Tokenization in mobile environments
First Claim
1. A method for tokenizing data, comprising:
- establishing, by a hardware input/output interface of a communication system, a temporary communication session with a mobile device via a communication channel between the communication system and the mobile device;
receiving, by the hardware input/output interface, data from the client system via the communication channel and during the temporary communication session;
identifying, by an interface controller of the communication system, a portion of the received data for tokenization;
accessing, by the interface controller, session information uniquely identifying the temporary communication session between the communication system and the client system;
selecting, by a token server of the communication system communicatively coupled to the hardware input/output interface via a first hardware communication bus and configured to receive the session information via the first hardware communication bus, one or more token tables from a set of token tables stored within a memory of the token server based on the accessed session information, every token table in the set of token tables mapping, for an input string of a particular length and for a particular set of input string characters, every possible input string value to a different token before the temporary communication session is established;
receiving, by a security engine of the communication system communicatively coupled to the token server via a second hardware communication bus and communicatively coupled to the hardware input/output interface via a third hardware communication bus, the second one or more token tables via the second hardware communication bus;
receiving, by the security engine, the identified portion of the received data via the third hardware communication bus;
tokenizing, by the security engine, the identified portion of the received data using the selected one or more token tables; and
outputting, to a client system external to the communication system via a second communication channel between the communication system and the client system, the tokenized data.
3 Assignments
0 Petitions
Accused Products
Abstract
Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.
-
Citations
16 Claims
-
1. A method for tokenizing data, comprising:
-
establishing, by a hardware input/output interface of a communication system, a temporary communication session with a mobile device via a communication channel between the communication system and the mobile device; receiving, by the hardware input/output interface, data from the client system via the communication channel and during the temporary communication session; identifying, by an interface controller of the communication system, a portion of the received data for tokenization; accessing, by the interface controller, session information uniquely identifying the temporary communication session between the communication system and the client system; selecting, by a token server of the communication system communicatively coupled to the hardware input/output interface via a first hardware communication bus and configured to receive the session information via the first hardware communication bus, one or more token tables from a set of token tables stored within a memory of the token server based on the accessed session information, every token table in the set of token tables mapping, for an input string of a particular length and for a particular set of input string characters, every possible input string value to a different token before the temporary communication session is established; receiving, by a security engine of the communication system communicatively coupled to the token server via a second hardware communication bus and communicatively coupled to the hardware input/output interface via a third hardware communication bus, the second one or more token tables via the second hardware communication bus; receiving, by the security engine, the identified portion of the received data via the third hardware communication bus; tokenizing, by the security engine, the identified portion of the received data using the selected one or more token tables; and outputting, to a client system external to the communication system via a second communication channel between the communication system and the client system, the tokenized data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A communication system for tokenizing data, comprising:
-
a hardware input/output interface configured to establish a temporary communication session with a client system external to the communication system via a communication channel and to receive data from the client system via the communication channel and during the temporary communication session; an interface controller configured to; identify a portion of the received data for tokenization; and access session information uniquely identifying the temporary communication session between the communication system and the client system; a token server communicatively coupled to the hardware input/output interface via a first hardware communication bus and configured to receive the session information via the first hardware communication bus and select one or more token tables from a set of token tables stored within a memory of the token server based on the accessed session information, every token table in the set of token tables mapping, for an input string of a particular length and for a particular set of input string characters, every possible input string value to a different token before the temporary communication session is established; and a security engine communicatively coupled to the token server via a second hardware communication bus and communicatively coupled to the hardware input/output interface via a third hardware communication bus and configured to; receive, via the second hardware communication bus, the selected one or more token tables; receive, via the third hardware communication bus, the identified portion of the received data; tokenize the identified portion of the received data using the selected one or more token tables; and output, to a second client system external to the communication system via a second communication channel, the tokenized data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification