Table-Connected Tokenization

US 20200137040A1
Filed: 12/31/2019
Published: 04/30/2020
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A method for improving the security of data in a tokenization environment, comprising:

receiving data to be tokenized;

accessing a first token table from a first server based on a value of a first bit of the received data, a second token table from a second server based on a value of a second bit of the received data, a third token table from a third server based on a value of a third bit of the received data, and a fourth token table from a fourth server based on a value of a fourth bit of the received data; and

tokenizing the received data by;

replacing, by a hardware processor, a portion of the received data with a first token mapped by the first token table to a value of the portion of the received data to produce first tokenized data;

replacing, by the hardware processor, a portion of the first tokenized data with a second token mapped by the second token table to a value of the portion of the first tokenized data to produce second tokenized data;

replacing, by the hardware processor, a portion of the second tokenized data with a third token mapped by the third token table to a value of the portion of the second tokenized data to produce third tokenized data; and

replacing, by the hardware processor, a portion of the third tokenized data with a fourth token mapped by the fourth token table to a value of the portion of the third tokenized data to produce tokenized data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.

0 Citations

20 Claims

1. A method for improving the security of data in a tokenization environment, comprising:
- receiving data to be tokenized;
  
  accessing a first token table from a first server based on a value of a first bit of the received data, a second token table from a second server based on a value of a second bit of the received data, a third token table from a third server based on a value of a third bit of the received data, and a fourth token table from a fourth server based on a value of a fourth bit of the received data; and
  
  tokenizing the received data by;
  
  replacing, by a hardware processor, a portion of the received data with a first token mapped by the first token table to a value of the portion of the received data to produce first tokenized data;
  
  replacing, by the hardware processor, a portion of the first tokenized data with a second token mapped by the second token table to a value of the portion of the first tokenized data to produce second tokenized data;
  
  replacing, by the hardware processor, a portion of the second tokenized data with a third token mapped by the third token table to a value of the portion of the second tokenized data to produce third tokenized data; and
  
  replacing, by the hardware processor, a portion of the third tokenized data with a fourth token mapped by the fourth token table to a value of the portion of the third tokenized data to produce tokenized data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the received data is one of:
    - a password, an account number, a social security number, a driver'"'"'s license number, information associated with a transaction, or date information.
  - 3. The method of claim 1, wherein the received data is modified using an initialization vector before being tokenized, and wherein the initialization vector is received from an initialization vector table server.
  - 4. The method of claim 3, wherein modifying the received data comprises adding a value of the initialization vector to a value of a portion of the received data.
  - 5. The method of claim 1, wherein the first server is configured to select the first token table from a first set of token tables, and wherein the first token table is associated with an index value equal to the value of the first bit.
  - 6. The method of claim 1, wherein the portion of the received data and the portion of the first tokenized data do not overlap.
  - 7. The method of claim 1, wherein the portion of the received data and the portion of the first tokenized data overlap at least in part.

8. A tokenization system for improving the security of data in a tokenization environment, comprising:
- a non-transitory computer-readable storage medium storing executable instructions that, when executed by a processor, perform steps comprising;
  
  receiving data to be tokenized;
  
  accessing a first token table from a first server based on a value of a first bit of the received data, a second token table from a second server based on a value of a second bit of the received data, a third token table from a third server based on a value of a third bit of the received data, and a fourth token table from a fourth server based on a value of a fourth bit of the received data; and
  
  tokenizing the received data by;
  
  replacing, by a hardware processor, a portion of the received data with a first token mapped by the first token table to a value of the portion of the received data to produce first tokenized data;
  
  replacing, by the hardware processor, a portion of the first tokenized data with a second token mapped by the second token table to a value of the portion of the first tokenized data to produce second tokenized data;
  
  replacing, by the hardware processor, a portion of the second tokenized data with a third token mapped by the third token table to a value of the portion of the second tokenized data to produce third tokenized data; and
  
  replacing, by the hardware processor, a portion of the third tokenized data with a fourth token mapped by the fourth token table to a value of the portion of the third tokenized data to produce tokenized data; and
  
  a hardware processor configured to execute the instructions.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The tokenization system of claim 8, wherein the received data is one of:
    - a password, an account number, a social security number, a driver'"'"'s license number, information associated with a transaction, or date information.
  - 10. The tokenization system of claim 8, wherein the received data is modified using an initialization vector before being tokenized, and wherein the initialization vector is received from an initialization vector table server.
  - 11. The tokenization system of claim 10, wherein modifying the received data comprises adding a value of the initialization vector to a value of a portion of the received data.
  - 12. The tokenization system of claim 8, wherein the first server is configured to select the first token table from a first set of token tables, and wherein the first token table is associated with an index value equal to the value of the first bit.
  - 13. The tokenization system of claim 8, wherein the portion of the received data and the portion of the first tokenized data do not overlap.
  - 14. The tokenization system of claim 8, wherein the portion of the received data and the portion of the first tokenized data overlap at least in part.

15. A non-transitory computer-readable storage medium storing executable computer instructions that when executed by a hardware processor perform steps for improving the security of data in a tokenization environment, comprising:
- receiving data to be tokenized;
  
  accessing a first token table from a first server based on a value of a first bit of the received data, a second token table from a second server based on a value of a second bit of the received data, a third token table from a third server based on a value of a third bit of the received data, and a fourth token table from a fourth server based on a value of a fourth bit of the received data; and
  
  tokenizing the received data by;
  
  replacing, by a hardware processor, a portion of the received data with a first token mapped by the first token table to a value of the portion of the received data to produce first tokenized data;
  
  replacing, by the hardware processor, a portion of the first tokenized data with a second token mapped by the second token table to a value of the portion of the first tokenized data to produce second tokenized data;
  
  replacing, by the hardware processor, a portion of the second tokenized data with a third token mapped by the third token table to a value of the portion of the second tokenized data to produce third tokenized data; and
  
  replacing, by the hardware processor, a portion of the third tokenized data with a fourth token mapped by the fourth token table to a value of the portion of the third tokenized data to produce tokenized data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the received data is one of:
    - a password, an account number, a social security number, a driver'"'"'s license number, information associated with a transaction, or date information.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the received data is modified using an initialization vector before being tokenized, and wherein the initialization vector is received from an initialization vector table server.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein modifying the received data comprises adding a value of the initialization vector to a value of a portion of the received data.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the first server is configured to select the first token table from a first set of token tables, and wherein the first token table is associated with an index value equal to the value of the first bit.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the portion of the received data and the portion of the first tokenized data do not overlap.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity Corporation
Inventors
Mattsson, Ulf, Rozenberg, Yigal, Levy, Vichai

Granted Patent

US 11,206,256 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2455   Query execution

G06F 16/258   Data format conversion from...

G06F 16/84   Mapping; Conversion

G06F 21/6254   by anonymising data, e.g. d...

G06Q 50/265   Personal security, identity...

H04L 63/0428   wherein the data content is...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/20   for managing network securi...

H04L 9/06   the encryption apparatus us...

Table-Connected Tokenization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Table-Connected Tokenization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links