SYSTEMS AND METHOD FOR PROVIDING A DATA SECURITY SERVICE

US 20180248854A1
Filed: 04/27/2018
Published: 08/30/2018
Est. Priority Date: 01/08/2016
Status: Active Grant

First Claim

Patent Images

1. A method for providing services utilizing encrypted data, the method comprising:

receiving, at a first data center from a first device, data in connection with a service request initiated by a user, wherein the first data center is configured to provide encryption and decryption functionality;

encrypting, by the first data center, the data to produce encrypted data;

transmitting the encrypted data from the first data center to a second data center, wherein the second data center is configured to store and provide encrypted data in connection with providing services to one or more users;

receiving, at the second data center, the encrypted data from the first data center;

storing the encrypted data in a database accessible to the second data center;

receiving, at the first data center, a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;

retrieving, by the first data center, the encrypted data from the database accessible to the second data center;

decrypting, at the first data center, the encrypted data to produce decrypted data; and

providing, from the first data center, the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-readable media for providing standards compliant encryption, storage, and retrieval of data are disclosed. In an embodiment, data is received at a first data center from a first device in connection with a service request, and encrypted to produce encrypted data. The encrypted data may be transmitted from the first data center to the first device, and then may subsequently be received at a second data center. The second data center may store the encrypted data in a database accessible to the second data center. Because all data provided to the system is encrypted by the first data center prior to being stored and/or provided to the second data center, the database and the second data center may be out of the scope of compliance monitoring, auditing, and reporting for one or more data security standards.

76 Citations

20 Claims

1. A method for providing services utilizing encrypted data, the method comprising:
- receiving, at a first data center from a first device, data in connection with a service request initiated by a user, wherein the first data center is configured to provide encryption and decryption functionality;
  
  encrypting, by the first data center, the data to produce encrypted data;
  
  transmitting the encrypted data from the first data center to a second data center, wherein the second data center is configured to store and provide encrypted data in connection with providing services to one or more users;
  
  receiving, at the second data center, the encrypted data from the first data center;
  
  storing the encrypted data in a database accessible to the second data center;
  
  receiving, at the first data center, a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;
  
  retrieving, by the first data center, the encrypted data from the database accessible to the second data center;
  
  decrypting, at the first data center, the encrypted data to produce decrypted data; and
  
  providing, from the first data center, the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the first data center does not include a database for storing user data.
  - 3. The method of claim 1, further comprising periodically auditing the first data center to determine whether data that has been encrypted by the first data center has been stored at rest within the first data center in an unencrypted format.
  - 4. The method of claim 1, wherein the second data center comprises business logic configured to provide one or more services based on user data that has been encrypted by the first data center.
  - 5. The method of claim 4, wherein the one or more services provided by the business logic comprise a money transfer service, a prepaid card loading service, a bill pay service, or a combination thereof.
  - 6. The method of claim 1, further comprising:
    - displaying, at the first device, a graphical user interface (GUI) that prompts the user for service information to configure the service request; and
      
      receiving, at the first device, inputs corresponding to the service information via the GUI, wherein the service request comprises the service information.
  - 7. The method of claim 6, further comprising selectively providing the service information to the first data center or the second data center based on whether the service information includes information subject to payment card industry data security standard (PCI DSS) regulations, wherein the service information is provided to the first data center in response to a determination that the service information includes information subject to PCI DSS regulations, and wherein the service information is provided to the second data center in response to a determination that the service information does not include information subject to PCI DSS regulations.
  - 8. The method of claim 1, wherein the first data center and the second data center are data centers of a money transfer network operated by a money transfer entity.

9. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations for providing services utilizing encrypted data, the operations comprising:
- receiving, at a first data center from a first device, data in connection with a service request initiated by a user, wherein the first data center is configured to provide encryption and decryption functionality;
  
  encrypting, by the first data center, the data to produce encrypted data;
  
  transmitting the encrypted data from the first data center to a second data center, wherein the second data center is configured to store and provide encrypted data in connection with providing services to one or more users;
  
  receiving, at the second data center, the encrypted data from the first data center;
  
  storing the encrypted data in a database accessible to the second data center;
  
  receiving, at the first data center, a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;
  
  retrieving, by the first data center, the encrypted data from the database accessible to the second data center;
  
  decrypting, at the first data center, the encrypted data to produce decrypted data; and
  
  providing, from the first data center, the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the first data center does not include a database for storing user data.
  - 11. The non-transitory computer-readable storage medium of claim 9, the operations further comprising periodically auditing the first data center to determine whether data that has been encrypted by the first data center has been stored at rest within the first data center in an unencrypted format.
  - 12. The non-transitory computer-readable storage medium of claim 9, the operations further comprising:
    - displaying, at the first device, a graphical user interface (GUI) that prompts the user for service information to configure the service request; and
      
      receiving, at the first device, inputs corresponding to the service information via the GUI, wherein the service request comprises the service information.
  - 13. The non-transitory computer-readable storage medium of claim 12, the operations further comprising selectively providing the service information to the first data center or the second data center based on whether the service information includes information subject to payment card industry data security standard (PCI DSS) regulations, wherein the service information is provided to the first data center in response to a determination that the service information includes information subject to PCI DSS regulations, and wherein the service information is provided to the second data center in response to a determination that the service information does not include information subject to PCI DSS regulations.
  - 14. The non-transitory computer-readable storage medium of claim 9, wherein the second data center comprises business logic configured to provide one or more services based on user data that has been encrypted by the first data center.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein the one or more services provided by the business logic comprise a money transfer service, a prepaid card loading service, a bill pay service, or a combination thereof.
  - 16. The non-transitory computer-readable storage medium of claim 9, wherein the first data center and the second data center are data centers of a money transfer network operated by a money transfer entity.

17. A system for providing services utilizing encrypted data, the system comprising:
- a first data center comprising;
  
  at least one processor;
  
  an encryption module executable by the at least one processor; and
  
  a communication interface configured to communicatively couple the first data center to a network; and
  
  a second data center comprising;
  
  at least one processor;
  
  a database; and
  
  a communication interface configured to communicatively couple the second data center to the network,wherein the first data center is configured to;
  
  receive data from a first device in connection with a service request initiated by a user;
  
  in response to receiving the service request, encrypt the data to produce encrypted data;
  
  transmit the encrypted data from the first data center to the second data center,wherein the second data center is configured to;
  
  receive the encrypted data from the first data center; and
  
  store the encrypted data at the database, andwherein the first data center is further configured to;
  
  receive a request to access the data from an end point device, wherein the end point device is configured to process the data in connection with fulfilling the service request, and wherein the end point device is operated by an entity that is different from the user;
  
  in response to receiving the request from the end point device, retrieve the encrypted data from the database of the second data center;
  
  decrypt the encrypted data to produce decrypted data; and
  
  provide the decrypted data to the end point device, wherein the end point device fulfills the service request based on the encrypted data.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the second data center comprises business logic configured to provide one or more services based on user data that has been encrypted by the first data center.
  - 19. The system of claim 18, wherein the one or more services provided by the business logic comprise a money transfer service, a prepaid card loading service, a bill pay service, or a combination thereof.
  - 20. The system of claim 17, wherein the first data center and the second data center are data centers of a money transfer network operated by a money transfer entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MoneyGram International Incorporated
Original Assignee
MoneyGram International Incorporated
Inventors
Cooley, Aaron Ferguson

Granted Patent

US 10,616,187 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/12   specially adapted for elect...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/388   using mutual authentication...

G06Q 20/401   Transaction verification

G06Q 2220/10   Usage protection of distrib...

H04L 63/0428   wherein the data content is...

SYSTEMS AND METHOD FOR PROVIDING A DATA SECURITY SERVICE

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHOD FOR PROVIDING A DATA SECURITY SERVICE

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links