Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens
First Claim
1. A method for generating a token to identify payment information relating to a purchase of a product and/or service from a vendor, the method comprising:
- receiving the payment information, by a communications interface of a device, from a billing service acting as a billing agent of the vendor;
identifying, by a tokenization system executed by a processor of the device, a first memory address of a first record of a token database;
generating, by the tokenization system, a unique identifier comprising a timestamp;
determining, by the tokenization system from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor;
aggregating, by the tokenization system, the PAN and the length of the PAN and the unique identifier into an aggregated record;
encrypting, by the tokenization system, the aggregated record using an encryption key to generate an encrypted record;
generating, by the tokenization system, a token key identifier that identifies a second memory address of a second record of the token database, different from the first record;
storing the encrypted record, the token key identifier, and the unique identifier, by the tokenization system, in the first record of the token database at the first memory address;
storing, by the tokenization system in the second record of the token database at the second memory address, an identification of the encryption key;
transmitting, by the communication interface, a token comprising the first memory address and the timestamp to the vendor;
subsequently receiving, by the communication interface from a payment processing system, the token;
extracting, by the tokenization system, the first memory address and the unique identifier from the token;
retrieving, by the tokenization system from the first memory address, the token key identifier identifying the second memory address;
retrieving, by the tokenization system from the second memory address, the identification of the encryption key;
decrypting, by the tokenization system, the aggregated record with the encryption key;
extracting, by the tokenization system, the unique identifier from the aggregated record;
determining, by the tokenization system, that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token; and
responsive to the determination, transmitting, by the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record.
9 Assignments
0 Petitions
Accused Products
Abstract
A token is generated and processed as a substitute for sensitive information, e.g., payment information associated with a customer making a purchase of a product/service from a vendor. The customer'"'"'s payment information is encrypted and stored in a first memory record of a secure computer system. A token is generated that includes memory-related information identifying the first memory record, and the token is transmitted to the vendor for storage in a customer record. To facilitate payment for the purchase, the vendor transmits the token to another party (e.g., a billing service or payment processor), and the encrypted payment information is read from the first memory record of the secure computer system based on the memory-related information in the token. The encrypted payment information is then decrypted to recover the payment information which is then used to effect payment.
62 Citations
8 Claims
-
1. A method for generating a token to identify payment information relating to a purchase of a product and/or service from a vendor, the method comprising:
-
receiving the payment information, by a communications interface of a device, from a billing service acting as a billing agent of the vendor; identifying, by a tokenization system executed by a processor of the device, a first memory address of a first record of a token database; generating, by the tokenization system, a unique identifier comprising a timestamp; determining, by the tokenization system from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor; aggregating, by the tokenization system, the PAN and the length of the PAN and the unique identifier into an aggregated record; encrypting, by the tokenization system, the aggregated record using an encryption key to generate an encrypted record; generating, by the tokenization system, a token key identifier that identifies a second memory address of a second record of the token database, different from the first record; storing the encrypted record, the token key identifier, and the unique identifier, by the tokenization system, in the first record of the token database at the first memory address; storing, by the tokenization system in the second record of the token database at the second memory address, an identification of the encryption key; transmitting, by the communication interface, a token comprising the first memory address and the timestamp to the vendor; subsequently receiving, by the communication interface from a payment processing system, the token; extracting, by the tokenization system, the first memory address and the unique identifier from the token; retrieving, by the tokenization system from the first memory address, the token key identifier identifying the second memory address; retrieving, by the tokenization system from the second memory address, the identification of the encryption key; decrypting, by the tokenization system, the aggregated record with the encryption key; extracting, by the tokenization system, the unique identifier from the aggregated record; determining, by the tokenization system, that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token; and responsive to the determination, transmitting, by the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
a device comprising a processor, a communication interface, and a memory storing a token database and computer executable instructions that, when executed by the processor, cause the processor to perform operations of; receiving, via the communication interface from a billing service acting as a billing agent of a vendor, payment information relating to a purchase of a product and/or service from the vendor, identifying a first memory address of a first record of the token database, generating a unique identifier comprising a timestamp, determining, from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor, aggregating the PAN and the length of the PAN and the unique identifier into an aggregated record, encrypting, the aggregated record using an encryption key to generate an encrypted record, generating a token key identifier that identifies a second memory address of a second record of the token database, different from the first record, storing the encrypted record, the token key identifier, and the unique identifier in the first record of the token database at the first memory address, storing, in the second record of the token database at the second memory address, an identification of the encryption key, transmitting, via the communication interface, a token comprising the first memory address and the timestamp to the vendor, subsequently receiving, via the communication interface from a payment processing system, the token, extracting the first memory address and the unique identifier from the token, retrieving, from the first memory address, the token key identifier identifying the second memory address, retrieving, from the second memory address, the identification of the encryption key, decrypting the aggregated record with the encryption key, extracting the unique identifier from the aggregated record, determining that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token, and responsive to the determination, transmitting, via the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record. - View Dependent Claims (6, 7, 8)
-
Specification