the first entity as part of a first transaction and the second piece of sensitive data is received by the second entity as part of a second transaction.
  - 20. The one or more non-transitory computer-readable media as recited in claim 17, wherein:
    - the second piece of sensitive data is a distinct copy of the second piece of sensitive data; and
      
      the first token is different than the second token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Kozolchyk, Jonathan, Canavor, Darren E., Fielding, Jeffrey J., Mallya, Vaibhav, McAdams, Darin Keith
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US15/668,644
Publication Number

US 20170331629A1
Time in Patent Office

341 Days
Field of Search

713185
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/102   Entity profiles

H04L 67/1097   for distributed storage of ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3239   involving non-keyed hash fu...

H04L 9/40   Network security protocols

Token-based secure data management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Token-based secure data management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links