Tokenization in mobile environments

US 9,721,249 B2
Filed: 11/07/2016
Issued: 08/01/2017
Est. Priority Date: 02/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method for tokenizing data, comprising:

receiving, at an input/output interface of a communication system, information associated with an interaction between a user and the communication system;

generating, by a token server of the communication system, a first set of token tables, each token table in the first set of token tables mapping each of a plurality of input values to a different token value;

tokenizing, by a security engine of the communication system, the received information based on the first set of token tables to form first tokenized information;

transmitting, by the input/output interface of the communication system, the first tokenized information to a central server communicatively coupled to a network associated with the interaction;

transmitting, by the input/output interface of the communication system, the first set of token tables to a central security system communicatively coupled to both the communication system and the central server;

receiving, at the central server and from the central security system, the first set of token tables generated by the communication system and a second set of token tables generated by the central security system, each token table in the second set of token tables mapping each of a plurality of input values to a different token value;

detokenizing, by the central server, the first tokenized information based on the first set of token tables generated by the communication system;

tokenizing, by the central server, the detokenized information based on the second set of token tables generated by the central security system to form second tokenized information; and

transmitting, by the central server, the second tokenized information to the network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.

Citations

20 Claims

1. A method for tokenizing data, comprising:
- receiving, at an input/output interface of a communication system, information associated with an interaction between a user and the communication system;
  
  generating, by a token server of the communication system, a first set of token tables, each token table in the first set of token tables mapping each of a plurality of input values to a different token value;
  
  tokenizing, by a security engine of the communication system, the received information based on the first set of token tables to form first tokenized information;
  
  transmitting, by the input/output interface of the communication system, the first tokenized information to a central server communicatively coupled to a network associated with the interaction;
  
  transmitting, by the input/output interface of the communication system, the first set of token tables to a central security system communicatively coupled to both the communication system and the central server;
  
  receiving, at the central server and from the central security system, the first set of token tables generated by the communication system and a second set of token tables generated by the central security system, each token table in the second set of token tables mapping each of a plurality of input values to a different token value;
  
  detokenizing, by the central server, the first tokenized information based on the first set of token tables generated by the communication system;
  
  tokenizing, by the central server, the detokenized information based on the second set of token tables generated by the central security system to form second tokenized information; and
  
  transmitting, by the central server, the second tokenized information to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the received information comprises information associated with a user account.
  - 3. The method of claim 1, wherein the received information comprises information identifying the user.
  - 4. The method of claim 1, wherein the received information comprises information describing the interaction.
  - 5. The method of claim 1, wherein the received information comprises information describing the network.
  - 6. The method of claim 1, wherein the first set of token tables and the second set of token tables are each generated based on a type of the interaction.
  - 7. The method of claim 1, wherein the first set of token tables further comprises a first encryption algorithm and wherein the second set of token tables further comprises a second encryption algorithm.
  - 8. The method of claim 7, further comprising:
    - encrypting, by the communication system, the first tokenized information based on the first encryption algorithm;
      
      decrypting, by the central server, the first tokenized information based on the first encryption algorithm; and
      
      encrypting, by the central server, the second tokenized information based on the second encryption algorithm.
  - 9. The method of claim 1, wherein the first set of token tables further comprises a first initialization vector (“
    - IV”
      
      ) and a first IV modification operation, and wherein the second set of token tables further comprises a second IV and a second IV modification operation.
  - 10. The method of claim 9, further comprising:
    - modifying, by the communication system, the first tokenized information with the first IV based on the first IV modification operation;
      
      demodifying, by the central server, the first tokenized information with the first IV based on the first IV modification operation; and
      
      modifying, by the central server, the second tokenized information with the second IV based on the second IV modification operation.

11. A system for tokenizing data, comprising:
- a communication system, configured to;
  
  receive, at an input/output interface of the communication system, information associated with an interaction between a user and the communication system;
  
  generate, by a token server of the communication system, a first set of token tables, each token table in the first set of token tables mapping each of a plurality of input values to a different token value;
  
  tokenize, by a security engine of the communication system, the received information based on the first set of token tables to form first tokenized information;
  
  transmit, by the input/output interface of the communication system, the first tokenized information to a central server communicatively coupled to a network associated with the interaction; and
  
  transmit, by the input/output interface of the communication system, the first set of token tables to a central security system communicatively coupled to both the communication system and the central server; and
  
  a central server, configured to;
  
  receive, from the central security system, the first set of token tables generated by the communication system and a second set of token tables generated by the central security system, each token table in the second set of token tables mapping each of a plurality of input values to a different token value;
  
  detokenize the first tokenized information based on the first set of token tables generated by the communication system;
  
  tokenize the detokenized information based on the second set of token tables generated by the central security system to form second tokenized information; and
  
  transmit the second tokenized information to the network.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the received information comprises information associated with a user account.
  - 13. The system of claim 11, wherein the received information comprises information identifying the user.
  - 14. The system of claim 11, wherein the received information comprises information describing the interaction.
  - 15. The system of claim 11, wherein the received information comprises information describing the network.
  - 16. The system of claim 11, wherein the first set of token tables and the second set of token tables are each generated based on a type of the interaction.
  - 17. The system of claim 11, wherein the first set of token tables further comprises a first encryption algorithm and wherein the second set of token tables further comprises a second encryption algorithm.
  - 18. The system of claim 17, wherein the communication system is further configured to encrypt the first tokenized information based on the first encryption algorithm, and wherein the central server is further configured to decrypt the first tokenized information based on the first encryption algorithm and encrypt the second tokenized information based on the second encryption algorithm.
  - 19. The system of claim 11, wherein the first set of token tables further comprises a first initialization vector (“
    - IV”
      
      ) and a first IV modification operation, and wherein the second set of token tables further comprises a second IV and a second IV modification operation.
  - 20. The system of claim 19, wherein the communication system is further configured to modify the first tokenized information with the first IV based on the first IV modification operation, and wherein the central server is further configured to demodify the first tokenized information with the first IV based on the first IV modification operation and modify the second tokenized information with the second IV based on the second IV modification operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity US Holding LLC
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf, Rozenberg, Yigal
Primary Examiner(s)
LE, CHAU D

Application Number

US15/344,980
Publication Number

US 20170053270A1
Time in Patent Office

267 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3223   Realising banking transacti...

G06Q 20/326   Payment applications instal...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/4014   Identity check for transact...

G06Q 20/405   Establishing or using trans...

G06Q 2220/00   Business processing using c...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

Tokenization in mobile environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tokenization in mobile environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links