Systems and method for providing a data security service

US 10,616,187 B2
Filed: 04/27/2018
Issued: 04/07/2020
Est. Priority Date: 01/08/2016
Status: Active Grant

First Claim

Patent Images

1. A method for providing services utilizing encrypted data, the method comprising:

receiving, at a first data center from a first device, data in connection with a service request initiated by a user, wherein the first data center is configured to provide encryption and decryption functionality, wherein the service request is generated and transmitted by a graphical user interface application configured to;

receive the data from the user, determine whether the data comprises information subject to payment card industry data security standard (PCI DSS) regulations, and selectively transmit the data to the first data center or a second data center based on whether the data comprises information subject to PCI DSS regulations, wherein the graphical user interface transmits the data to the first data center when the data comprises information subject to PCI DSS regulations and transmits the data to the second data center when the data does not comprise information subject to PCI DSS regulations;

encrypting, by the first data center, the data to produce encrypted data;

transmitting the encrypted data from the first data center to the second data center, wherein the second data center is configured to store and provide encrypted data in connection with providing services to one or more users;

receiving, at the second data center, the encrypted data from the first data center;

storing the encrypted data in a database accessible to the second data center;

receiving, at the first data center, a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;

retrieving, by the first data center, the encrypted data from the database accessible to the second data center;

decrypting, at the first data center, the encrypted data to produce decrypted data; and

providing, from the first data center, the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-readable media for providing standards compliant encryption, storage, and retrieval of data are disclosed. In an embodiment, data is received at a first data center from a first device in connection with a service request, and encrypted to produce encrypted data. The encrypted data may be transmitted from the first data center to the first device, and then may subsequently be received at a second data center. The second data center may store the encrypted data in a database accessible to the second data center. Because all data provided to the system is encrypted by the first data center prior to being stored and/or provided to the second data center, the database and the second data center may be out of the scope of compliance monitoring, auditing, and reporting for one or more data security standards.

Citations

18 Claims

1. A method for providing services utilizing encrypted data, the method comprising:
- receiving, at a first data center from a first device, data in connection with a service request initiated by a user, wherein the first data center is configured to provide encryption and decryption functionality, wherein the service request is generated and transmitted by a graphical user interface application configured to;
  
  receive the data from the user, determine whether the data comprises information subject to payment card industry data security standard (PCI DSS) regulations, and selectively transmit the data to the first data center or a second data center based on whether the data comprises information subject to PCI DSS regulations, wherein the graphical user interface transmits the data to the first data center when the data comprises information subject to PCI DSS regulations and transmits the data to the second data center when the data does not comprise information subject to PCI DSS regulations;
  
  encrypting, by the first data center, the data to produce encrypted data;
  
  transmitting the encrypted data from the first data center to the second data center, wherein the second data center is configured to store and provide encrypted data in connection with providing services to one or more users;
  
  receiving, at the second data center, the encrypted data from the first data center;
  
  storing the encrypted data in a database accessible to the second data center;
  
  receiving, at the first data center, a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;
  
  retrieving, by the first data center, the encrypted data from the database accessible to the second data center;
  
  decrypting, at the first data center, the encrypted data to produce decrypted data; and
  
  providing, from the first data center, the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first data center does not include a database for storing user data.
  - 3. The method of claim 1, further comprising periodically auditing the first data center to determine whether data that has been encrypted by the first data center has been stored at rest within the first data center in an unencrypted format.
  - 4. The method of claim 1, wherein the second data center comprises business logic configured to provide one or more services based on user data that has been encrypted by the first data center.
  - 5. The method of claim 4, wherein the one or more services provided by the business logic comprise a money transfer service, a prepaid card loading service, a bill pay service, or a combination thereof.
  - 6. The method of claim 1, further comprising:
    - displaying, at the first device, the graphical user interface that prompts the user for service information to configure the data of the service request; and
      
      receiving, at the first device, inputs corresponding to the service information via the graphical user interface.
  - 7. The method of claim 1, wherein the first data center and the second data center are data centers of a money transfer network operated by a money transfer entity.

8. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations for providing services utilizing encrypted data, the operations comprising:
- receiving, at a first data center from a first device, data in connection with a service request initiated by a user, wherein the first data center is configured to provide encryption and decryption functionality, wherein the service request is generated and transmitted by a graphical user interface application configured to;
  
  receive the data from the user determine whether the data comprises information subject to payment card industry data security standard (PCI DSS) regulations, and selectively transmit the data to the first data center or a second data center based on whether the data comprises information subject to PCI DSS regulations, wherein the graphical user interface transmits the data to the first data center when the data comprises information subject to PCI DSS regulations and transmits the data to the second data center when the data does not comprise information subject to PCI DSS regulations;
  
  encrypting, by the first data center, the data to produce encrypted data;
  
  transmitting the encrypted data from the first data center to the second data center, wherein the second data center is configured to store and provide encrypted data in connection with providing services to one or more users;
  
  receiving, at the second data center, the encrypted data from the first data center;
  
  storing the encrypted data in a database accessible to the second data center;
  
  receiving, at the first data center, a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;
  
  retrieving, by the first data center, the encrypted data from the database accessible to the second data center;
  
  decrypting, at the first data center, the encrypted data to produce decrypted data; and
  
  providing, from the first data center, the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable storage medium of claim 8, wherein the first data center does not include a database for storing user data.
  - 10. The non-transitory computer-readable storage medium of claim 8, the operations further comprising periodically auditing the first data center to determine whether data that has been encrypted by the first data center has been stored at rest within the first data center in an unencrypted format.
  - 11. The non-transitory computer-readable storage medium of claim 8, the operations further comprising:
    - displaying, at the first device, the graphical user interface that prompts the user for service information to configure the data of the service request; and
      
      receiving, at the first device, inputs corresponding to the service information via the graphical user interface.
  - 12. The non-transitory computer-readable storage medium of claim 8, wherein the second data center comprises business logic configured to provide one or more services based on user data that has been encrypted by the first data center.
  - 13. The non-transitory computer-readable storage medium of claim 12, wherein the one or more services provided by the business logic comprise a money transfer service, a prepaid card loading service, a bill pay service, or a combination thereof.
  - 14. The non-transitory computer-readable storage medium of claim 8, wherein the first data center and the second data center are data centers of a money transfer network operated by a money transfer entity.

15. A system for providing services utilizing encrypted data, the system comprising:
- a first data center comprising;
  
  at least one first processor;
  
  an encryption module executable by the at least one processor; and
  
  a first communication interface configured to communicatively couple the first data center to a network; and
  
  a second data center comprising;
  
  at least one second processor;
  
  a database; and
  
  a second communication interface configured to communicatively couple the second data center to the network;
  
  a graphical user interface application configured to;
  
  receive data from a user;
  
  configure a service request based on the data;
  
  determine whether the service request comprises information subject to payment card industry data security standard (PCI DSS) regulations; and
  
  selectively transmit the data to the first data center or the second data center based on whether the data comprises information subject to PCI DSS regulations, wherein the graphical user interface transmits the data to the first data center when the data comprises information subject to PCI DSS regulations and transmits the data to the second data center when the data does not comprise information subject to PCI DSS regulations,wherein the first data center is configured to;
  
  receive data from a first device in connection with the service request initiated by the user;
  
  in response to receiving the service request, encrypt the data to produce encrypted data;
  
  transmit the encrypted data from the first data center to the second data center,wherein the second data center is configured to;
  
  receive the encrypted data from the first data center; and
  
  store the encrypted data at the database, andwherein the first data center is further configured to;
  
  receive a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;
  
  in response to receiving the request from the end point device, retrieve the encrypted data from the database of the second data center;
  
  decrypt the encrypted data to produce decrypted data; and
  
  provide the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, wherein the second data center comprises business logic configured to provide one or more services based on user data that has been encrypted by the first data center.
  - 17. The system of claim 16, wherein the one or more services provided by the business logic comprise a money transfer service, a prepaid card loading service, a bill pay service, or a combination thereof.
  - 18. The system of claim 15, wherein the first data center and the second data center are data centers of a money transfer network operated by a money transfer entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MoneyGram International Incorporated
Original Assignee
MoneyGram International Incorporated
Inventors
Cooley, Aaron Ferguson
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US15/965,454
Publication Number

US 20180248854A1
Time in Patent Office

711 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/12   specially adapted for elect...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/388   using mutual authentication...

G06Q 20/401   Transaction verification

G06Q 2220/10   Usage protection of distrib...

H04L 63/0428   wherein the data content is...

Systems and method for providing a data security service

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and method for providing a data security service

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links