Encryption and tokenization architectures
First Claim
1. A method for using a unique token in conducting an online transaction on a website to control access to involving sensitive information, the method comprising:
- generating, by a set of servers, a unique token for use in place of the sensitive information in the online transaction, wherein the sensitive information comprises a character string and is stored as encrypted data in a storage memory, and wherein the unique token is directly associated with a last four characters of the character string;
obtaining, by at least one server of the set of servers, a record for an online transaction comprising information associated with the online transaction and the unique token, wherein the unique token is included in lieu of the sensitive information;
based on the unique token, identifying, by at least one server of the set of servers, the last four characters of the character string;
retrieving, by at least one server of the set of servers, the character string stored as encrypted data based on the last four characters of the character string; and
decrypting the character string by at least one server of the set of servers, and completing the online transaction by supplying the record and the decrypted character string to at least one server associated with the website.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of the present invention are directed to methods, systems and computer program products for conducting an online transaction on a website involving sensitive information. Such embodiments provide methods, systems and computer program products to: (a) register at least one entity with a gate keeper module, the registering comprising associating the entity with a subscription level; (b) associate a sub-string of a character string with a unique token so that a direct link does not exist between the unique token and the character string; and (c) during processing of the online transaction: (i) using the unique token for intermediate steps during the processing of the online transaction; and (ii) only accessing the character string in storage memory to complete the online transaction after receiving a request from at least one registered entity associated with a subscription level associated with a privilege to receive the requested sensitive information.
-
Citations
21 Claims
-
1. A method for using a unique token in conducting an online transaction on a website to control access to involving sensitive information, the method comprising:
-
generating, by a set of servers, a unique token for use in place of the sensitive information in the online transaction, wherein the sensitive information comprises a character string and is stored as encrypted data in a storage memory, and wherein the unique token is directly associated with a last four characters of the character string; obtaining, by at least one server of the set of servers, a record for an online transaction comprising information associated with the online transaction and the unique token, wherein the unique token is included in lieu of the sensitive information; based on the unique token, identifying, by at least one server of the set of servers, the last four characters of the character string; retrieving, by at least one server of the set of servers, the character string stored as encrypted data based on the last four characters of the character string; and decrypting the character string by at least one server of the set of servers, and completing the online transaction by supplying the record and the decrypted character string to at least one server associated with the website. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A data processing system for using a unique token in an online transaction on a website involving sensitive information, the data processing system comprising a processor and one or more storage devices embodying computer-readable program instructions that, when executed by the processor, cause the data processing system to:
-
generate a unique token for use in place of the sensitive information in the online transaction, wherein the sensitive information comprises a character string and is stored as encrypted data in a storage memory, wherein the unique token is directly associated with a last four characters of the character string; provide the unique token to a set of user devices associated with the character string; obtain a record for an online transaction from a user device, the record comprising information associated with the online transaction and the unique token, wherein the unique token is used in lieu of the sensitive information; based on the unique token identify a last four characters of the character string; retrieve the character string stored as encrypted data from the storage memory using the last four digits of the character string; and decrypt the character string and, based on the information associated with the online transaction, complete the online transaction by transmitting the record and the decrypted character string to a server associated with the website. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for using a unique token in an online transaction on a website to control access to sensitive information, the computer program product comprising a computer-readable storage embodying computer-readable program instructions that, when executed, cause at least one processor to:
-
generate a unique token for use in place of the sensitive information in the online transaction, wherein the sensitive information comprises a character string and is stored as encrypted data in a storage memory, wherein the unique token is directly associated with a last four characters of the character string; provide the unique token to a set of user devices associated with the character string; obtain a record for an online transaction from a user device, the record comprising information associated with the online transaction and the unique token, the unique token included in the online transaction in lieu of the sensitive information; identify, based on the unique token, the last four characters of the character string; retrieve, based on the last four characters of the character string, the character string stored as encrypted data from a storage memory; and decrypt the character string and, based on the information associated with the online transaction, complete the online transaction by transmitting the record and the decrypted character string to a server associated with the website. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification