Secure generation and inversion of tokens
First Claim
Patent Images
1. An apparatus, comprising:
- a secure execution environment that comprises;
a processor; and
memory that is operably coupled to the processor, the memory loaded with instructions that, when executed by the processor, cause the processor to perform acts for generating a token that represents a string that conforms to a predefined format, the acts comprising;
receiving a request to generate the token that is representative of the string from a logically separate computing environment, the request comprising an encrypted tokenization function and the string;
decrypting the encrypted tokenization function based upon a decryption algorithm that is securely retained in the secure execution environment;
generating the token by executing the tokenization function over the string;
deleting the tokenization function and the string responsive to the token being generated;
outputting the token to the logically separate computing environment;
subsequent to outputting the token to the logically separate computing environment, receiving the encrypted tokenization function and the token from the logically separate computing environment;
decrypting the encrypted tokenization function based upon the decryption algorithm that is securely retained in the secure execution environment;
inverting the tokenization function;
executing the inverted tokenization function over the token to generate the string;
deleting the inverted tokenization function responsive to the string being generated; and
outputting the string to the logically separate computing environment.
3 Assignments
0 Petitions
Accused Products
Abstract
Described herein are various technologies related to secure generation of tokens and secure inversion of tokens. A tokenization system executes in a secure execution environment, and is configured to receive a string and an encrypted tokenization function. The tokenization system decrypts the encrypted tokenization function, and executes the tokenization function over the string to generate a token. The token is transmitted to a logically separate computing environment, and the tokenization system deletes the tokenization function and the string.
-
Citations
20 Claims
-
1. An apparatus, comprising:
a secure execution environment that comprises; a processor; and memory that is operably coupled to the processor, the memory loaded with instructions that, when executed by the processor, cause the processor to perform acts for generating a token that represents a string that conforms to a predefined format, the acts comprising; receiving a request to generate the token that is representative of the string from a logically separate computing environment, the request comprising an encrypted tokenization function and the string; decrypting the encrypted tokenization function based upon a decryption algorithm that is securely retained in the secure execution environment; generating the token by executing the tokenization function over the string; deleting the tokenization function and the string responsive to the token being generated; outputting the token to the logically separate computing environment; subsequent to outputting the token to the logically separate computing environment, receiving the encrypted tokenization function and the token from the logically separate computing environment; decrypting the encrypted tokenization function based upon the decryption algorithm that is securely retained in the secure execution environment; inverting the tokenization function; executing the inverted tokenization function over the token to generate the string; deleting the inverted tokenization function responsive to the string being generated; and outputting the string to the logically separate computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method for generating a token that represents a string that conforms to a predefined format, wherein the method is performed by a processor in a secure execution environment, the method comprising:
-
receiving a request to generate the token that is representative of the string from a computing environment that is logically separate from the secure execution environment, the request comprising an encrypted tokenization function and the string; decrypting the encrypted tokenization function based upon a decryption algorithm that is securely retained in the secure execution environment; generating the token by executing the tokenization function over the string; deleting the tokenization function and the string responsive to the token being generated; outputting the token to the logically separate computing environment; subsequent to outputting the token to the logically separate computing environment, receiving the encrypted tokenization function and the token from the logically separate computing environment; decrypting the encrypted tokenization function based upon the decryption algorithm that is securely retained in the secure execution environment; inverting the tokenization function; executing the inverted tokenization function over the token to generate the string; deleting the inverted tokenization function responsive to the string being generated; and outputting the string to the logically separate computing environment. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A memory device in a secure execution environment of an apparatus, wherein the memory device comprises instructions for generating a token that represents a string that conforms to a predefined format, wherein the instructions, when executed by a processor in the secure execution environment of the apparatus, cause the processor to perform acts comprising:
-
receiving a request to generate the token that is representative of a first the string from a computing environment that is logically separate from the secure execution environment, the request comprising an encrypted tokenization function and the string; decrypting the encrypted tokenization function based upon a decryption algorithm that is securely retained in the secure execution environment; generating the token by executing the tokenization function over the string; deleting the tokenization function and the string responsive to the token being generated; outputting the token to the logically separate computing environment; subsequent to outputting the token to the logically separate computing environment, receiving the encrypted tokenization function and the token from the logically separate computing environment; decrypting the encrypted tokenization function based upon the decryption algorithm that is securely retained in the secure execution environment; inverting the tokenization function; executing the inverted tokenization function over the token to generate the string; deleting the inverted tokenization function responsive to the string being generated; and outputting the string to the logically separate computing environment.
-
Specification