Self-cleaning token vault
First Claim
1. A method comprising performing by a computer system:
- receiving, over a first network communications channel, a plurality of token generation request messages from one or more token requestors;
causing a plurality of tokens to be generated and stored in a token vault managed by the computer system, wherein a first token is generated in response to a first token generation request message from a first token requestor, wherein the first token is stored in the token vault after being generated, wherein a copy of the first token is sent to and stored on a device of the first token requestor;
associating a first expiration threshold and a first level flag having a first level value with the first token,wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more modifiable rules for managing an associated token in the token vault;
storing the first level flag having the first level value and the first expiration threshold in association with the first token as a first entry at the token vault;
managing the plurality of tokens stored in the token vault using the level values of the level flags corresponding to the tokens, wherein the managing includes;
identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token;
receiving, over the first network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor;
modifying the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and
after modifying;
identifying that the first token has expired based on the modified first set of one or more modifiable rules corresponding to the first level value of the first level flag; and
automatically removing the first token from the token vault in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed to a self-cleaning token vault for managing tokens generated on behalf of a resource provider. The generated tokens may be stored at the token vault. Embodiments provide a token manager (which can be embodied in the token vault or provided as a separate module) that continuously monitor the token vault for expired or redundant tokens. The token manager may enable the resource provider to assign level flags to the tokens and assign level values to the level flags. The level value may indicate an importance or a use characteristic of the token. Upon identifying tokens that are no longer necessary, the self-cleaning token vault or the token manager may automatically remove the tokens from the token vault.
550 Citations
15 Claims
-
1. A method comprising performing by a computer system:
-
receiving, over a first network communications channel, a plurality of token generation request messages from one or more token requestors; causing a plurality of tokens to be generated and stored in a token vault managed by the computer system, wherein a first token is generated in response to a first token generation request message from a first token requestor, wherein the first token is stored in the token vault after being generated, wherein a copy of the first token is sent to and stored on a device of the first token requestor; associating a first expiration threshold and a first level flag having a first level value with the first token, wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more modifiable rules for managing an associated token in the token vault; storing the first level flag having the first level value and the first expiration threshold in association with the first token as a first entry at the token vault; managing the plurality of tokens stored in the token vault using the level values of the level flags corresponding to the tokens, wherein the managing includes; identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token; receiving, over the first network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor; modifying the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and after modifying; identifying that the first token has expired based on the modified first set of one or more modifiable rules corresponding to the first level value of the first level flag; and automatically removing the first token from the token vault in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14, 15)
-
-
9. A data storage system comprising:
-
means for receiving, over a network communications channel, a first token for storage at a token vault; means for receiving, over the network communications channel, a first level flag having a first level value and a first expiration threshold in association with the first token, wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more rules for managing an associated token, wherein the first level flag and a second level flag have different level values, wherein a copy of the first token is sent to and stored on a device of a first token requestor; means for storing the first level flag and the first expiration threshold associated with the first token as a first entry at the token vault; means for identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token; means for receiving, over the network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor; means for modifying the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and after modifying; means for identifying that the first token has expired based on the modified first set of one or more rules corresponding to the first level value of the first level flag; and means for automatically deleting the first token in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault.
-
-
10. An apparatus, comprising:
-
a processor configured to execute a set of instructions; a memory coupled to the processor for storing the set of instructions; and the set of instructions stored in the memory, wherein when the set of instructions are executed by the processor, the apparatus operates to; receive, over a first network communications channel, a plurality of token generation request messages from one or more token requestors; cause a plurality of tokens to be generated and stored in a token vault managed by the apparatus, wherein a first token is generated in response to a first token generation request message from a first token requestor, wherein the first token is stored in the token vault after being generated, wherein a copy of the first token is sent to and stored on a device of the first token requestor; associate a first expiration threshold and a first level flag having a first level value with the first token, wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more modifiable rules for managing an associated token in the token vault; store the first level flag and the first expiration threshold in association with the first token as a first entry at the token vault; store a second level flag in association with a second token as a second entry at the token vault; and manage the plurality of tokens stored in the token vault using the level values of the level flags corresponding to the tokens, wherein the managing includes; identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token; receive, over the first network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor; modify the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and after modifying; identifying that the first token has expired based on the first set of one or more modifiable rules corresponding to the first level value of the first level flag; and automatically removing the first token from the token vault in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault. - View Dependent Claims (11, 12)
-
Specification