Collision avoidance in a distributed tokenization environment
First Claim
1. A computer-implemented method for tokenizing data in a distributed tokenization environment comprising a central token management system communicatively coupled to a plurality of clients, the method comprising:
- receiving, by each of the plurality of clients each associated with a numeric identifier, a set of values from the central token management system such that each value in each set of values is not included in any other set of values and such that the set of values comprises a range of values associated with the numeric identifier associated with the client;
receiving, at a client, sensitive data to be tokenized;
querying a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to a different value; and
responsive to a determination that the token table does not include a token mapped to a value of the portion of the sensitive data;
after the client receives the set of values from the central token management system, generating a token unique to the client by selecting a value from the set of values received by the client from the central token management system, the selected value not included in any other set of values received by any other client of the plurality of clients;
tokenizing the sensitive data using the generated token; and
storing the generated token in the token table associated with the client.
1 Assignment
0 Petitions
Accused Products
Abstract
A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.
13 Citations
12 Claims
-
1. A computer-implemented method for tokenizing data in a distributed tokenization environment comprising a central token management system communicatively coupled to a plurality of clients, the method comprising:
-
receiving, by each of the plurality of clients each associated with a numeric identifier, a set of values from the central token management system such that each value in each set of values is not included in any other set of values and such that the set of values comprises a range of values associated with the numeric identifier associated with the client; receiving, at a client, sensitive data to be tokenized; querying a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to a different value; and responsive to a determination that the token table does not include a token mapped to a value of the portion of the sensitive data; after the client receives the set of values from the central token management system, generating a token unique to the client by selecting a value from the set of values received by the client from the central token management system, the selected value not included in any other set of values received by any other client of the plurality of clients; tokenizing the sensitive data using the generated token; and storing the generated token in the token table associated with the client. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory computer-readable medium storing executable computer instructions for tokenizing data in a distributed tokenization environments comprising a central token management system communicatively coupled to a plurality of clients, the instructions configured to:
-
receive, by each of the plurality of clients each associated with a numeric identifier, a set of values from the central token management system such that each value in each set of values is not included in any other set of values and such that the set of values comprises a range of values associated with the numeric identifier associated with the client; receive, at a client, sensitive data to be tokenized; query a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to a different value; and responsive to a determination that the token table does not include a token mapped to a value of the portion of the sensitive data; after the client receives the set of values from the central token management system, generate a token unique to the client by selecting a value from the set of values received by the client from the central token management system, the selected value not included in any other set of values received by any other client of the plurality of clients; and store the generated token in the token table associated with the client. - View Dependent Claims (6, 7, 8)
-
-
9. A system for tokenizing data comprising:
-
a plurality of client devices, each client device comprising a hardware processor and a non-transitory computer readable medium comprising instructions, the instructions when executed by the processor of the client device, cause the processor of the client device to; receive, by each of the plurality of client devices each associated with a numeric identifier, a set of values from a central token management system such that each value in each set of values is not included in any other set of values and such that the set of values comprises a range of values associated with the numeric identifier associated with the client; receive sensitive data to be tokenized; query a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to a different value; and responsive to a determination that the token table does not include a token mapped to a value of the portion of the sensitive data; after the client receives the set of values from the central token management system, generate a token unique to the client device by selecting a value from the set of values received by the client from the central token management system, the selected value not included in any other set of values received by any other client of the plurality of clients; and store the generated token in the token table associated with the client device; and the central token management system communicatively coupled to the plurality of client devices. - View Dependent Claims (10, 11)
-
-
12. A computer-implemented method for tokenizing data in a distributed tokenization environment comprising a central token management system communicatively coupled to a plurality of clients, the method comprising:
-
receiving, by each of the plurality of clients each associated with a numeric identifier, a set of values from the central token management system such that each value in each set of values is not included in any other set of values and such that the set of values comprises a range of values associated with the numeric identifier associated with the client; receiving, at a client, data to be tokenized; querying a token table associated with the client with a portion of the data to determine if the token table includes a token mapped to a value of the portion of the data, the token table storing a plurality of tokens each mapped to a different value; and responsive to a determination that the token table does not include a token mapped to a value of the portion of the data; after the receiving, by the client, the set of values from the central token management system, generating a token unique to the client by selecting a value from the set of values received by the client from the central token management system, the selected value not included in any other set of values received by other clients of the plurality of clients; and tokenizing the data using the generated token.
-
Specification