Self-cleaning token vault

US 10,509,779 B2
Filed: 09/14/2016
Issued: 12/17/2019
Est. Priority Date: 09/14/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising performing by a computer system:

receiving, over a first network communications channel, a plurality of token generation request messages from one or more token requestors;

causing a plurality of tokens to be generated and stored in a token vault managed by the computer system, wherein a first token is generated in response to a first token generation request message from a first token requestor, wherein the first token is stored in the token vault after being generated, wherein a copy of the first token is sent to and stored on a device of the first token requestor;

associating a first expiration threshold and a first level flag having a first level value with the first token,wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more modifiable rules for managing an associated token in the token vault;

storing the first level flag having the first level value and the first expiration threshold in association with the first token as a first entry at the token vault;

managing the plurality of tokens stored in the token vault using the level values of the level flags corresponding to the tokens, wherein the managing includes;

identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token;

receiving, over the first network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor;

modifying the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and

after modifying;

identifying that the first token has expired based on the modified first set of one or more modifiable rules corresponding to the first level value of the first level flag; and

automatically removing the first token from the token vault in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to a self-cleaning token vault for managing tokens generated on behalf of a resource provider. The generated tokens may be stored at the token vault. Embodiments provide a token manager (which can be embodied in the token vault or provided as a separate module) that continuously monitor the token vault for expired or redundant tokens. The token manager may enable the resource provider to assign level flags to the tokens and assign level values to the level flags. The level value may indicate an importance or a use characteristic of the token. Upon identifying tokens that are no longer necessary, the self-cleaning token vault or the token manager may automatically remove the tokens from the token vault.

550 Citations

15 Claims

1. A method comprising performing by a computer system:
- receiving, over a first network communications channel, a plurality of token generation request messages from one or more token requestors;
  
  causing a plurality of tokens to be generated and stored in a token vault managed by the computer system, wherein a first token is generated in response to a first token generation request message from a first token requestor, wherein the first token is stored in the token vault after being generated, wherein a copy of the first token is sent to and stored on a device of the first token requestor;
  
  associating a first expiration threshold and a first level flag having a first level value with the first token,wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more modifiable rules for managing an associated token in the token vault;
  
  storing the first level flag having the first level value and the first expiration threshold in association with the first token as a first entry at the token vault;
  
  managing the plurality of tokens stored in the token vault using the level values of the level flags corresponding to the tokens, wherein the managing includes;
  
  identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token;
  
  receiving, over the first network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor;
  
  modifying the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and
  
  after modifying;
  
  identifying that the first token has expired based on the modified first set of one or more modifiable rules corresponding to the first level value of the first level flag; and
  
  automatically removing the first token from the token vault in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14, 15)
- - 2. The method of claim 1, wherein the managing further comprises:
    - continuously monitoring the token vault to identify tokens that are expired.
  - 3. The method of claim 1, wherein automatically removing the first token from the token vault further comprises:
    - sending, over a second network communications channel, an instruction to the token vault to delete the first token.
  - 4. The method of claim 1, wherein the first level flag is associated with the first token based on an instruction received from token requestor of the first token.
  - 5. The method of claim 1, wherein the first token generation request message includes the first level flag.
  - 6. The method of claim 1, wherein the level value indicates use characteristic of a corresponding token.
  - 7. The method of claim 1, further comprising, after removing the first token from the token vault:
    - reusing the first token by associating the first token with a user account identifier, wherein the first token was associated with a different user account identifier prior to being removed from the token vault.
  - 8. The method of claim 1, wherein a token replaces a user account identifier included in a corresponding token generation request message.
  - 13. The method of claim 1, further comprising:
    - continuously monitoring the token vault to identify tokens that are expired; and
      
      periodically removing expired tokens from the token vault.
  - 14. The method of claim 1, wherein the store action or the delete action is independent from the first expiration threshold associated with the first token.
  - 15. The method of claim 1, further comprising:
    - generating a second token in response to a second token generation request message;
      
      associating a second expiration threshold and a second level flag having a second level value with the second token, wherein the first level flag and the second level flag have different level values; and
      
      storing the second level flag having the second level value and the second expiration threshold in association with the second token as a second entry at the token vault,wherein the managing the plurality of tokens further includes;
      
      identifying that the second token has not expired based on a second set of one or more modifiable rules corresponding to the second level value of the second level flag.

9. A data storage system comprising:
- means for receiving, over a network communications channel, a first token for storage at a token vault;
  
  means for receiving, over the network communications channel, a first level flag having a first level value and a first expiration threshold in association with the first token, wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more rules for managing an associated token, wherein the first level flag and a second level flag have different level values, wherein a copy of the first token is sent to and stored on a device of a first token requestor;
  
  means for storing the first level flag and the first expiration threshold associated with the first token as a first entry at the token vault;
  
  means for identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token;
  
  means for receiving, over the network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor;
  
  means for modifying the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and
  
  after modifying;
  
  means for identifying that the first token has expired based on the modified first set of one or more rules corresponding to the first level value of the first level flag; and
  
  means for automatically deleting the first token in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault.

10. An apparatus, comprising:
- a processor configured to execute a set of instructions;
  
  a memory coupled to the processor for storing the set of instructions; and
  
  the set of instructions stored in the memory, wherein when the set of instructions are executed by the processor, the apparatus operates to;
  
  receive, over a first network communications channel, a plurality of token generation request messages from one or more token requestors;
  
  cause a plurality of tokens to be generated and stored in a token vault managed by the apparatus, wherein a first token is generated in response to a first token generation request message from a first token requestor, wherein the first token is stored in the token vault after being generated, wherein a copy of the first token is sent to and stored on a device of the first token requestor;
  
  associate a first expiration threshold and a first level flag having a first level value with the first token,wherein a level flag has one of a plurality of level values, wherein a level value indicates a respective set of one or more modifiable rules for managing an associated token in the token vault;
  
  store the first level flag and the first expiration threshold in association with the first token as a first entry at the token vault;
  
  store a second level flag in association with a second token as a second entry at the token vault; and
  
  manage the plurality of tokens stored in the token vault using the level values of the level flags corresponding to the tokens, wherein the managing includes;
  
  identifying that the first token has not expired based on a first set of one or more modifiable rules corresponding to the first level value of the first level flag, wherein applying the first set of one or more modifiable rules results in a store action for the first level value of the first token;
  
  receive, over the first network communications channel, an instruction to modify the first set of one or more modifiable rules corresponding to the first level value of the first level flag from the first token requestor;
  
  modify the first set of one or more modifiable rules into a modified first set of one or more modifiable rules based on the instruction, wherein applying the modified first set of one or more modifiable rules results in a delete action for the first token; and
  
  after modifying;
  
  identifying that the first token has expired based on the first set of one or more modifiable rules corresponding to the first level value of the first level flag; and
  
  automatically removing the first token from the token vault in response to identifying that the first token has expired and based on the first level value of the first level flag, thereby removing all elements of the first entry associated with the first token from the token vault.
- View Dependent Claims (11, 12)
- - 11. The apparatus of claim 10, wherein when managing the plurality of tokens stored in the token vault, the apparatus further operates to:
    - continuously monitor the token vault to identify tokens that are expired.
  - 12. The apparatus of claim 10, wherein when automatically removing the first token from the token vault, the apparatus further operates to:
    - send, over a second network communications channel, an instruction to the token vault to delete the first token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Chipman, Tommy
Primary Examiner(s)
Frumkin, Jesse P

Application Number

US15/265,282
Publication Number

US 20180075081A1
Time in Patent Office

1,189 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2365   Ensuring data consistency a...

G06F 16/955   using information identifie...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3825   Use of electronic signatures

G06Q 20/385   using an alias or single-us...

Self-cleaning token vault

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

550 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Self-cleaning token vault

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

550 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links