Encryption and tokenization architectures

US 10,402,822 B2
Filed: 03/13/2015
Issued: 09/03/2019
Est. Priority Date: 10/23/2007
Status: Active Grant

First Claim

Patent Images

1. A method for lifecycle management of unique token associations that control access to sensitive information, the method comprising:

generating, by a server device, a unique token for use in an online transaction in lieu of a character string stored as encrypted data by the server device, the character string received from a remote client computing device of a set of remote client computing devices associated with an entity registered with the server, wherein registering the entity includes associating the entity with a subscription level that provides access to the unique token;

obtaining, by the server device, a record for an online transaction comprising information associated with the online transaction and the unique token, the record generated by any remote client computing device of the set of remote client computing devices;

communicating, by the server device and to a transaction processing server device, a completed record for the online transaction including the information associated with the online transaction and the character string, wherein the character string is decrypted by the server device;

determining, by the server device, that the character string is out-dated; and

in response to determining that the character string is out-dated,disassociating, by the server device, the unique token and the character string stored as encrypted data, anddeleting, by the server device, the character string from the first memory storage.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the present invention are directed to methods, systems and computer program products for conducting an online transaction on a website involving sensitive information. Such embodiments provide methods, systems and computer program products to: (a) register at least one entity with a gate keeper module, the registering comprising associating the entity with a subscription level; (b) associate a sub-string of a character string with a unique token so that a direct link does not exist between the unique token and the character string; and (c) during processing of the online transaction: (i) using the unique token for intermediate steps during the processing of the online transaction; and (ii) only accessing the character string in storage memory to complete the online transaction after receiving a request from at least one registered entity associated with a subscription level associated with a privilege to receive the requested sensitive information.

Citations

21 Claims

1. A method for lifecycle management of unique token associations that control access to sensitive information, the method comprising:
- generating, by a server device, a unique token for use in an online transaction in lieu of a character string stored as encrypted data by the server device, the character string received from a remote client computing device of a set of remote client computing devices associated with an entity registered with the server, wherein registering the entity includes associating the entity with a subscription level that provides access to the unique token;
  
  obtaining, by the server device, a record for an online transaction comprising information associated with the online transaction and the unique token, the record generated by any remote client computing device of the set of remote client computing devices;
  
  communicating, by the server device and to a transaction processing server device, a completed record for the online transaction including the information associated with the online transaction and the character string, wherein the character string is decrypted by the server device;
  
  determining, by the server device, that the character string is out-dated; and
  
  in response to determining that the character string is out-dated,disassociating, by the server device, the unique token and the character string stored as encrypted data, anddeleting, by the server device, the character string from the first memory storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the character string represents a credit card number.
  - 3. The method of claim 1, wherein determining that the character string is out-dated comprises:
    - determining whether the character string has expired;
      
      ordetermining whether the character string has not been used for at least a predetermined period of time.
  - 4. The method of claim 3, wherein determining that the character string has expired comprises:
    - determining whether a credit card represented by the character string has expired.
  - 5. The method of claim 3, wherein determining whether the character string has not been used for at least the predetermined period of time comprises:
    - determining whether a credit card represented by the character string has not been used for at least the predetermined period of time.
  - 6. The method of claim 1, wherein the step of determining whether the character string is out-dated is performed periodically.
  - 7. The method of claim 1, wherein the step of determining whether the character string is out-dated is performed in response to receipt of a request for the character string.

8. A data processing system for lifecycle management of unique token associations that control access to sensitive information, the data processing system comprising a processor and one or more storage devices embodying computer-readable program instructions that, when executed by the processor, cause the data processing system to:
- generate a unique token corresponding to a received character string, the unique token for use in an online transaction in lieu of the character string stored as encrypted data, the character string received from a remote client computing device associated with an entity registered with the server, wherein registering the entity includes associating the entity with a subscription level that provides access to the unique token;
  
  obtain a record for an online transaction comprising information associated with the online transaction and the unique token, the record generated by any of the set of remote client computing devices;
  
  communicate, to a server, a completed record for the online transaction including the information associated with the online transaction and the character string, wherein the character string is decrypted;
  
  determine whether the encrypted character string is out-dated; and
  
  in response to determining that the sensitive information is out-dated;
  
  disassociate the unique token and the character string stored as encrypted data; and
  
  delete the character string stored as encrypted data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The data processing system of claim 8, wherein the character string represents a credit card number.
  - 10. The data processing system of claim 8, wherein the computer-readable program instructions, when executed by the processor, cause the data processing system to determine whether the character string is out-dated by causing the data processing system to:
    - determine whether the character string has expired;
      
      ordetermine whether the character string has not been used for at least a predetermined period of time.
  - 11. The data processing system of claim 10, wherein the computer-readable program instructions, when executed by the processor, cause the data processing system to determine whether the character string has expired by causing the data processing system to:
    - determine whether a credit card represented by the sensitive information has expired.
  - 12. The data processing system of claim 10, wherein the computer-readable program instructions, when executed by the processor, cause the data processing system to determine whether the character string has not been used for at least the predetermined period of time by causing the data processing system to:
    - determine whether a credit card represented by the character string has not been used for at least the predetermined period of time.
  - 13. The data processing system of claim 8, wherein the computer-readable program instructions, when executed by the processor, cause the data processing system to determine whether the character string is out-dated periodically.
  - 14. The data processing system of claim 8, wherein the computer-readable program instructions, when executed by the processor, cause the data processing system to determine whether the character string is out-dated in response to receipt of a request for character string.

15. A computer program product for lifecycle management of unique token associations that control access to sensitive information, the computer program product comprising a non-transitory computer-readable storage embodying computer-readable program instructions that, when executed, cause a processor to:
- associate a generated unique token to a received character string, the unique token for use in an online transaction in lieu of the character string stored as encrypted data, the character string received from a remote client computing device associated with an entity registered with the server, wherein registering the entity includes associating the entity with a subscription level that provides access to the unique token;
  
  obtain a record for an online transaction comprising information associated with the online transaction and the unique token, the record generated by any of the set of remote client computing devices;
  
  communicate, to a server, a completed record for the online transaction including the information associated with the online transaction and the character string, wherein the character string is decrypted;
  
  determine whether the encrypted character string is out-dated; and
  
  in response to determining that the sensitive information is out-dated;
  
  disassociate the unique token and the character string stored as encrypted data; and
  
  delete the character string stored as encrypted data.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product of claim 15, wherein the character string represents a credit card number.
  - 17. The computer program product of claim 15, wherein the computer-readable program instructions, when executed, cause the processor to determine whether the character string is out-dated by causing the processor to:
    - determine whether the character string has expired;
      
      ordetermine whether the character string has not been used for at least a predetermined period of time.
  - 18. The computer program product of claim 17, wherein the computer-readable program instructions, when executed, cause the processor to determine whether the character string has expired by causing the processor to:
    - determine whether a credit card represented by the character string has expired.
  - 19. The computer program product of claim 17, wherein the computer-readable program instructions, when executed, cause the processor to determine whether the character string has not been used for at least the predetermined period of time by causing the processor to:
    - determine whether a credit card represented by the character string has not been used for at least the predetermined period of time.
  - 20. The computer program product of claim 15, wherein the computer-readable program instructions, when executed, cause the processor to determine whether the character string is out-dated periodically.
  - 21. The computer program product of claim 15, wherein the computer-readable program instructions, when executed, cause the processor to determine whether the character string is out-dated in response to receipt of a request for character string.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Parcel Service Of America Incorporated (United Parcel Service Incorporated)
Original Assignee
United Parcel Service Of America Incorporated (United Parcel Service Incorporated)
Inventors
Sahasranaman, Mahesh, Plumer, Robert W
Primary Examiner(s)
Lemieux, Jessica

Application Number

US14/657,065
Publication Number

US 20160012434A1
Time in Patent Office

1,635 Days
Field of Search

705 39
US Class Current
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/382   insuring higher security of...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2463/102   applying security measure f...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/02   based on web technology, e....

Encryption and tokenization architectures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption and tokenization architectures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links