Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens

US 9,652,769 B1
Filed: 11/07/2012
Issued: 05/16/2017
Est. Priority Date: 11/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method for generating a token to identify payment information relating to a purchase of a product and/or service from a vendor, the method comprising:

receiving the payment information, by a communications interface of a device, from a billing service acting as a billing agent of the vendor;

identifying, by a tokenization system executed by a processor of the device, a first memory address of a first record of a token database;

generating, by the tokenization system, a unique identifier comprising a timestamp;

determining, by the tokenization system from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor;

aggregating, by the tokenization system, the PAN and the length of the PAN and the unique identifier into an aggregated record;

encrypting, by the tokenization system, the aggregated record using an encryption key to generate an encrypted record;

generating, by the tokenization system, a token key identifier that identifies a second memory address of a second record of the token database, different from the first record;

storing the encrypted record, the token key identifier, and the unique identifier, by the tokenization system, in the first record of the token database at the first memory address;

storing, by the tokenization system in the second record of the token database at the second memory address, an identification of the encryption key;

transmitting, by the communication interface, a token comprising the first memory address and the timestamp to the vendor;

subsequently receiving, by the communication interface from a payment processing system, the token;

extracting, by the tokenization system, the first memory address and the unique identifier from the token;

retrieving, by the tokenization system from the first memory address, the token key identifier identifying the second memory address;

retrieving, by the tokenization system from the second memory address, the identification of the encryption key;

decrypting, by the tokenization system, the aggregated record with the encryption key;

extracting, by the tokenization system, the unique identifier from the aggregated record;

determining, by the tokenization system, that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token; and

responsive to the determination, transmitting, by the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token is generated and processed as a substitute for sensitive information, e.g., payment information associated with a customer making a purchase of a product/service from a vendor. The customer'"'"'s payment information is encrypted and stored in a first memory record of a secure computer system. A token is generated that includes memory-related information identifying the first memory record, and the token is transmitted to the vendor for storage in a customer record. To facilitate payment for the purchase, the vendor transmits the token to another party (e.g., a billing service or payment processor), and the encrypted payment information is read from the first memory record of the secure computer system based on the memory-related information in the token. The encrypted payment information is then decrypted to recover the payment information which is then used to effect payment.

62 Citations

View as Search Results

8 Claims

1. A method for generating a token to identify payment information relating to a purchase of a product and/or service from a vendor, the method comprising:
- receiving the payment information, by a communications interface of a device, from a billing service acting as a billing agent of the vendor;
  
  identifying, by a tokenization system executed by a processor of the device, a first memory address of a first record of a token database;
  
  generating, by the tokenization system, a unique identifier comprising a timestamp;
  
  determining, by the tokenization system from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor;
  
  aggregating, by the tokenization system, the PAN and the length of the PAN and the unique identifier into an aggregated record;
  
  encrypting, by the tokenization system, the aggregated record using an encryption key to generate an encrypted record;
  
  generating, by the tokenization system, a token key identifier that identifies a second memory address of a second record of the token database, different from the first record;
  
  storing the encrypted record, the token key identifier, and the unique identifier, by the tokenization system, in the first record of the token database at the first memory address;
  
  storing, by the tokenization system in the second record of the token database at the second memory address, an identification of the encryption key;
  
  transmitting, by the communication interface, a token comprising the first memory address and the timestamp to the vendor;
  
  subsequently receiving, by the communication interface from a payment processing system, the token;
  
  extracting, by the tokenization system, the first memory address and the unique identifier from the token;
  
  retrieving, by the tokenization system from the first memory address, the token key identifier identifying the second memory address;
  
  retrieving, by the tokenization system from the second memory address, the identification of the encryption key;
  
  decrypting, by the tokenization system, the aggregated record with the encryption key;
  
  extracting, by the tokenization system, the unique identifier from the aggregated record;
  
  determining, by the tokenization system, that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token; and
  
  responsive to the determination, transmitting, by the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the token is generated without generating a random number.
  - 3. The method of claim 1, wherein the token further comprises token information representing a version of the token.
  - 4. The method of claim 1, further comprising determining, by the tokenization system, that the length of the PAN is less than a predetermined length, and padding the PAN to the predetermined length responsive to the determination that the length of the PAN is less than the predetermined length.

5. A system, comprising:
- a device comprising a processor, a communication interface, and a memory storing a token database and computer executable instructions that, when executed by the processor, cause the processor to perform operations of;
  
  receiving, via the communication interface from a billing service acting as a billing agent of a vendor, payment information relating to a purchase of a product and/or service from the vendor,identifying a first memory address of a first record of the token database,generating a unique identifier comprising a timestamp,determining, from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor,aggregating the PAN and the length of the PAN and the unique identifier into an aggregated record,encrypting, the aggregated record using an encryption key to generate an encrypted record,generating a token key identifier that identifies a second memory address of a second record of the token database, different from the first record,storing the encrypted record, the token key identifier, and the unique identifier in the first record of the token database at the first memory address,storing, in the second record of the token database at the second memory address, an identification of the encryption key,transmitting, via the communication interface, a token comprising the first memory address and the timestamp to the vendor,subsequently receiving, via the communication interface from a payment processing system, the token,extracting the first memory address and the unique identifier from the token,retrieving, from the first memory address, the token key identifier identifying the second memory address,retrieving, from the second memory address, the identification of the encryption key,decrypting the aggregated record with the encryption key,extracting the unique identifier from the aggregated record,determining that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token, andresponsive to the determination, transmitting, via the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein the token is generated without generating a random number.
  - 7. The system of claim 5, wherein the token further comprises token information representing a version of the token.
  - 8. The system of claim 5, wherein the operation further comprises determining that the length of the PAN is less than a predetermined length, and padding the PAN to the predetermined length responsive to the determination that the length of the PAN is less than the predetermined length.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Carbonite LLC (Open Text Corporation)
Original Assignee
Carbonite Incorporated (Open Text Corporation)
Inventors
Golin, Eric J.
Primary Examiner(s)
Kim, Steven

Application Number

US13/671,178
Time in Patent Office

1,651 Days
Field of Search

705 64, 713193
US Class Current
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 20/385   using an alias or single-us...

Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others