Tokenized data security

US 8,595,812 B2
Filed: 12/20/2010
Issued: 11/26/2013
Est. Priority Date: 12/18/2009
Status: Active Grant

First Claim

Patent Images

1. A method of tokenizing an account number comprising:

receiving a message;

determining, by a hardware processor, that the message includes an account number;

determining a length of the account number;

selecting a token map based on the length of the account number;

determining a size of a targeted segment based on the length of the account number;

extracting the targeted segment from the account number;

replacing the targeted segment with a token value and a token map version identifier associated with the token map;

receiving a second message;

determining that the second message includes at least a first predetermined number of characters;

determining that the second message includes a second account number;

determining a second length of the second account number;

locating a vendor code within the second account number;

extracting the vendor code;

analyzing the vendor code to determine an expected length of the second account number;

determining whether the second length of the second account number is the same as the expected length;

executing a Luhn test after determining the second length of the second account number is the same as the expected length; and

providing the second account number to a parser after determining the second length is the same as the expected length.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are devices, methods, systems, computer readable storage media for tokenizing data. In some examples, credit card numbers are tokenized using a pre-generated token map and absent the use of a networked database that stores a relatively large quantity of credit card numbers in a central location. The token map may be generated by a token map generator such that the token map can be used by a tokenizer to replace a portion of an account number with a token, and by a detokenizer to replace the token with the original portion of the account number. A pre-parser and parser may also be used to locate an account number and/or token in a message received over a network.

290 Citations

17 Claims

1. A method of tokenizing an account number comprising:
- receiving a message;
  
  determining, by a hardware processor, that the message includes an account number;
  
  determining a length of the account number;
  
  selecting a token map based on the length of the account number;
  
  determining a size of a targeted segment based on the length of the account number;
  
  extracting the targeted segment from the account number;
  
  replacing the targeted segment with a token value and a token map version identifier associated with the token map;
  
  receiving a second message;
  
  determining that the second message includes at least a first predetermined number of characters;
  
  determining that the second message includes a second account number;
  
  determining a second length of the second account number;
  
  locating a vendor code within the second account number;
  
  extracting the vendor code;
  
  analyzing the vendor code to determine an expected length of the second account number;
  
  determining whether the second length of the second account number is the same as the expected length;
  
  executing a Luhn test after determining the second length of the second account number is the same as the expected length; and
  
  providing the second account number to a parser after determining the second length is the same as the expected length.

2. A method of tokenizing an account number comprising:
- receiving a message;
  
  determining, by a hardware processor, that the message includes an account number;
  
  determining a length of the account number;
  
  selecting a token map based on the length of the account number;
  
  determining a size of a targeted segment based on the length of the account number;
  
  extracting the targeted segment from the account number;
  
  replacing the targeted segment with a token value and a token map version identifier associated with the token map;
  
  receiving a second message;
  
  determining that the second message includes at least a first predetermined number of characters;
  
  determining that the second message includes a second account number;
  
  determining a second length of the second account number;
  
  locating a vendor code within the second account number;
  
  extracting the vendor code;
  
  analyzing the vendor code to determine an expected length of the second account number;
  
  determining whether the second length of the second account number is the same as the expected length; and
  
  removing digits from the second account number to define a new length after determining the second length of the second account number is different than the expected length.
- View Dependent Claims (3, 4, 5)
- - 3. The method of claim 2 further comprising:
    - determining a new length of the second account number after the digits are removed; and
      
      determining whether the new length of the second account number is the same as the expected length.
  - 4. The method of claim 2 further comprising providing the second account number to a parser after determining the new length is the same as the expected length.
  - 5. The method of claim 2, wherein the digits that are removed represent an expiration date associated with the second account number.

6. A method of detokenizing an account number comprising:
- receiving a message;
  
  searching, by a hardware processor, for a token pattern in the message;
  
  finding the token pattern in the message;
  
  after finding the token pattern in the message, locating a tokenized account number;
  
  parsing a token from the tokenized account number;
  
  extracting a token map identifier from the token;
  
  retrieving a token map based on the token map identifier;
  
  replacing the token with a targeted segment in the account number; and
  
  validating the token map identifier before retrieving the token map.
- View Dependent Claims (7)
- - 7. The method of claim 6 further comprising:
    - parsing a prefix from the account number; and
      
      parsing a suffix from the account number.

8. A method of detokenizing an account number comprising:
- receiving a message;
  
  searching, by a hardware processor, for a token pattern in the message;
  
  finding the token pattern in the message;
  
  after finding the token pattern in the message, locating a tokenized account number;
  
  parsing a token from the tokenized account number;
  
  extracting a token map identifier from the token;
  
  retrieving a token map based on the token map identifier;
  
  replacing the token with a targeted segment in the account number; and
  
  converting the token to a base 10 number.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8 further comprising executing a Luhn test after converting the token to the base10 number.
  - 10. The method of claim 8 further comprising using the token map to locate the targeted segment.
  - 11. The method of claim 8 further comprising:
    - parsing a prefix from the account number; and
      
      parsing a suffix from the account number.

12. A system comprising:
- at least one hardware processor configured to;
  
  determine that a message includes an account number;
  
  determine a length of the account number;
  
  select a token map based on the length of the account number;
  
  determine a size of a targeted segment based on the length of the account number;
  
  extract the targeted segment from the account number;
  
  receive a second message;
  
  determine that the second message includes at least a first predetermined number of characters;
  
  determine that the second message includes a second account number;
  
  determine a second length of the second account number;
  
  locate a vendor code within the second account number;
  
  extract the vendor code;
  
  analyze the vendor code to determine an expected length of the second account number;
  
  determine whether the second length of the second account number is the same as the expected length;
  
  execute a Luhn test after determining the second length of the second account number is the same as the expected length; and
  
  parse the second account number after determining the second length is the same as the expected length.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the at least one hardware processor is further configured to parse the second account number into a prefix value, middle digits value and suffix value.
  - 14. A system of claim 12, wherein the at least one hardware processor is further configured to:
    - receive a second message;
      
      search for a token pattern in the second message;
      
      find the token pattern in the second message;
      
      after finding the token pattern in the second message, locate a tokenized account number;
      
      parse a token from the tokenized account number;
      
      extract a token map identifier from the token; and
      
      retrieve a token map based on the token map identifier.

15. A system comprising:
- at least one hardware processor configured to;
  
  determine that a message includes an account number;
  
  determine a length of the account number;
  
  select a token map based on the length of the account number;
  
  determine a size of a targeted segment based on the length of the account number;
  
  extract the targeted segment from the account number;
  
  receive a second message;
  
  determine that the second message includes at least a first predetermined number of characters;
  
  determine that the second message includes a second account number;
  
  determine a second length of the second account number;
  
  locate a vendor code within the second account number;
  
  extract the vendor code;
  
  analyze the vendor code to determine an expected length of the second account number;
  
  determine whether the second length of the second account number is the same as the expected length; and
  
  remove digits from the second account number to define a new length after determining the second length of the second account number is different than the expected length.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the at least one hardware processor is further configured to parse the second account number into a prefix value, middle digits value and suffix value after determining the new length is the same as the expected length.
  - 17. The system of claim 15, wherein the at least one hardware processor is further configured to:
    - receive a second message;
      
      search for a token pattern in the second message;
      
      find the token pattern in the second message;
      
      after finding the token pattern in the second message, locate a tokenized account number;
      
      parse a token from the tokenized account number;
      
      extract a token map identifier from the token; and
      
      retrieve a token map based on the token map identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sabre GLBL Inc. (Sabre Corp.)
Original Assignee
Sabre Incorporated (Sabre Corp.)
Inventors
Bomar, Kevin B., Harper, Glenn E.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
AMORIN, CARLOS E

Application Number

US12/973,751
Publication Number

US 20110154467A1
Time in Patent Office

1,072 Days
Field of Search

None
US Class Current

726/9
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/45   Structures or tools for the...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2145   Inheriting rights or proper...

G06Q 20/10   specially adapted for elect...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/385   using an alias or single-us...

G06Q 30/06   Buying, selling or leasing ...

Tokenized data security

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

290 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Tokenized data security

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

290 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others