System for protecting sensitive data with distributed tokenization
First Claim
1. A method of generating a token using computing equipment associated with a token generating organization, comprising:
- with the computing equipment, receiving a token request from a token requestor over a communications network, wherein the token request includes a number;
with the computing equipment, mapping half of the number to a half-token;
with the computing equipment, modifying the half-token;
with the computing equipment, mapping the modified half-token to an additional half-token;
with the computing equipment, modifying the additional half-token; and
with the computing equipment, combining the modified half-token and the modified additional half-token to form the token.
12 Assignments
0 Petitions
Accused Products
Abstract
A token generating organization may include distributed tokenization systems for generating tokens corresponding to sensitive information. Sensitive information may include sensitive numbers such as social security numbers, credit card numbers or other private numbers. A tokenization system may include multiple physically distinct hardware platforms each having a tokenization server and a database. A tokenization server may run portions of a sensitive number through a predetermined number of rounds of a Feistel network. Each round of the Feistel network may include tokenizing portions of the sensitive number using a fractional token table stored an associated database and modifying the tokenized portions by reversibly adding portions of the sensitive number to the tokenized portions. The fractional token table may include partial sensitive numbers and corresponding partial tokens. A sensitive-information-recovery request including the token may be directed to the token generating organization from the token requestor to recover sensitive information.
-
Citations
7 Claims
-
1. A method of generating a token using computing equipment associated with a token generating organization, comprising:
-
with the computing equipment, receiving a token request from a token requestor over a communications network, wherein the token request includes a number; with the computing equipment, mapping half of the number to a half-token; with the computing equipment, modifying the half-token; with the computing equipment, mapping the modified half-token to an additional half-token; with the computing equipment, modifying the additional half-token; and with the computing equipment, combining the modified half-token and the modified additional half-token to form the token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification