Table-connected tokenization

US 9,237,006 B2
Filed: 09/30/2013
Issued: 01/12/2016
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A method for tokenizing data, comprising:

receiving sensitive data to be tokenized;

querying an initialization vector table with a first portion of the sensitive data comprising less than all of the sensitive data to access an initialization vector;

modifying, by one or more hardware processors, a second portion of the sensitive data different than the first portion of the sensitive data with the initialization vector;

selecting a token table from a set of token tables based on a third portion of the sensitive data; and

tokenizing, by one or more hardware processors, the modified second portion of the sensitive data using the selected token table.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.

Citations

20 Claims

1. A method for tokenizing data, comprising:
- receiving sensitive data to be tokenized;
  
  querying an initialization vector table with a first portion of the sensitive data comprising less than all of the sensitive data to access an initialization vector;
  
  modifying, by one or more hardware processors, a second portion of the sensitive data different than the first portion of the sensitive data with the initialization vector;
  
  selecting a token table from a set of token tables based on a third portion of the sensitive data; and
  
  tokenizing, by one or more hardware processors, the modified second portion of the sensitive data using the selected token table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the sensitive data is one of:
    - a password, a credit card number, a social security number, a bank account number, a driver'"'"'s license number, information associated with a financial transaction, or date information.
  - 3. The method of claim 1, further comprising querying one or more additional initialization vector tables with different portions of the sensitive data to access one or more initialization vectors.
  - 4. The method of claim 1, wherein the initialization vector table comprises one or more initialization vector columns and an index column.
  - 5. The method of claim 4, wherein one initialization vector in each initialization vector column is associated with each entry of the index column.
  - 6. The method of claim 5, wherein querying an initialization vector table comprises determining an index column entry equal to the value of the first portion of the sensitive data to access the initialization vectors associated with the determined index column entry.
  - 7. The method of claim 1, further comprising selecting one or more additional token tables from one or more additional token table sets based on one or more portions of the third portion of the sensitive data.
  - 8. The method of claim 7, wherein each set of token tables is stored on a different server.
  - 9. The method of claim 1, wherein tokenizing the modified second portion comprises querying the selected token table with the modified second portion to access a token mapped by the selected token table to an index value equal to the value of the modified second portion, and replacing the modified second portion with the accessed token.
  - 10. The method of claim 1, wherein the first, second, and third portions of the sensitive data do not overlap.

11. A tokenization system comprising:
- an interface module configured to receive sensitive data to be tokenized; and
  
  a tokenization module comprising one or more hardware processors configured to tokenize the sensitive data by;
  
  querying an initialization vector table with a first portion of the sensitive data comprising less than all of the sensitive data to access an initialization vector;
  
  modifying a second portion of the sensitive data different than the first portion of the sensitive data with the initialization vector;
  
  selecting a token table from a set of token tables based on a third portion of the sensitive data; and
  
  tokenizing the modified second portion of the sensitive data using the selected token table.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The tokenization system of claim 11, wherein the sensitive data is one of:
    - a password, a credit card number, a social security number, a bank account number, a driver'"'"'s license number, information associated with a financial transaction, or date information.
  - 13. The tokenization system of claim 11, wherein the tokenization module is further configured to query one or more additional initialization vector tables with different portions of the sensitive data to access one or more initialization vectors.
  - 14. The tokenization system of claim 11, wherein the initialization vector table comprises one or more initialization vector columns and an index column.
  - 15. The tokenization system of claim 14, wherein one initialization vector in each initialization vector column is associated with each entry of the index column.
  - 16. The tokenization system of claim 15, wherein querying an initialization vector table comprises determining an index column entry equal to the value of the first portion of the sensitive data to access the initialization vectors associated with the determined index column entry.
  - 17. The tokenization system of claim 11, wherein the tokenization module is further configured to select one or more additional token tables from one or more additional token table sets based on one or more portions of the third portion of the sensitive data.
  - 18. The tokenization system of claim 17, wherein each set of token tables is stored on a different server.
  - 19. The tokenization system of claim 11, wherein tokenizing the modified second portion comprises querying the selected token table with the modified second portion to access a token mapped by the selected token table to an index value equal to the value of the modified second portion, and replacing the modified second portion with the accessed token.

20. A method for tokenizing data, comprising:
- receiving sensitive data to be tokenized;
  
  selecting an initialization vector from a set of initialization vectors based on a first portion of the sensitive data comprising less than all of the sensitive data;
  
  selecting a token table from a set of token tables based on a second portion of the sensitive data; and
  
  tokenizing, by one or more hardware processors, a third portion of the sensitive data different than the first portion of the sensitive data and the second portion of the sensitive data using the selected token table and the selected initialization vector.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity US Holding LLC
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf, Rozenberg, Yigal, Levy, Vichai
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US14/042,314
Publication Number

US 20150095252A1
Time in Patent Office

834 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

G06F 16/2455   Query execution

G06F 16/258   Data format conversion from...

G06F 16/84   Mapping; Conversion

G06F 21/6254   by anonymising data, e.g. d...

G06Q 50/265   Personal security, identity...

H04L 63/0428   wherein the data content is...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/20   for managing network securi...

H04L 9/06   the encryption apparatus us...

Table-connected tokenization

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Table-connected tokenization

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links