SYSTEM FOR PROTECTING SENSITIVE DATA WITH DISTRIBUTED TOKENIZATION

US 20140046853A1
Filed: 10/22/2013
Published: 02/13/2014
Est. Priority Date: 01/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for protecting sensitive information using distributed tokenization systems, wherein each tokenization system includes a tokenization server and a local database, and wherein each of the local databases stores a common tokenization table, the method comprising:

with the tokenization systems, receiving token requests from token requestors, wherein each of the token requests includes sensitive information; and

with the tokenization servers, generating tokens corresponding to the sensitive information in the token requests, wherein the tokenization server at each tokenization system generates tokens by running sensitive information from token requests through a number of rounds of a Feistel network that uses the common tokenization table stored at that tokenization system.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token generating organization may include distributed tokenization systems for generating tokens corresponding to sensitive information. Sensitive information may include sensitive numbers such as social security numbers, credit card numbers or other private numbers. A tokenization system may include multiple physically distinct hardware platforms each having a tokenization server and a database. A tokenization server may run portions of a sensitive number through a predetermined number of rounds of a Feistel network. Each round of the Feistel network may include tokenizing portions of the sensitive number using a fractional token table stored an associated database and modifying the tokenized portions by reversibly adding portions of the sensitive number to the tokenized portions. The fractional token table may include partial sensitive numbers and corresponding partial tokens. A sensitive-information-recovery request including the token may be directed to the token generating organization from the token requestor to recover sensitive information.

Citations

7 Claims

1. A method for protecting sensitive information using distributed tokenization systems, wherein each tokenization system includes a tokenization server and a local database, and wherein each of the local databases stores a common tokenization table, the method comprising:
- with the tokenization systems, receiving token requests from token requestors, wherein each of the token requests includes sensitive information; and
  
  with the tokenization servers, generating tokens corresponding to the sensitive information in the token requests, wherein the tokenization server at each tokenization system generates tokens by running sensitive information from token requests through a number of rounds of a Feistel network that uses the common tokenization table stored at that tokenization system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method defined in claim 1, further comprising:
    - providing the tokens from the tokenization systems to the token requestors.
  - 3. The method defined in claim 2, further comprising:
    - with the tokenization systems, receiving sensitive-information-recovery requests from the token requestors, wherein each of the sensitive-information-recovery requests includes a selected one of the tokens.
  - 4. The method defined in claim 3, further comprising:
    - with the tokenization servers, recovering the sensitive information corresponding to the tokens in the sensitive-information-recovery requests, wherein the tokenization server at each tokenization system recovers sensitive information by running tokens through the number of rounds of the Feistel network in reverse.
  - 5. The method defined in claim 4 wherein the number of rounds is a predetermined number of rounds that is greater than one.
  - 6. The method defined in claim 4 wherein running sensitive information through the number of rounds of the Feistel network comprises performing at least one reversible addition operation and wherein running tokens through the number of rounds of the Feistel network in reverse comprises performing at least one subtraction operation that reverses the at least one reversible addition operation.
  - 7. The method defined in claim 1 wherein the sensitive information comprises at least part of a number selected from the group consisting of:
    - a primary account number and a social security number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Spies, Terence, Minner, Richard T.

Granted Patent

US 11,423,504 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06Q 99/00   Subject matter not provided...

H04L 9/0625   with splitting of the data ...

H04L 9/0897   involving additional device...

SYSTEM FOR PROTECTING SENSITIVE DATA WITH DISTRIBUTED TOKENIZATION

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR PROTECTING SENSITIVE DATA WITH DISTRIBUTED TOKENIZATION

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links