Security system utilizing vaultless tokenization and encryption

US 10,623,181 B2
Filed: 01/02/2018
Issued: 04/14/2020
Est. Priority Date: 01/02/2018
Status: Active Grant

First Claim

Patent Images

1. A data security system utilizing vaultless tokenization and encryption, the system comprising:

one or more memory components having computer readable code store thereon; and

one or more processing components operatively coupled to the one or more memory components, wherein the one or more processing components are configured to execute the computer readable code to;

identify data for secure storage;

encrypt the data into encrypted data, wherein encrypting the data further comprises encrypting the data using format preserving encryption;

split the encrypted data into two or more encrypted data segments when the data meets a threshold number of characters;

access one or more random token tables containing random tokens;

retrieve two or more random token segments that are mapped to the two or more encrypted data segments from the one or more random token tables;

combine the two or more random token segments into a tokenized sequence; and

return the tokenized sequence.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention includes securing data using vaultless tokenization and encryption. The present invention uses static random token tables in conjunction with encryption methods in order to tokenize sensitive data for the purposes of secure transfer and storage. The present invention is configured to identify data for secure storage, split the data into two or more data segments, access one or more static random token tables containing random tokens, retrieve two or more random tokens from the one or more static random tables for each of the two or more data segments, combine the two or more random tokens into a tokenized sequence, and return the tokenized sequence. Moreover, additional encryption may occur before or after the data is split and/or before or after combining the random tokens into a tokenized sequence.

Citations

20 Claims

1. A data security system utilizing vaultless tokenization and encryption, the system comprising:
- one or more memory components having computer readable code store thereon; and
  
  one or more processing components operatively coupled to the one or more memory components, wherein the one or more processing components are configured to execute the computer readable code to;
  
  identify data for secure storage;
  
  encrypt the data into encrypted data, wherein encrypting the data further comprises encrypting the data using format preserving encryption;
  
  split the encrypted data into two or more encrypted data segments when the data meets a threshold number of characters;
  
  access one or more random token tables containing random tokens;
  
  retrieve two or more random token segments that are mapped to the two or more encrypted data segments from the one or more random token tables;
  
  combine the two or more random token segments into a tokenized sequence; and
  
  return the tokenized sequence.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the one or more processing components are further configured to execute the computer readable code to:
    - encrypt the tokenized sequence to create an encrypted tokenized sequence; and
      
      wherein encrypting the tokenized sequence comprises encrypting the tokenized sequence using format preserving encryption.
  - 3. The system of claim 2, wherein the one or more processing components are further configured to execute the computer readable code to:
    - receive a request from a user to access the data;
      
      authenticate the user for access to the data;
      
      identify access permission of the user;
      
      provide the encrypted tokenized sequence as input for detokenization;
      
      decrypt the encrypted tokenized sequence to determine the tokenized sequence;
      
      split the tokenized sequence into the two or more random token segments;
      
      access the one or more random token tables;
      
      retrieve the two or more encrypted data segments from the one or more random token tables for each of the two or more random token segments;
      
      combine the two or more encrypted data segments into the encrypted data;
      
      decrypt the encrypted data into the data; and
      
      provide the data to the user in full or in partial form based on the access permission of the user.
  - 4. The system of claim 1, wherein the one or more random token tables are encrypted and stored as encrypted one or more random tables, and wherein accessing the one or more random tables comprises:
    - decrypting the encrypted one or more random token tables;
      
      storing the one or more random token tables temporarily in the one or more memory components; and
      
      removing the one or more random tables from temporary storage after retrieving the two or more random token segments.
  - 5. The system of claim 1, wherein the random tokens of the one or more random token tables have lengths of one to six characters.
  - 6. The system of claim 1, wherein the one or more processing components are further configured to execute the computer readable code to:
    - determine when the encrypted data does not meet the threshold number of characters;
      
      access the one or more random token tables containing the random tokens;
      
      retrieve a single random token that is mapped to the encrypted data from the one or more random token tables, wherein the random token segment that is mapped to the encrypted data represents the tokenized sequence; and
      
      return the tokenized sequence based on the single random token.
  - 7. The system of claim 1, wherein the two or more encrypted data segments each comprise three to six characters.
  - 8. The system of claim 1, wherein returning the tokenized sequence comprises storing the tokenized sequence for future use.

9. A computer implemented method for vaultless tokenization and encryption of data, the method comprising:
- identifying, by one or more processor components, data for secure storage;
  
  encrypting the data into encrypted data, wherein encrypting the data further comprises encrypting the data using format preserving encryption;
  
  splitting, by the one or more processor components, the encrypted data into two or more encrypted data segments;
  
  accessing, by the one or more processor components, one or more random token tables containing random tokens;
  
  retrieving, by the one or more processing components, two or more random token segments that are mapped to the two or more encrypted data segments from the one or more random token tables;
  
  combining, by the one or more processing components, the two or more random token segments into a tokenized sequence; and
  
  returning, by the one or more processing components, the tokenized sequence.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer implemented method of claim 9, the method further comprising encrypting the tokenized sequence to create an encrypted tokenized sequence;
    - andwherein encrypting the tokenized sequence comprises encrypting the tokenized sequence using format preserving encryption.
  - 11. The computer implemented method of claim 10, further comprising:
    - receiving, by the one or more processing components, a request from a user to access the data;
      
      authenticating, by the one or more processing components, the user for access to the data;
      
      identifying, by the one or more processing components, access permission of the user;
      
      providing, by the one or more processing components, the encrypted tokenized sequence as input for detokenization;
      
      decrypting, by the one or more processing components, the encrypted tokenized sequence to determine the tokenized sequence;
      
      splitting, by the one or more processing components, the tokenized sequence into the two or more random token segments;
      
      accessing, by the one or more processing components, the one or more random token tables;
      
      retrieving, by the one or more processing components, the two or more encrypted data segments from the one or more random token tables for each of the two or more random token segments;
      
      combine, by the one or more processing components, the two or more encrypted data segments into the encrypted data;
      
      decrypting, by the one or more processing components, the encrypted data into the data; and
      
      providing, by the one or more processing components, the data to the user in full or in partial form based on the access permission of the user.
  - 12. The computer implemented method of claim 9, wherein the one or more random token tables are encrypted and stored as encrypted one or more random tables, and wherein accessing the one or more random tables comprises:
    - decrypting the encrypted one or more random token tables;
      
      storing the one or more random token tables temporarily; and
      
      removing the one or more random tables from temporary storage after retrieving the two or more random token segments.
  - 13. The computer implemented method of claim 9, wherein the random tokens of the one or more random token tables have lengths of one to six characters.
  - 14. The computer implemented method of claim 9, wherein the two or more encrypted data segments each comprise three to six characters.
  - 15. The computer implemented method of claim 9, wherein returning the tokenized sequence comprises storing the tokenized sequence for future use.

16. A computer program product for vaultless tokenization and encryption of data, the computer program product comprising at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions comprising:
- an executable portion configured to identify data for secure storage;
  
  an executable portion configured to encrypt the data into encrypted data, wherein encrypting the data further comprises encrypting the data using format preserving encryption;
  
  an executable portion configured to split the encrypted data into two or more encrypted data segments;
  
  an executable portion configured to access one or more random token tables containing random tokens;
  
  an executable portion configured to retrieve two or more random token segments that are mapped to the two or more encrypted data segments from the one or more random token tables;
  
  an executable portion configured to combine the two or more random token segments into a tokenized sequence; and
  
  an executable portion configured to return the tokenized sequence.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the computer-readable program code portions further comprise:
    - an executable portion configured to encrypt the tokenized sequence to create an encrypted tokenized sequence; and
      
      wherein encrypting the tokenized sequence comprises encrypting the tokenized sequence using format preserving encryption.
  - 18. The computer program product of claim 16, wherein the one or more random token tables are encrypted and stored as encrypted one or more random tables, and wherein the executable portion configured to access the one or more random tables comprises:
    - an executable portion configured to decrypt the encrypted one or more random token tables;
      
      an executable portion configured to store the one or more random token tables temporarily; and
      
      an executable portion configured to remove the one or more random tables from temporary storage after retrieving the two or more random token segments.
  - 19. The computer program product of claim 16, wherein the random tokens of the one or more random token tables have lengths of one to six characters.
  - 20. The computer program product of claim 16, wherein the two or more encrypted data segments each comprise three to six characters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Iyer, Shankar R., Dominique, Maria, Keerthi, Navanith
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Gundry, Stephen T

Application Number

US15/860,389
Publication Number

US 20190207754A1
Time in Patent Office

833 Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/085   Secret sharing or secret sp...

H04L 9/0869   involving random numbers or...

H04L 9/0877   using additional device, e....

H04L 9/0894   Escrow, recovery or storing...

Security system utilizing vaultless tokenization and encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security system utilizing vaultless tokenization and encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links