System and method for distributed tokenization using several substitution steps

US 20110213807A1
Filed: 03/01/2010
Published: 09/01/2011
Est. Priority Date: 03/01/2010
Status: Active Grant

First Claim

Patent Images

1. A method for distributed tokenization of sensitive strings of characters in a local server, said method comprising the steps:

receiving from a central server at least one static token lookup table;

receiving a sensitive string of characters;

substituting a first substring of characters with a corresponding first token from said at least one token lookup table to form a first tokenized string of characters, said first substring of characters being a substring of said sensitive string of characters; and

substituting a second substring of characters with a corresponding second token from said at least one token lookup table to form a second tokenized string of characters, said second substring of characters being a substring of said first tokenized string of characters.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed. The method comprises the steps of receiving from a central server at least one, and preferably at least two, static token lookup tables, and receiving a sensitive string of characters. In a first tokenization step, a first substring of characters is substituted with a corresponding first token from the token lookup table(s) to form a first tokenized string of characters, wherein the first substring of characters is a substring of the sensitive string of characters. Thereafter, in a second step of tokenization, a second substring of characters is substituted with a corresponding second token from the token lookup table(s) to form a second tokenized string of characters, wherein the second substring of characters is a substring of the first tokenized string of characters. Optionally, one or more additional tokenization steps is/are used.

126 Citations

18 Claims

1. A method for distributed tokenization of sensitive strings of characters in a local server, said method comprising the steps:
- receiving from a central server at least one static token lookup table;
  
  receiving a sensitive string of characters;
  
  substituting a first substring of characters with a corresponding first token from said at least one token lookup table to form a first tokenized string of characters, said first substring of characters being a substring of said sensitive string of characters; and
  
  substituting a second substring of characters with a corresponding second token from said at least one token lookup table to form a second tokenized string of characters, said second substring of characters being a substring of said first tokenized string of characters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein said second tokenized string of characters comprises characters which have not been replaced by tokens, said characters thus being identical to the corresponding characters of said sensitive string of characters.
  - 3. The method of claim 1, wherein at least two static token lookup tables are received from said central server, said at least two lookup tables being used to replace different substrings of characters.
  - 4. The method of claim 3, wherein a first of the at least two lookup tables is used to replace the first substring of characters and a second of said at least two lookup tables is used to replace the second substring of characters.
  - 5. The method of claim 1, wherein the second substring includes at least one character having been replaced by said first token.
  - 6. The method of claim 5, wherein the second substring further includes at least one character not having been replaced by said first token.
  - 7. The method of claim 1, further comprising the step of substituting a third substring of characters with a corresponding third token from said at least one token lookup table to form a third tokenized string of characters, said third part of characters being a substring of said second tokenized string of characters
  - 8. The method of claim 1, wherein at least said first substrings of characters comprises only numerical characters, and wherein at least one of said tokens comprises alphanumerical characters.
  - 9. The method of claim 8, wherein at least one substring of characters being replaced by a token comprising alphanumerical characters comprises more characters than the corresponding token.
  - 10. The method of claim 9, further comprising the step of adding additional characters containing metadata to the tokenized string of characters.
  - 11. The method of claim 1, further comprising the steps of:
    - transferring at least one of said sensitive string of characters and said tokenized string(s) of characters to the central server; and
      
      canceling said sensitive string of characters from said local server within a limited time from said transferring, while maintaining at least one tokenized string of characters in a local database connected to said local server.
  - 12. The method of claim 1, wherein the sensitive string of characters comprises at least one substrings of characters generated in a random fashion, wherein in said step of substituting said part to be replaced is contained within said substring of random characters, the sensitive string of characters preferably comprising at least 16 characters and said substring to be replaced by a token preferably comprising at least 6 characters.
  - 13. The method of claim 1, wherein the at least one token lookup table is a list mapping at least one token value to each possible character combination of the part of said sensitive string of characters to be replaced.
  - 14. The method of claim 1, further comprising the step of at least before one of the steps of substituting a substring of characters with a corresponding token, modifying, in a predetermined way, the substrings to be tokenized.
  - 15. The method of claim 14, wherein the modification of the substring to be tokenized is made with an initialization vector.
  - 16. The method of claim 15, wherein the initialization vector is formed by characters or digits in the sensitive string of characters which are not to be replaced by tokens.

17. A local server for distributed tokenization of sensitive strings of characters comprising:
- means for receiving from a central server at least one static token lookup table;
  
  means for receiving a sensitive string of characters;
  
  means for substituting a first substring of characters with a corresponding first token from said at least one token lookup table to form a first tokenized string of characters, said first substring of characters being a substring of said sensitive string of characters; and
  
  means for substituting a second substring of characters with a corresponding second token from said at least one token lookup table to form a second tokenized string of characters, said second substring of characters being a substring of said first tokenized string of characters.

18. A system for distributed tokenization of sensitive strings of characters comprising:
- a central server capable of generating static token lookup table; and
  
  at least one local server;
  
  wherein the at least one local server comprises;
  
  means for receiving from the central server at least one static token lookup table;
  
  means for receiving a sensitive string of characters;
  
  means for substituting a first substring of characters with a corresponding first token from said at least one token lookup table to form a first tokenized string of characters, said first substring of characters being a substring of said sensitive string of characters; and
  
  means for substituting a second substring of characters with a corresponding second token from said at least one token lookup table to form a second tokenized string of characters, said second substring of characters being a substring of said first tokenized string of characters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf

Granted Patent

US 8,745,094 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/802
CPC Class Codes

G06F 16/90344   by using string matching te...

G06F 21/6245   Protecting personal data, e...

G07F 7/084   Additional components relat...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 9/083   involving central third par...

H04L 9/0897   involving additional device...

System and method for distributed tokenization using several substitution steps

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

126 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for distributed tokenization using several substitution steps

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links