System for protecting sensitive data with distributed tokenization

US 8,595,850 B2
Filed: 02/01/2012
Issued: 11/26/2013
Est. Priority Date: 01/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method of generating a token using computing equipment associated with a token generating organization, comprising:

with the computing equipment, receiving a token request from a token requestor over a communications network, wherein the token request includes a number;

with the computing equipment, mapping half of the number to a half-token;

with the computing equipment, modifying the half-token;

with the computing equipment, mapping the modified half-token to an additional half-token;

with the computing equipment, modifying the additional half-token; and

with the computing equipment, combining the modified half-token and the modified additional half-token to form the token.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token generating organization may include distributed tokenization systems for generating tokens corresponding to sensitive information. Sensitive information may include sensitive numbers such as social security numbers, credit card numbers or other private numbers. A tokenization system may include multiple physically distinct hardware platforms each having a tokenization server and a database. A tokenization server may run portions of a sensitive number through a predetermined number of rounds of a Feistel network. Each round of the Feistel network may include tokenizing portions of the sensitive number using a fractional token table stored an associated database and modifying the tokenized portions by reversibly adding portions of the sensitive number to the tokenized portions. The fractional token table may include partial sensitive numbers and corresponding partial tokens. A sensitive-information-recovery request including the token may be directed to the token generating organization from the token requestor to recover sensitive information.

Citations

7 Claims

1. A method of generating a token using computing equipment associated with a token generating organization, comprising:
- with the computing equipment, receiving a token request from a token requestor over a communications network, wherein the token request includes a number;
  
  with the computing equipment, mapping half of the number to a half-token;
  
  with the computing equipment, modifying the half-token;
  
  with the computing equipment, mapping the modified half-token to an additional half-token;
  
  with the computing equipment, modifying the additional half-token; and
  
  with the computing equipment, combining the modified half-token and the modified additional half-token to form the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method defined in claim 1 wherein modifying the half-token comprises modifying the half-token using a remaining half of the number.
  - 3. The method defined in claim 2 wherein modifying the additional half-token comprises modifying the additional half-token using the half of the number.
  - 4. The method defined in claim 3 wherein modifying the half-token using the remaining half of the number comprises reversibly adding the remaining half of the number to the half-token.
  - 5. The method defined in claim 4 wherein modifying the additional half-token using the half of the number comprises reversibly adding the half of the number to the additional half-token.
  - 6. The method defined in claim 1 wherein combining the modified half-token and the modified additional half-token to form the token comprises appending the modified additional half-token to the modified half-token.
  - 7. The method defined in claim 1 wherein the number comprises a primary account number, wherein the computing equipment includes a local database, wherein mapping half of the number to the half-token comprises mapping half of the primary account number to the half-token using a half-token table stored on the local database, wherein the half-token table includes a list of all possible half-primary-account-numbers and a list of half-tokens, and wherein each half-token uniquely corresponds to one of the half-primary-account-numbers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Spies, Terence, Minner, Richard T.
Primary Examiner(s)
Patel, Haresh N

Application Number

US13/364,288
Publication Number

US 20130198851A1
Time in Patent Office

664 Days
Field of Search

726/6, 726/7, 726/9, 726/26, 713/183, 713/193, 705/71
US Class Current

726/26
CPC Class Codes

G06Q 99/00   Subject matter not provided...

H04L 9/0625   with splitting of the data ...

H04L 9/0897   involving additional device...

System for protecting sensitive data with distributed tokenization

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

System for protecting sensitive data with distributed tokenization

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links