Token-based secure data management

US 9,419,841 B1
Filed: 06/29/2011
Issued: 08/16/2016
Est. Priority Date: 06/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by one or more computing devices, encrypted user data that includes sensitive user data and related nonsensitive user data related to a transaction;

decrypting, by at least one of the one or more computing devices, the encrypted user data;

generating, by at least one of the one or more computing devices, a token for the sensitive user data, the token including a description of a data type of the sensitive user data and a randomly generated string;

storing, with a first data storage service by at least one of the one or more computing devices, the sensitive user data;

storing, with a second data storage service by at least one or more computing devices, the token with the related nonsensitive data;

providing, to a first entity by at least one of the one or more computing devices, the token and the related nonsensitive data, the token provided in place of the sensitive user data;

receiving, by at least one of the one or more computing devices, a request for the sensitive user data from a second entity, wherein the request includes the token previously provided to the first entity and subsequently provided to the second entity by the first;

determining by at least one of the one or more computing devices, an authorization of the second entity to access the sensitive user data based on access policies for the second entity; and

providing, by at least one of the one or more computing devices, the sensitive user data to the second entity in accordance with the access policies for the second entity;

wherein;

the access policies for the second entity specify that the second entity is authorized to receive only a portion of the sensitive user data; and

providing the sensitive user data to the second entity further comprises providing only the portion of the sensitive user data specified by the access policies for the second entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.

61 Citations

View as Search Results

19 Claims

1. A method comprising:
- receiving, by one or more computing devices, encrypted user data that includes sensitive user data and related nonsensitive user data related to a transaction;
  
  decrypting, by at least one of the one or more computing devices, the encrypted user data;
  
  generating, by at least one of the one or more computing devices, a token for the sensitive user data, the token including a description of a data type of the sensitive user data and a randomly generated string;
  
  storing, with a first data storage service by at least one of the one or more computing devices, the sensitive user data;
  
  storing, with a second data storage service by at least one or more computing devices, the token with the related nonsensitive data;
  
  providing, to a first entity by at least one of the one or more computing devices, the token and the related nonsensitive data, the token provided in place of the sensitive user data;
  
  receiving, by at least one of the one or more computing devices, a request for the sensitive user data from a second entity, wherein the request includes the token previously provided to the first entity and subsequently provided to the second entity by the first;
  
  determining by at least one of the one or more computing devices, an authorization of the second entity to access the sensitive user data based on access policies for the second entity; and
  
  providing, by at least one of the one or more computing devices, the sensitive user data to the second entity in accordance with the access policies for the second entity;
  
  wherein;
  
  the access policies for the second entity specify that the second entity is authorized to receive only a portion of the sensitive user data; and
  
  providing the sensitive user data to the second entity further comprises providing only the portion of the sensitive user data specified by the access policies for the second entity.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as recited in claim 1, wherein the sensitive user data is not provided by at least one of the one or more computing devices to the first entity.
  - 3. The method as recited in claim 1, further comprising:
    - assigning a time to live to the sensitive user data;
      
      deleting the sensitive user data following expiration of the time to live; and
      
      as a result of deleting the sensitive user data, sending an instruction to the first entity to delete the token corresponding to the sensitive user data.
  - 4. The method as recited in claim 1, wherein the token further includes an identifier (ID), the ID corresponding to at least one of:
    - a user ID;
      
      ora transaction ID.
  - 5. The method as recited in claim 1, further comprising:
    - receiving a request for the sensitive user data from a third entity, wherein the request includes the token provided to the first; and
      
      providing a portion of the sensitive user data to the third entity in accordance with access policies for the third entity, the portion of the sensitive user data provided to the third entity being a different amount of the sensitive user data than an amount of the sensitive user data provided to the second entity.

6. A method comprising:
- receiving, by one or more computing devices sensitive data and related nonsenstive data, a first time, wherein the sensitive data and related nonsensitive data are related to a transaction;
  
  generating, by at least one of the one or more computing devices, a first token for the sensitive data, the first token including a description of a data type of the sensitive data and a first randomly generated string;
  
  storing, by at least one of the one or more computing devices, the sensitive data as secure data;
  
  providing, by at least one of the one or more computing devices, the related nonsensitive data and the first token in place of the sensitive data to an entity authorized to receive the related nonsensitive data for the transaction;
  
  receiving, by at least one of the one or more computing devices, the sensitive data a second time;
  
  generating, by at least one of the one or more computing devices, a second token for the sensitive data, the second token including a second randomly generated string that is different than the first randomly generated string associated with the first token;
  
  receiving, by at least one of the one or more computing devices, a demand from one or more data consumers desiring to access the sensitive data and the nonsensitive data; and
  
  establishing, by at least one of the one or more computing devices, access policies defining authorizations of each of the one or more data consumers to access the sensitive data and the nonsensitive data;
  
  wherein the access policies specify that different data consumers are provided different amounts of the sensitive data in response to calls received using a same token.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method as recited in claim 6, further comprising:
    - receiving, by at least one of the one or more computing devices, a request from another entity to generate a hash for secure data associated with the first token and for secure data associated with a plurality of additional tokens of a same data type generated for other transactions within a specified period of time; and
      
      providing, by at least one of the one or more computing devices, the hash for the secure data associated with the first token and the hashes for secure data associated with the plurality of additional tokens to the other entity to enable linking different pieces of the secure data stored without revealing content of the secure data.
  - 8. The method as recited in claim 7, wherein two matching hashes indicate that two corresponding pieces of the secure data are linked.
  - 9. The method as recited in claim 6, wherein the sensitive data is distinguished from the nonsensitive data based, at least in part, on indications related to fields of a form received from a user to provide the sensitive data and the nonsensitive data.
  - 10. The method as recited in claim 6, wherein receiving the sensitive data related to the transaction further comprises receiving the sensitive data from a server that separates the sensitive data from the nonsensitive data, the received sensitive data having been encrypted by the server to prevent other entities from accessing the sensitive data.
  - 11. The method as recited in claim 6, further comprising:
    - receiving, by at least one of the one or more computing devices, the first token from a data consumer as a request for the sensitive data;
      
      determining, by at least one of the one or more computing devices, whether the data consumer is authorized to receive the sensitive data based at least in part on access policies established for the data consumer;
      
      encrypting the sensitive data; and
      
      providing the encrypted sensitive data to the data consumer in response to the request.
  - 12. The method as recited in claim 11, further comprising:
    - receiving, by at least one of the one or more computing devices, an update to the access policies;
      
      receiving, by at least one of the one or more computing devices, the first token from the data consumer as a request for the sensitive data; and
      
      providing, by at least one of the one or more computing devices, only a portion of the sensitive data to the data consumer based on the update to the access policies.
  - 13. The method as recited in claim 6, further comprising:
    - assigning a time to live to the sensitive data; and
      
      deleting the sensitive data following expiration of the time to live.

14. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed, cause one or more processors to perform operations comprising:
- receiving a first piece of sensitive data and nonsensitive data associated with the first piece of sensitive data;
  
  generating a first token for the first piece of sensitive data, the first token including a randomly generated first string, and a description of a data type of the first piece of sensitive data;
  
  storing the first piece of sensitive data as secure data;
  
  providing the nonsensitive data associated with the first piece of sensitive data and the first token in place of the first piece of sensitive data to a first entity;
  
  receiving, by a data storage service, a second piece of sensitive data that is same as the first piece of sensitive data;
  
  generating a second token for the second piece of sensitive data, the second token including a randomly generated second string that is different from the first string, and a description of a data type of the second piece of sensitive data;
  
  providing the second token in place of the second piece of sensitive data to a second entity that maintains nonsensitive data associated with the second piece of sensitive data;
  
  receiving a demand from one or more data consumers desiring to access the sensitive data; and
  
  establishing access policies that allow different data consumers to be provided with different amounts of the sensitive data in response to demands received using a same token.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The one or more non-transitory computer-readable media as recited in claim 14, wherein the first entity and the second entity are a same entity.
  - 16. The one or more non-transitory computer-readable media as recited in claim 14, wherein the first token and the second token further include a same data type as part of the respective first token and second token.
  - 17. The one or more non-transitory computer-readable media as recited in claim 16, wherein the first token and the second token further include a same user identifier associated with a particular user as part of the respective first token and second token.
  - 18. The one or more non-transitory computer-readable media as recited in claim 14, wherein the first piece of sensitive data is received by the first entity as part of a first transaction and the second piece of sensitive data is received by the second entity as part of a second transaction.
  - 19. The one or more non-transitory computer-readable media as recited in claim 14, the operations further comprising storing the second piece of sensitive data as a separate instance of the secure data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Mallya, Vaibhav, Kozolchyk, Jonathan, Canavor, Darren E., Fielding, Jeffrey J., McAdams, Darin Keith
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Anderson, Michael D

Application Number

US13/171,672
Time in Patent Office

1,875 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/102   Entity profiles

H04L 67/1097   for distributed storage of ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3239   involving non-keyed hash fu...

H04L 9/40   Network security protocols

Token-based secure data management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Token-based secure data management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links