Collision avoidance in a distributed tokenization environment

US 9,672,378 B2
Filed: 07/13/2015
Issued: 06/06/2017
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for tokenizing data comprising:

receiving, at a client, sensitive data to be tokenized;

querying a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to one input value;

responsive to a determination that the token table includes at least one token mapped to the value of the portion of the sensitive data, replacing the portion of the sensitive data with one of the at least one token to form tokenized data;

responsive to a determination that the token table does not include a token mapped to the value of the portion of the sensitive data;

generating a candidate token;

querying a central token management system communicatively coupled to the client with the candidate token to determine if a collision exists between the candidate token and a token generated by or stored at another client communicatively coupled to the central token management system, the central token management system configured to query one or more clients communicatively coupled to the central token management system to determine if the queried clients include a token equivalent to the candidate token; and

responsive to a determination that no collision exists, replacing the portion of the sensitive data with the candidate token to form tokenized data and storing the candidate token in the token table associated with the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

15 Citations

View as Search Results

17 Claims

1. A computer-implemented method for tokenizing data comprising:
- receiving, at a client, sensitive data to be tokenized;
  
  querying a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to one input value;
  
  responsive to a determination that the token table includes at least one token mapped to the value of the portion of the sensitive data, replacing the portion of the sensitive data with one of the at least one token to form tokenized data;
  
  responsive to a determination that the token table does not include a token mapped to the value of the portion of the sensitive data;
  
  generating a candidate token;
  
  querying a central token management system communicatively coupled to the client with the candidate token to determine if a collision exists between the candidate token and a token generated by or stored at another client communicatively coupled to the central token management system, the central token management system configured to query one or more clients communicatively coupled to the central token management system to determine if the queried clients include a token equivalent to the candidate token; and
  
  responsive to a determination that no collision exists, replacing the portion of the sensitive data with the candidate token to form tokenized data and storing the candidate token in the token table associated with the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - responsive to a determination that a collision exists;
      
      generating a second candidate token;
      
      querying the central token management system with the candidate token to determine if a collision exists between the second candidate token and a token generated by or stored at another client; and
      
      responsive to a determination that no collision exist, replacing the portion of the sensitive data with the second candidate token to form tokenized data and storing the second candidate token in the token table associated with the client.
  - 3. The method of claim 1, wherein storing the candidate token in the token table associated with the client comprises storing the candidate token, the value of the portion of the sensitive data, and an association between the candidate token and the value of the portion of the sensitive data in the token table.
  - 4. The method of claim 1, wherein the central token management system is configured to store tokens generated by each client communicatively coupled to the central token management system, and wherein determining if a collision exists comprises determining if a token stored by the central token management system is equivalent to the candidate token.
  - 5. The method of claim 1, further comprising, responsive to a determination that no collision exists, providing the candidate token to the central token management system for storage.
  - 6. The method of claim 1 wherein the sensitive data is one of:
    - a credit card number, a bank account number, a social security number, a driver'"'"'s license number, and a passport number.

7. A non-transitory computer-readable medium storing executable computer instructions for tokenizing data, the instructions configured to, when executed by a processor:
- receive, at a client, sensitive data to be tokenized;
  
  query a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to one input value;
  
  responsive to a determination that the token table includes at least one token mapped to the value of the portion of the sensitive data, replacing the portion of the sensitive data with one of the at least one tokens to form tokenized data;
  
  responsive to a determination that the token table does not include a token mapped to the value of the portion of the sensitive data;
  
  generate a candidate token;
  
  query a central token management system communicatively coupled to the client with the candidate token to determine if a collision exists between the candidate token and a token generated by or stored at another client communicatively coupled to the central token management system, the central token management system configured to query one or more clients communicatively coupled to the central token management system to determine if the queried clients include a token equivalent to the candidate token; and
  
  responsive to a determination that no collision exists, replace the portion of the sensitive data with the candidate token to form tokenized data and store the candidate token in the token table associated with the client.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer-readable medium of claim 7, further comprising instructions that when executed by the processor cause the processor to:
    - responsive to a determination that a collision exists;
      
      generate a second candidate token;
      
      query the central token management system with the candidate token to determine if a collision exists between the second candidate token and a token generated by or stored at another client; and
      
      responsive to a determination that no collision exist, replacing the portion of the sensitive data with the second candidate token to form tokenized data and storing the second candidate token in the token table associated with the client.
  - 9. The non-transitory computer-readable medium of claim 7, wherein storing the candidate token in the token table associated with the client comprises storing the candidate token, the value of the portion of the sensitive data, and an association between the candidate token and the value of the portion of the sensitive data in the token table.
  - 10. The non-transitory computer-readable medium of claim 7, wherein the central token management system is configured to store tokens generated by each client communicatively coupled to the central token management system, and wherein determining if a collision exists comprises determining if a token stored by the central token management system is equivalent to the candidate token.
  - 11. The non-transitory computer-readable medium of claim 7, further comprising instructions that when executed by the processor cause the processor to responsive to a determination that no collision exists, provide the candidate token to the central token management system for storage.
  - 12. The non-transitory computer-readable medium of claim 7 wherein the sensitive data is one of a credit card number, a bank account number, a social security number, a driver'"'"'s license number, and a passport number.

13. A system for tokenizing data comprising:
- a hardware processor; and
  
  a computer readable medium storing computer instructions configured to;
  
  receive, at a client, sensitive data to be tokenized;
  
  query a token table associated with the client with a portion of the sensitive data to determine if the token table includes a token mapped to a value of the portion of the sensitive data, the token table storing a plurality of tokens each mapped to one input value;
  
  responsive to a determination that the token table includes at least one token mapped to the value of the portion of the sensitive data, replacing the portion of the sensitive data with one of the at least one tokens to form tokenized data;
  
  responsive to a determination that the token table does not include a token mapped to the value of the portion of the sensitive data;
  
  generate a candidate token;
  
  query a central token management system communicatively coupled to the client with the candidate token to determine if a collision exists between the candidate token and a token generated by or stored at another client communicatively coupled to the central token management system, the central token management system configured to query one or more clients communicatively coupled to the central token management system to determine if the queried clients include a token equivalent to the candidate token; and
  
  responsive to a determination that no collision exists, replace the portion of the sensitive data with the candidate token to form tokenized data and store the candidate token in the token table associated with the client.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the computer readable medium further stores executable computer instructions configured to:
    - responsive to a determination that a collision exists;
      
      generate a second candidate token;
      
      query the central token management system with the candidate token to determine if a collision exists between the second candidate token and a token generated by or stored at another client; and
      
      responsive to a determination that no collision exist, replacing the portion of the sensitive data with the second candidate token to form tokenized data and storing the second candidate token in the token table associated with the client.
  - 15. The system of claim 13, wherein storing the candidate token in the token table associated with the client comprises storing the candidate token, the value of the portion of the sensitive data, and an association between the candidate token and the value of the portion of the sensitive data in the token table.
  - 16. The system of claim 13, wherein the central token management system is configured to store tokens generated by each client communicatively coupled to the central token management system, and wherein determining if a collision exists comprises determining if a token stored by the central token management system is equivalent to the candidate token.
  - 17. The system of claim 13, wherein the computer readable medium further stores executable computer instructions configured to responsive to a determination that no collision exists, provide the candidate token to the central token management system for storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf, Ferentz, Zvika
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Li, Mary

Application Number

US14/798,266
Publication Number

US 20150317492A1
Time in Patent Office

694 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24   Querying

G06F 16/24553   of query operations

G06F 21/6245   Protecting personal data, e...

G06F 21/6272   by registering files or doc...

H04L 9/0637   Modes of operation, e.g. ci...

Collision avoidance in a distributed tokenization environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Collision avoidance in a distributed tokenization environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links