Distributed tokenization using several substitution steps

US 9,639,716 B2
Filed: 11/16/2015
Issued: 05/02/2017
Est. Priority Date: 03/01/2010
Status: Active Grant

First Claim

Patent Images

1. A method of tokenization, comprising:

accessing a string of characters;

accessing a first token table and a second token table, each of the first token table and the second token table mapping each of a set of input values to a different token value, the first token table different than the second token table;

replacing, by a processor, a first substring of the string of characters with a first token value mapped to a value of the first sub string of characters by the first token table to form a first intermediate string of characters;

replacing a second substring of the intermediate string of characters with a second token value mapped to a value of the second sub string of characters by the second token table to form a second intermediate string of characters; and

combining the second intermediate string of characters with metadata describing the tokenization to form a tokenized string of characters.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed. The method comprises the steps of receiving from a central server at least one, and preferably at least two, static token lookup tables, and receiving a sensitive string of characters. In a first tokenization step, a first substring of characters is substituted with a corresponding first token from the token lookup table(s) to form a first tokenized string of characters, wherein the first substring of characters is a substring of the sensitive string of characters. Thereafter, in a second step of tokenization, a second substring of characters is substituted with a corresponding second token from the token lookup table(s) to form a second tokenized string of characters, wherein the second substring of characters is a substring of the first tokenized string of characters. Optionally, one or more additional tokenization steps is/are used.

Citations

20 Claims

1. A method of tokenization, comprising:
- accessing a string of characters;
  
  accessing a first token table and a second token table, each of the first token table and the second token table mapping each of a set of input values to a different token value, the first token table different than the second token table;
  
  replacing, by a processor, a first substring of the string of characters with a first token value mapped to a value of the first sub string of characters by the first token table to form a first intermediate string of characters;
  
  replacing a second substring of the intermediate string of characters with a second token value mapped to a value of the second sub string of characters by the second token table to form a second intermediate string of characters; and
  
  combining the second intermediate string of characters with metadata describing the tokenization to form a tokenized string of characters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising one or more of:
    - modifying the first substring before replacing the first substring with the first token value, wherein the first token value comprises a token value mapped to a value of the modified first sub string by the first token table, and modifying the second substring before replacing the second substring with the second token value, wherein the second token value comprises a token value mapped to a value of the modified second substring by the second token table.
  - 3. The method of claim 2, wherein one or more of the first sub string or the second substring is modified based at least in part on an initialization vector.
  - 4. The method of claim 1, wherein the second substring comprises fewer characters than the first substring.
  - 5. The method of claim 1, wherein the second substring comprises at least one character not replaced by the first token.
  - 6. The method of claim 1, wherein accessing the first token table and the second token table comprises selecting the first token table and the second token table from a set of token tables.
  - 7. The method of claim 1, wherein the set of input values comprises every possible value of a given input value length.
  - 8. The method of claim 1, wherein the first substring of the string of characters comprises one of:
    - the entire string of characters, and less than all of the string of characters.
  - 9. The method of claim 1, wherein the second substring of the intermediate string of characters comprises one of:
    - the entire intermediate string of characters, and less than all of the intermediate string of characters.
  - 10. The method of claim 1, wherein a length of the combined second intermediate string of characters and metadata is equal a length of the intermediate string of characters.

11. A system comprising:
- a processor and a non-transitory computer-readable medium storing executable computer instructions configured to, when executed by the processor, cause the system to perform steps comprising;
  
  accessing a string of characters;
  
  accessing a first token table and a second token table, each of the first token table and the second token table mapping each of a set of input values to a different token value, the first token table different than the second token table;
  
  replacing a first substring of the string of characters with a first token value mapped to a value of the first substring of characters by the first token table to form a first intermediate string of characters;
  
  replacing a second substring of the intermediate string of characters with a second token value mapped to a value of the second sub string of characters by the second token table to form a second intermediate string of characters; and
  
  combining the second intermediate string of characters with metadata describing the tokenization to form a tokenized string of characters.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, the instructions further configured to perform steps comprising one or more of:
    - modifying the first substring before replacing the first substring with the first token value, wherein the first token value comprises a token value mapped to a value of the modified first substring by the first token table, and modifying the second substring before replacing the second substring with the second token value, wherein the second token value comprises a token value mapped to a value of the modified second substring by the second token table.
  - 13. The system of claim 12, wherein one or more of the first substring or the second substring is modified based at least in part on an initialization vector.
  - 14. The system of claim 11, wherein the second substring comprises fewer characters than the first substring.
  - 15. The system of claim 11, wherein the second substring comprises at least one character not replaced by the first token.

16. A non-transitory computer-readable storage medium storing executable computer instructions that, when executed by a hardware processor, perform steps comprising:
- accessing a string of characters;
  
  accessing a first token table and a second token table, each of the first token table and the second token table mapping each of a set of input values to a different token value, the first token table different than the second token table;
  
  replacing a first substring of the string of characters with a first token value mapped to a value of the first substring of characters by the first token table to form a first intermediate string of characters;
  
  replacing a second substring of the intermediate string of characters with a second token value mapped to a value of the second sub string of characters by the second token table to form a second intermediate string of characters; and
  
  combining the second intermediate string of characters with metadata describing the tokenization to form a tokenized string of characters.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the instructions, when executed, perform one or more further steps comprising:
    - modifying the first substring before replacing the first substring with the first token value, wherein the first token value comprises a token value mapped to a value of the modified first sub string by the first token table, and modifying the second substring before replacing the second substring with the second token value, wherein the second token value comprises a token value mapped to a value of the modified second substring by the second token table.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein one or more of the first substring or the second substring is modified based at least in part on an initialization vector.
  - 19. The non-transitory computer-readable storage medium of claim 16, wherein the second substring comprises fewer characters than the first substring.
  - 20. The non-transitory computer-readable storage medium of claim 16, wherein the second substring comprises at least one character not replaced by the first token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity US Holding LLC
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf
Primary Examiner(s)
Dang, Thanh-Ha

Application Number

US14/942,668
Publication Number

US 20160070927A1
Time in Patent Office

533 Days
Field of Search

707802
US Class Current
CPC Class Codes

G06F 16/90344   by using string matching te...

G06F 21/6245   Protecting personal data, e...

G07F 7/084   Additional components relat...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 9/083   involving central third par...

H04L 9/0897   involving additional device...

Distributed tokenization using several substitution steps

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed tokenization using several substitution steps

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links