System and methods for format preserving tokenization of sensitive information

US 8,458,487 B1
Filed: 03/03/2011
Issued: 06/04/2013
Est. Priority Date: 03/03/2010
Status: Active Grant

First Claim

Patent Images

1. A method for format preserving tokenization of sensitive data for use in a computer-implemented data processing operation so as to protect the sensitive data from unauthorized access by persons not having authorization to the sensitive data, the sensitive data provided in an input data string having a predetermined number of characters, comprising the computer-implemented steps of:

receiving an input data string from a client process corresponding to sensitive data derived in connection with the client process for tokenization;

accessing a tokenization strategy that contains information determining a first predetermined number of characters as a head of a tokenized data string and a second predetermined number of characters as a tail of the tokenized data string;

storing the first predetermined number of characters of the input data string in a secure database as a first portion of the tokenized data string, the tokenized data string comprising an entry in the secure database;

storing the second predetermined number of characters of the input data string in the secure database as a second portion of the tokenized data string;

parsing the input data string of the first and second predetermined number of characters of the input data string to thereby derive a remaining portion of the input data string, the remaining portion comprising characters, each having an original value;

encrypting the remaining portion of the input data string with an encryption key associated with the client process to obtain a ciphertext representation of the remaining portion of the input data string;

generating a token body portion corresponding to the remaining portion of the input data string, the token body portion determined by a predetermined token generation algorithm that is independent of the data original values of the characters in the remaining portion of the input data string;

storing the ciphertext representation of the remaining portion of the input data string and the token body portion in the secure database in association with the first portion and the second portion of the input data string, with the first portion of the input data string, the token body portion, and the second portion of the input data string forming a tokenized data string that has the same format as the input data string but is not cryptographically decipherable to derive the input data string;

receiving a Lookup With Sensitive Data function call from the client process in association with the step of receiving an input data string sensitive data;

calculating a unique digest of the input data string;

accessing the secure database using the unique digest to determine whether there is an entry in the secure database corresponding to the input data string;

in response to a determination that the secure database contains such an entry, retrieving the tokenized data string associated with the input data string; and

returning the tokenized data string associated with the input data string to the client process.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for secure access and utilization of sensitive data such as credit card numbers, Social Security Numbers, personal identifying information, etc. A tokenizing strategy component provides for creating, managing, and storing tokenization strategies on behalf of a plurality of users. A data tokenizing component is operative to (a) receive an input data string of sensitive data from a user, (b) apply a selected tokenization strategy to the input data string to generate a tokenized data string, and (c) provide the tokenized data string for storage in association with the input data string. A secure server including a secure database stores the tokenized data string and the input data string in a corresponding mapped relationship. A security component controls access to and retrieval of the tokenized data string and to the input data string in accordance with predetermined security requirements of the users.

337 Citations

25 Claims

1. A method for format preserving tokenization of sensitive data for use in a computer-implemented data processing operation so as to protect the sensitive data from unauthorized access by persons not having authorization to the sensitive data, the sensitive data provided in an input data string having a predetermined number of characters, comprising the computer-implemented steps of:
- receiving an input data string from a client process corresponding to sensitive data derived in connection with the client process for tokenization;
  
  accessing a tokenization strategy that contains information determining a first predetermined number of characters as a head of a tokenized data string and a second predetermined number of characters as a tail of the tokenized data string;
  
  storing the first predetermined number of characters of the input data string in a secure database as a first portion of the tokenized data string, the tokenized data string comprising an entry in the secure database;
  
  storing the second predetermined number of characters of the input data string in the secure database as a second portion of the tokenized data string;
  
  parsing the input data string of the first and second predetermined number of characters of the input data string to thereby derive a remaining portion of the input data string, the remaining portion comprising characters, each having an original value;
  
  encrypting the remaining portion of the input data string with an encryption key associated with the client process to obtain a ciphertext representation of the remaining portion of the input data string;
  
  generating a token body portion corresponding to the remaining portion of the input data string, the token body portion determined by a predetermined token generation algorithm that is independent of the data original values of the characters in the remaining portion of the input data string;
  
  storing the ciphertext representation of the remaining portion of the input data string and the token body portion in the secure database in association with the first portion and the second portion of the input data string, with the first portion of the input data string, the token body portion, and the second portion of the input data string forming a tokenized data string that has the same format as the input data string but is not cryptographically decipherable to derive the input data string;
  
  receiving a Lookup With Sensitive Data function call from the client process in association with the step of receiving an input data string sensitive data;
  
  calculating a unique digest of the input data string;
  
  accessing the secure database using the unique digest to determine whether there is an entry in the secure database corresponding to the input data string;
  
  in response to a determination that the secure database contains such an entry, retrieving the tokenized data string associated with the input data string; and
  
  returning the tokenized data string associated with the input data string to the client process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein the input data string is numeric.
  - 3. The method of claim 1, wherein the input data string is alphanumeric.
  - 4. The method of claim 1, wherein the client process is conducted by a data processing system remotely located from the secure database.
  - 5. The method of claim 1, wherein the client process is conducted by a data processing system that is independent of and has no access to a system that carries out the method.
  - 6. The method of claim 1, wherein the tokenization strategy is associated with the client process.
  - 7. The method of claim 1, wherein the tokenization strategy is different for different types of data such as Social Security Numbers, financial account numbers, credit or debit card numbers, and the like.
  - 8. The method of claim 1, wherein the first portion and second portion of the tokenized data string are stored in the secure database in an encrypted form.
  - 9. The method of claim 1, further comprising the steps of storing a plurality of encryption keys in the secure database that are associated with a plurality of client processes, and utilizing a particular encryption key for the encrypting step that is identified with a particular client process.
  - 10. The method of claim 1, further comprising the steps of storing information in the secure database that points to an entry in a separate storage device that stores the encryption key, and retrieving the encryption key from the separate storage device.
  - 11. The method of claim 1, further comprising the step of retrieving the encryption key from the secure database.
  - 12. The method of claim 1, wherein the method is carried out in a secure server operated in a secure environment to which personnel associated with the client process do not have access.
  - 13. The method of claim 1, wherein the token generation algorithm generates a sequential index number for use as the token body portion.
  - 14. The method of claim 1, wherein the token generation algorithm generates a random number for use as the token body portion.
  - 15. The method of claim 1, wherein the token generation algorithm generates a token body portion for use as an index in the secure database.
  - 16. The method of claim 1, wherein the token generation algorithm generates a token body portion that causes the tokenized data string to pass a Luhn test for a credit card number corresponding to the input data string.
  - 17. The method of claim 1, wherein the token generation algorithm generates a token body portion that causes the tokenized data string to fail a Luhn test for a credit card number corresponding to the input data string.
  - 18. The method of claim 1, wherein the token generation algorithm generates a token body portion that is independent of a Luhn test for a credit card number.
  - 19. The method of claim 1, further comprising the steps of:
    - calculating a unique digest corresponding to the tokenized data string using a first hash function, andstoring the unique digest in the secure database in association with the tokenized data string for use in rapid lookup of entries in the secure database.
  - 20. The method of claim 19, wherein the first hash function is a function selected from the group consisting of:
    - SHA-1, SHA-2, and MD5.
  - 21. The method of claim 19, further comprising the steps of:
    - in response to a predetermined condition, deleting the ciphertext representation of the input data string associated with a particular tokenized data string from the secure database, leaving the tokenized data string in the secure data base stored in association with the unique digest;
      
      in response to a subsequent providing of a second input data string of sensitive data by a client process, calculating a second unique digest corresponding to the second input data string using the first hash function;
      
      using the second unique digest, accessing the secure database to determine whether there is an entry corresponding to the second input data string that contains a tokenized data string; and
      
      in response to a determination that the secure database contains such an entry, returning the tokenized data string associated with the second input data string to the client process.
  - 22. The method of claim 1, further comprising the step of masking one or more characters of the tokenized data string before execution of the step of returning the tokenized data string to the client process.
  - 23. The method of claim 1, wherein the step of receiving an input data string comprises receiving a Tokenize Function call.
  - 24. The method of claim 1, further comprising the steps of:
    - receiving a Lookup With Token function call from the client process in association with a selected tokenized data string;
      
      accessing the secure database to determine whether there is an entry in the secure database corresponding to the selected tokenized data string;
      
      in response to a determination that the secure database contains such an entry, retrieving the tokenized data string associated with the entry; and
      
      returning a masked version of the tokenized data string associated with the entry to the client process.
  - 25. The method of claim 1, further comprising the steps of:
    - receiving a Reveal function call from the client process in association with a selected tokenized data string;
      
      determining whether the client process has authorization to retrieve the sensitive data associated with the selected tokenized data string;
      
      accessing the secure database to determine whether there is an entry in the secure database corresponding to the selected tokenized data string;
      
      in response to a determination that the secure database contains such an entry, retrieving the sensitive data associated with the entry; and
      
      returning the sensitive data associated with the entry to the client process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Text Holdings, Inc. (Open Text Corporation)
Original Assignee
Liaison Technologies Incorporated (Open Text Corporation)
Inventors
Chambers, Jason, Palgon, Gary, Konisky, Dan
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US13/040,133
Time in Patent Office

824 Days
Field of Search

713/185
US Class Current

713/185
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/40   Network security protocols

System and methods for format preserving tokenization of sensitive information

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

337 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for format preserving tokenization of sensitive information

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

337 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links