Distributed tokenization using several substitution steps

US 9,219,716 B2
Filed: 04/21/2014
Issued: 12/22/2015
Est. Priority Date: 03/01/2010
Status: Active Grant

First Claim

Patent Images

1. A method of tokenization, comprising:

accessing a string of characters;

accessing a first token table and a second token table, each of the first token table and the second token table mapping each of a set of values to a different token, the first token table different than the second token table;

replacing, by a processor, a first substring of the string of characters with a first token mapped to a value of the first substring of characters by the first token table to form an intermediate string of characters; and

replacing a second substring of the intermediate string of characters with a second token mapped to a value of the second substring of characters by the second token table to form a tokenized string of characters, the second substring comprising at least one character replaced by the first token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed. The method comprises the steps of receiving from a central server at least one, and preferably at least two, static token lookup tables, and receiving a sensitive string of characters. In a first tokenization step, a first substring of characters is substituted with a corresponding first token from the token lookup table(s) to form a first tokenized string of characters, wherein the first substring of characters is a substring of the sensitive string of characters. Thereafter, in a second step of tokenization, a second substring of characters is substituted with a corresponding second token from the token lookup table(s) to form a second tokenized string of characters, wherein the second substring of characters is a substring of the first tokenized string of characters. Optionally, one or more additional tokenization steps is/are used.

Citations

20 Claims

1. A method of tokenization, comprising:
- accessing a string of characters;
  
  accessing a first token table and a second token table, each of the first token table and the second token table mapping each of a set of values to a different token, the first token table different than the second token table;
  
  replacing, by a processor, a first substring of the string of characters with a first token mapped to a value of the first substring of characters by the first token table to form an intermediate string of characters; and
  
  replacing a second substring of the intermediate string of characters with a second token mapped to a value of the second substring of characters by the second token table to form a tokenized string of characters, the second substring comprising at least one character replaced by the first token.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising one or more of:
    - modifying the first substring before replacing the first substring, and modifying the second substring before replacing the second substring.
  - 3. The method of claim 2, wherein one or more of the first substring or the second substring is modified based at least in part on an initialization vector.
  - 4. The method of claim 1, wherein the second substring comprises fewer characters than the first substring.
  - 5. The method of claim 1, wherein the second substring comprises at least one character not replaced by the first token.

6. A system comprising:
- a processor and a non-transitory computer-readable medium storing executable computer instructions configured to, when executed by the processor, caused the system to perform steps comprising;
  
  accessing a string of characters;
  
  accessing a first token table and a second token table, each of the first token table and the second token table mapping each of a set of values to a different token, the first token table different than the second token table;
  
  replacing a first substring of the string of characters with a first token mapped to a value of the first substring of characters by the first token table to form an intermediate string of characters; and
  
  replacing a second substring of the intermediate string of characters with a second token mapped to a value of the second substring of characters by the second token table to form a tokenized string of characters, the second substring comprising at least one character replaced by the first token.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, the instructions further configured to perform steps comprising one or more of:
    - modifying the first substring before replacing the first substring, and modifying the second substring before replacing the second substring.
  - 8. The system of claim 7, wherein one or more of the first substring or the second substring is modified based at least in part on an initialization vector.
  - 9. The system of claim 6, wherein the second substring comprises fewer characters than the first substring.
  - 10. The system of claim 6, wherein the second substring comprises at least one character not replaced by the first token.

11. A method of tokenization, comprising:
- accessing a string of characters;
  
  producing, by a processor, an intermediate string of characters by replacing a first portion of the string of characters with a first token mapped to a value of the first portion of the string of characters by a first token table; and
  
  producing a tokenized string of characters by replacing a second portion of the intermediate string of characters with a second token mapped to a value of the second portion of the intermediate string of characters by a second token table, wherein the second portion of the intermediate string of characters includes at least one character replaced by the first token.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising one or more of:
    - modifying the first portion of the string of characters before replacing the first portion, and modifying the second portion of the string of characters before replacing the second portion.
  - 13. The method of claim 12, wherein one or more of the first portion or the second portion is modified based at least in part on an initialization vector.
  - 14. The method of claim 11, wherein the second token is not equivalent to the first token.
  - 15. The method of claim 14, wherein the second portion of the intermediate string of characters comprises a portion of characters not replaced by the first token.

16. A system comprising:
- a processor and a non-transitory computer-readable medium storing executable computer instructions configured to, when executed by the processor, cause the system to perform steps comprising;
  
  accessing a string of characters;
  
  producing an intermediate string of characters by replacing a first portion of the string of characters with a first token mapped to a value of the first portion of the string of characters by a first token table; and
  
  producing a tokenized string of characters by replacing a second portion of the intermediate string of characters with a second token mapped to a value of the second portion of the intermediate string of characters by a second token table, wherein the second portion of the intermediate string of characters includes at least one character replaced by the first token.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, the instructions further configured to perform steps comprising one or more of:
    - modifying the first portion of the string of characters before replacing the first portion, and modifying the second portion of the string of characters before replacing the second portion.
  - 18. The system of claim 17, wherein one or more of the first portion or the second portion is modified based at least in part on an initialization vector.
  - 19. The system of claim 16, wherein the second token is not equivalent to the first token.
  - 20. The system of claim 19, wherein the second portion of the intermediate string of characters comprises a portion of characters not replaced by the first token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity US Holding LLC
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf
Primary Examiner(s)
DANG, THANH HA T

Application Number

US14/257,875
Publication Number

US 20140230072A1
Time in Patent Office

610 Days
Field of Search

707/802, 707/756
US Class Current

1/1
CPC Class Codes

G06F 16/90344   by using string matching te...

G06F 21/6245   Protecting personal data, e...

G07F 7/084   Additional components relat...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 9/083   involving central third par...

H04L 9/0897   involving additional device...

Distributed tokenization using several substitution steps

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed tokenization using several substitution steps

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links