Token-based payment processing system
First Claim
1. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
- (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user;
(b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS);
(c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and
(d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).
11 Assignments
0 Petitions
Accused Products
Abstract
A data-processing system, such as a payment processing system, including a tokenizer, such as a card encryption and storage system (CES) employing a tokenization feature. In one embodiment, the present invention provides a first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer. The method includes the steps of: (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer; (c) the first computer receiving, from the third computer, a token having no algorithmic relationship to the confidential information; and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
-
Citations
23 Claims
-
1. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
-
(a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A first computer for preventing the transmission of confidential information to a second computer in communication with the first computer, the first computer adapted to:
-
(a) receive information for performing a transaction, the information including confidential information manually entered by a user; (b) send the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (c) receive, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (d) send to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS). - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory machine-readable storage medium, having encoded thereon program code, wherein, when the program code is executed by a machine, the machine implements a method for preventing the transmission of confidential information from a first computer and a second computer in communication with the first computer, the method comprising the steps of:
-
(a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).
-
-
22. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
-
(a) the first computer inspecting an entry field of a window of a software program to determine whether the entry field includes confidential information; (b) if the entry field includes confidential information, then (b1) the first computer sending the confidential information to a third computer, wherein substep (b1) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS), and (b2) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein substep (b2) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (c) the first computer replacing the confidential information in the entry field of the window of the software program with the token, wherein step (c) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).
-
-
23. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
-
(a) the first computer receiving one or more packets of data from the first computer; (b) the first computer inspecting the one or more packets of data to determine whether the one or more packets of data include confidential information; (c) if the one or more packets of data include confidential information, then (c1) the first computer sending the confidential information to a third computer, wherein substep (c1) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS), and (c2) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein substep (c2) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (d) the first computer modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and (e) the first computer forwarding the one or more modified packets of data to the second computer, wherein step (e) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).
-
Specification