Data protection hub

US 9,547,769 B2
Filed: 07/03/2013
Issued: 01/17/2017
Est. Priority Date: 07/03/2012
Status: Active Grant

First Claim

Patent Images

1. A data protection hub, comprising:

a hardware random number generator configured to generate random numbers;

a cryptoprocessor configured to perform cryptographic operations;

a processor coupled to the hardware random number generator and the cryptoprocessor and configured for executing code;

networking apparatus configured to receive from a client computer, a data protection request message comprising unprotected data, a data protection policy file and one or more policy parameters;

a non-transitory computer-readable storage medium, comprising code executable by the processor for;

determining a data protection transformation by parsing the data protection policy file, wherein the data protection policy file is used to determine the data protection transformation based on the one or more policy parameters;

selecting one or more of the hardware random number generator or the cryptoprocessor based on the determined data protection transformation;

performing, using the selected one or more of the hardware random number generator or the cryptoprocessor, the data protection transformation on the unprotected data to generate protected data, wherein the data protection transformation comprises;

hashing the unprotected data using one of a plurality of hashing algorithms, based on the determined data protection transformation; and

masking sensitive data fields of the unprotected data based on further determining that the sensitive data fields includes unprotected data; and

the networking apparatus further configured to send the protected data, to the client computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention broadly described, introduce systems and methods for protecting data at a data protection hub using a data protection policy. One embodiment of the invention discloses a method for protecting unprotected data. The method comprises receiving a data protection request message comprising unprotected data and one or more policy parameters, determining a data protection transformation using the policy parameters, performing the data protection transformation on the unprotected data to generate protected data, and sending the protected data.

Citations

10 Claims

1. A data protection hub, comprising:
- a hardware random number generator configured to generate random numbers;
  
  a cryptoprocessor configured to perform cryptographic operations;
  
  a processor coupled to the hardware random number generator and the cryptoprocessor and configured for executing code;
  
  networking apparatus configured to receive from a client computer, a data protection request message comprising unprotected data, a data protection policy file and one or more policy parameters;
  
  a non-transitory computer-readable storage medium, comprising code executable by the processor for;
  
  determining a data protection transformation by parsing the data protection policy file, wherein the data protection policy file is used to determine the data protection transformation based on the one or more policy parameters;
  
  selecting one or more of the hardware random number generator or the cryptoprocessor based on the determined data protection transformation;
  
  performing, using the selected one or more of the hardware random number generator or the cryptoprocessor, the data protection transformation on the unprotected data to generate protected data, wherein the data protection transformation comprises;
  
  hashing the unprotected data using one of a plurality of hashing algorithms, based on the determined data protection transformation; and
  
  masking sensitive data fields of the unprotected data based on further determining that the sensitive data fields includes unprotected data; and
  
  the networking apparatus further configured to send the protected data, to the client computer.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The data protection hub of claim 1, the method further comprising:
    - determining, using the one or more policy parameters an encryption algorithm and encryption key, wherein the data protection transformation encrypts the unprotected data using the encryption algorithm and encryption key.
  - 3. The data protection hub of claim 1, the method further comprising:
    - determining, using the one or more policy parameters, a tokenization algorithm and format, wherein the data protection transformation tokenizes the unprotected data using the tokenization algorithm and format.
  - 4. The data protection hub of claim 1, the method further comprising:
    - receiving the protected data;
      
      performing a data deprotection transformation on the protected data to determine the unprotected data; and
      
      sending the unprotected data.
  - 5. The data protection hub of claim 1, the method further comprising:
    - receiving a data migration request message comprising an indication of the protected data to migrate;
      
      determining transformation data parameters associated with the protected data; and
      
      sending the transformation data parameters to a second data protection hub.

6. A computer-implemented method comprising:
- receiving, by a processor, a data protection request message from a client computer, the message comprising unprotected data, a data protection file and one or more policy parameters;
  
  determining, by the processor, a data protection transformation by parsing the data protection policy file, wherein the data protection policy file is used to determine the data protection transformation based on the one or more policy parameters;
  
  selecting one or more of a hardware random number generator or a cryptoprocessor based on the determined data protection transformation, wherein;
  
  the hardware random number generator generates random numbers, andthe cryptoprocessor performs cryptographic operations;
  
  performing, using the selected one or more of the hardware random number generator or the cryptoprocessor, the data protection transformation on the unprotected data to generate protected data, wherein the data protection transformation comprises;
  
  hashing the unprotected data using one of a plurality of hashing algorithms, based on the determined data protection transformation; and
  
  masking sensitive data fields of the unprotected data based on further determining that the sensitive data fields includes unprotected data; and
  
  sending, by the processor, the protected data to the client computer.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, the method further comprising:
    - determining, using the one or more policy parameters, an encryption algorithm and encryption key, wherein the data protection transformation encrypts the unprotected data using the encryption algorithm and encryption key.
  - 8. The method of claim 6, the method further comprising:
    - determining, using the one or more policy parameters, a tokenization algorithm and format, wherein the data protection transformation tokenizes the unprotected data using the tokenization algorithm and format.
  - 9. The method of claim 6 further comprising:
    - receiving, by the processor, the protected data;
      
      performing, by the processor, a data deprotection transformation on the protected data to determine the unprotected data; and
      
      sending, by the processor, the unprotected data.
  - 10. The method of claim 6 further comprising:
    - receiving a data migration request message comprising an indication of the protected data to migrate;
      
      determining transformation data parameters associated with the protected data; and
      
      sending the transformation data parameters to a second data protection hub.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Aissi, Selim, Nagasundaram, Sekhar
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US13/935,311
Publication Number

US 20140013452A1
Time in Patent Office

1,294 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/604   Tools and structures for ma...

G06F 21/85   interconnection devices, e....

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

Data protection hub

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Data protection hub

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links