Collision avoidance in a distributed tokenization environment

US 10,063,525 B2
Filed: 05/27/2017
Issued: 08/28/2018
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for tokenizing data comprising:

generating, by a central token management system, a unique set of values for each of a plurality of clients communicatively coupled to the central token management system, wherein each unique set of values is generated by the central token management system for the plurality of clients to avoid collisions between token values generated by the plurality of clients based on the unique sets of values;

providing, by the central token management system, each generated unique set of values to a corresponding client of the plurality of clients, each client configured to generate one or more token values based on a value within the unique set of values corresponding to the client and to store the generated token values in a token table mapping the generated token values to corresponding input values;

receiving, by the central token management system, a request from a requesting client of the plurality of clients for an additional unique set of values;

generating, by the central token management system, the additional unique set of values to avoid collisions with the previously generated unique sets of values; and

providing, by the central token management, the additional unique set of values to the requesting client.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Citations

18 Claims

1. A computer-implemented method for tokenizing data comprising:
- generating, by a central token management system, a unique set of values for each of a plurality of clients communicatively coupled to the central token management system, wherein each unique set of values is generated by the central token management system for the plurality of clients to avoid collisions between token values generated by the plurality of clients based on the unique sets of values;
  
  providing, by the central token management system, each generated unique set of values to a corresponding client of the plurality of clients, each client configured to generate one or more token values based on a value within the unique set of values corresponding to the client and to store the generated token values in a token table mapping the generated token values to corresponding input values;
  
  receiving, by the central token management system, a request from a requesting client of the plurality of clients for an additional unique set of values;
  
  generating, by the central token management system, the additional unique set of values to avoid collisions with the previously generated unique sets of values; and
  
  providing, by the central token management, the additional unique set of values to the requesting client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein a client, in response to a determination that a token table associated with the client includes a token value mapped to a value of a selected portion of the data, is configured to tokenize the data using the token value mapped to the value of the selected portion of the data.
  - 3. The method of claim 1, wherein a client, in response to a determination that a token table associated with the client includes a token value for each value in the unique set of values corresponding to the client, is configured to request an additional unique set of values from the central token management system.
  - 4. The method of claim 1, wherein the data is one of:
    - a credit card number, a bank account number, a social security number, a driver'"'"'s license number, and a passport number.
  - 5. The method of claim 1, wherein each unique set of values comprises a numeric range of values.
  - 6. The method of claim 1, wherein the central token management system is further configured to periodically generate and provide a new unique set of values to each client.

7. A non-transitory computer-readable medium storing executable computer instructions for tokenizing data, the instructions, when executed by a hardware processor, configured to perform steps comprising:
- generating, by a central token management system, a unique set of values for each of a plurality of clients communicatively coupled to the central token management system, wherein each unique set of values is generated by the central token management system for the plurality of clients to avoid collisions between token values generated by the plurality of clients based on the unique sets of values;
  
  providing, by the central token management system, each generated unique set of values to a corresponding client of the plurality of clients, each client configured to generate one or more token values based on a value within the unique set of values corresponding to the client and to store the generated token values in a token table mapping the generated token values to corresponding input values;
  
  receiving, by the central token management system, a request from a requesting client of the plurality of clients for an additional unique set of values;
  
  generating, by the central token management system, the additional unique set of values to avoid collisions with the previously generated unique sets of values; and
  
  providing, by the central token management, the additional unique set of values to the requesting client.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable medium of claim 7, wherein a client, in response to a determination that a token table associated with a client includes a token value mapped to a value of a selected portion of the data, is configured to tokenize the data using the token value mapped to the value of the selected portion of the data.
  - 9. The computer-readable medium of claim 7, wherein a client, in response to a determination that a token table associated with the client includes a token value for each value in the unique set of values corresponding to the client, is configured to request an additional unique set of values from the central token management system.
  - 10. The computer-readable medium of claim 7, wherein the data is one of:
    - a credit card number, a bank account number, a social security number, a driver'"'"'s license number, and a passport number.
  - 11. The computer-readable medium of claim 7, wherein each unique set of values comprises a numeric range of values.
  - 12. The computer-readable medium of claim 7, wherein the central token management system is further configured to periodically generate and provide a new unique set of values to each client.

13. A system for tokenizing data comprising:
- a plurality of client devices; and
  
  a central token management system communicatively coupled to the plurality of client devices and configured to perform steps comprising;
  
  generating a unique set of values for each of the plurality of client devices, wherein each unique set of values is generated by the central token management system for the plurality of clients to avoid collisions between token values generated by the plurality of clients based on the unique sets of values;
  
  providing each generated unique set of values to a corresponding client device of the plurality of client devices, each client device configured to generate one or more token values based on a value within the unique set of values corresponding to the client device and to store the generated token values in a token table mapping the generated token values to corresponding input values;
  
  receiving a request from a requesting client device of the plurality of client devices for an additional unique set of values;
  
  generating the additional unique set of values to avoid collisions with the previously generated unique sets of values; and
  
  providing the additional unique set of values to the requesting client device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein a client device, in response to a determination that a token table associated with the client device includes a token value mapped to a value of a selected portion of the data, is configured to tokenize the data using the token value mapped to the value of the selected portion of the data.
  - 15. The system of claim 13, wherein a client device, in response to a determination that a token table associated with the client device includes a token value for each value in the unique set of values corresponding to the client, is configured to request an additional unique set of values from the central token management system.
  - 16. The system of claim 13, wherein the data is one of:
    - a credit card number, a bank account number, a social security number, a driver'"'"'s license number, and a passport number.
  - 17. The system of claim 13, wherein each unique set of values comprises a numeric range of values.
  - 18. The system of claim 13, wherein the central token management system is further configured to periodically generate and provide a new unique set of values to each client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity US Holding LLC
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf, Ferentz, Zvika
Primary Examiner(s)
Li, Meng

Application Number

US15/607,439
Publication Number

US 20170264595A1
Time in Patent Office

458 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 2463/101   applying security measures ...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04W 12/02   Protecting privacy or anony...

Collision avoidance in a distributed tokenization environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Collision avoidance in a distributed tokenization environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links