METHOD AND APPARATUS FOR TOKENIZATION OF SENSITIVE SETS OF CHARACTERS

US 20140032417A1
Filed: 10/01/2013
Published: 01/30/2014
Est. Priority Date: 03/26/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for tokenizing sensitive data in a distributed system comprising a local server and a central server, the method comprising:

receiving, at the local server from the central server, a token table mapping each of a plurality of character strings to a different token;

receiving, at the local server, sensitive data comprising a string of characters;

querying, by the local server, the token table with a subset of the string of characters to identify a token mapped to the subset of the string of characters;

replacing, by the local server, the subset of the string of characters with the identified token to create tokenized data; and

providing the tokenized data to the central server for storage.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for secure handling of sensitive sets of characters in a distributed hierarchical system are disclosed, comprising at least one local server on a lower hierarchic level and at least one central server at a higher hierarchic level. The method comprises the steps: receiving a sensitive set of characters in said local server; replacing a part of said sensitive set of characters with a token to form a tokenized set of characters, said token belonging to a subset of possible tokens assigned to the local server by the central server; transferring at least one of said sensitive set of characters and said tokenized set of characters to the central server; and canceling said sensitive set of characters from said local server within a limited time from said transferring, while maintaining said tokenized set of characters in a local database connected to said local server.

Citations

20 Claims

1. A method for tokenizing sensitive data in a distributed system comprising a local server and a central server, the method comprising:
- receiving, at the local server from the central server, a token table mapping each of a plurality of character strings to a different token;
  
  receiving, at the local server, sensitive data comprising a string of characters;
  
  querying, by the local server, the token table with a subset of the string of characters to identify a token mapped to the subset of the string of characters;
  
  replacing, by the local server, the subset of the string of characters with the identified token to create tokenized data; and
  
  providing the tokenized data to the central server for storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the sensitive data comprises one or more of:
    - identification information or financial information.
  - 3. The method of claim 2, wherein the sensitive data includes at least one of:
    - a credit card number, a bank account number, a social security number, a driver license number, and a birth certificate number.
  - 4. The method of claim 1, further comprising:
    - deleting the sensitive data from the local server in response to providing the tokenized data to the central server.
  - 5. The method of claim 1, wherein the token table includes a character string mapped to a different token for each possible character combination.
  - 6. The method of claim 1, wherein the central server provides a different token table to each of a plurality of local servers.
  - 7. The method of claim 1, further comprising:
    - receiving, at the local server from the central server, a second token table, the received second token table mapping at least one of the plurality of character strings to a different token than the received token table; and
      
      replacing, by the local server, the received token table with the received second token table.

8. A system for tokenizing sensitive data, the system comprising:
- a non-transitory computer readable storage medium storing executable program code comprising code for;
  
  receiving, from a central server, a token table mapping each of a plurality of character strings to a different token;
  
  receiving sensitive data comprising a string of characters;
  
  querying the token table with a subset of the string of characters to identify a token mapped to the subset of the string of characters;
  
  replacing the subset of the string of characters with the identified token to create tokenized data; and
  
  providing the tokenized data to the central server for storage; and
  
  a processor for executing the program code.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the sensitive data comprises one or more of:
    - identification information or financial information.
  - 10. The system of claim 9, wherein the sensitive data includes at least one of:
    - a credit card number, a bank account number, a social security number, a driver license number, and a birth certificate number.
  - 11. The system of claim 8, wherein the executable program code further comprises code for:
    - deleting the sensitive data from the local server in response to providing the tokenized data to the central server.
  - 12. The system of claim 8, wherein the token table includes a character string mapped to a different token for each possible character combination.
  - 13. The system of claim 8, wherein the central server provides a different token table to each of a plurality of systems.
  - 14. The system of claim 8, wherein the executable program code further comprises code for:
    - receiving, from the central server, a second token table, the received second token table mapping at least one of the plurality of character strings to a different token than the received token table; and
      
      replacing the received token table with the received second token table.

15. A method for tokenizing sensitive data in a distributed system comprising a plurality of local server and a central server, the method comprising:
- providing, by the central server to each of the plurality of local servers, a token table mapping each of a plurality of character strings to a different token, each of the plurality of local servers configured to tokenize sensitive data using a token from the token server provided to the local server to form tokenized data;
  
  receiving, by the central server, tokenized data from one or more of the local servers; and
  
  storing, by the central server, received tokenized data.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein providing a token table to each of the plurality of local servers comprising providing a different token table to each local server.
  - 17. The method of claim 15, further comprising:
    - periodically replacing, by the central server, each token table provided to a local server with an updated token table.

18. A system for tokenizing sensitive data, the system comprising:
- a non-transitory computer readable storage medium storing executable program code comprising code for;
  
  providing, to each of a plurality of local servers, a token table mapping each of a plurality of character strings to a different token, each of the plurality of local servers configured to tokenize sensitive data using a token from the token server provided to the local server to form tokenized data;
  
  receiving tokenized data from one or more of the local servers; and
  
  storing received tokenized data; and
  
  a processor for executing the program code.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein providing a token table to each of the plurality of local servers comprising providing a different token table to each local server.
  - 20. The system of claim 18, wherein the executable program code further comprises code for:
    - periodically replacing each token table provided to a local server with an updated token table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf

Application Number

US14/043,740
Publication Number

US 20140032417A1
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4016   involving fraud or risk lev...

G06Q 99/00   Subject matter not provided...

G07F 7/084   Additional components relat...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

G07F 7/122   Online card verification

H04L 9/0891   Revocation or update of sec...

METHOD AND APPARATUS FOR TOKENIZATION OF SENSITIVE SETS OF CHARACTERS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR TOKENIZATION OF SENSITIVE SETS OF CHARACTERS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links