Token-based secure data management

US 9,756,023 B2
Filed: 08/12/2016
Issued: 09/05/2017
Est. Priority Date: 06/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising at least one computing device configured to implement one or more services, wherein the one or more services:

generates a token for sensitive user data, the token identifying a data type of the sensitive user data;

stores the sensitive user data to a first data storage service and nonsensitive data related to the sensitive data to a second data storage service;

provides, to a first entity, the token and the nonsensitive data, the token provided in place of the sensitive user data;

receives a request for the sensitive user data from a second entity, the request including the token;

identifies a set of sensitive user data from secure data stored in the first data storage service, individual sensitive user data items of the set of sensitive user data having a data type that matches the data type identified by the token;

generates a hash for individual sensitive user data items in the set of sensitive user data; and

provides the hash for the individual sensitive user data items in the set of sensitive user data to an entity not authorized to receive the sensitive user data associated with the set of sensitive user data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.

27 Citations

20 Claims

1. A system, comprising at least one computing device configured to implement one or more services, wherein the one or more services:
- generates a token for sensitive user data, the token identifying a data type of the sensitive user data;
  
  stores the sensitive user data to a first data storage service and nonsensitive data related to the sensitive data to a second data storage service;
  
  provides, to a first entity, the token and the nonsensitive data, the token provided in place of the sensitive user data;
  
  receives a request for the sensitive user data from a second entity, the request including the token;
  
  identifies a set of sensitive user data from secure data stored in the first data storage service, individual sensitive user data items of the set of sensitive user data having a data type that matches the data type identified by the token;
  
  generates a hash for individual sensitive user data items in the set of sensitive user data; and
  
  provides the hash for the individual sensitive user data items in the set of sensitive user data to an entity not authorized to receive the sensitive user data associated with the set of sensitive user data.
- View Dependent Claims (2, 3, 4)
- - 2. The system as recited in claim 1, wherein the sensitive user data is not provided by at least one of the one or more computing devices to the first entity.
  - 3. The system as recited in claim 1, wherein the one or more services further:
    - assigns a time to live to the sensitive user data;
      
      deletes the sensitive user data following expiration of the time to live; and
      
      as a result of deleting the sensitive user data, sends an instruction to the first entity to delete the token corresponding to the sensitive user data.
  - 4. The system as recited in claim 1, wherein the one or more services further:
    - receives a request for the sensitive user data from a third entity, wherein the request includes the token provided to the first; and
      
      provides a portion of the sensitive user data to the third entity in accordance with access policies for the third entity, the portion of the sensitive user data provided to the third entity being a different amount of the sensitive user data than an amount of the sensitive user data provided to the second entity.

5. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,generating a first token for sensitive data, the first token identifying a data type of the sensitive data;
  
  storing, in a memory, in association with the first token, the sensitive data as secure data in an encrypted form;
  
  providing nonsensitive data related to the sensitive data, and the first token in place of the sensitive data, to a first entity authorized to receive the nonsensitive data;
  
  identifying a set of secure data from the secure data stored in the memory, individual secure data of the set of secure data having a data type that matches the data type identified by the first token;
  
  generating a hash for individual secure data in the set of secure data; and
  
  providing the hash for individual secure data in the set of secure data to a second entity not authorized to receive the sensitive data associated with the set of secure data.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The method as recited in claim 5, further comprising:
    - assigning a time to live to the sensitive data;
      
      deleting the sensitive data following expiration of the time to live; and
      
      as a result of deleting the sensitive data, sending an instruction to the first entity to delete the token corresponding to the sensitive data.
  - 7. The method as recited in claim 5, wherein individual secure data of the set of secure data has been assigned a token within a specified period of time.
  - 8. The method as recited in claim 5, wherein the sensitive data is distinguished from the nonsensitive data based, at least in part, on indications related to fields of a form received from a user to provide the sensitive data and the nonsensitive data.
  - 9. The method as recited in claim 5, further comprising receiving the sensitive data from a server that separates the sensitive data from the nonsensitive data, the sensitive data having been encrypted by the server to prevent other entities from accessing the sensitive data.
  - 10. The method as recited in claim 5, further comprising:
    - receiving an application from one or more data consumers desiring to access the sensitive data and the nonsensitive data; and
      
      establishing access policies defining authorizations of individual members of the one or more data consumers to access the sensitive data and the nonsensitive data.
  - 11. The method as recited in claim 10, wherein the access policies specify that different data consumers are provided different amounts of the sensitive data in response to calls received using a same token.
  - 12. The method as recited in claim 5, further comprising:
    - receiving the first token from a data consumer as a request for the sensitive data;
      
      determining whether the data consumer is authorized to receive the sensitive data based at least in part on access policies established for the data consumer;
      
      encrypting the sensitive data to produce encrypted sensitive data; and
      
      providing the encrypted sensitive data to the data consumer in response to the request.
  - 13. The method as recited in claim 12, further comprising:
    - receiving an update to the access policies;
      
      receiving the first token from the data consumer as a request for the sensitive data; and
      
      providing only a portion of the sensitive data to the data consumer based on the update to the access policies.
  - 14. The method as recited in claim 5, further comprising:
    - assigning a time to live to the sensitive data; and
      
      deleting the sensitive data following expiration of the time to live.

15. One or more non-transitory computer-readable media storing computer-executable instructions that, as a result of being executed, cause one or more processors to:
- generating a first token for a first piece of sensitive data;
  
  storing, in a memory, the first piece of sensitive data as secure data;
  
  providing, to a first entity, a first nonsensitive data associated with the first piece of sensitive data, and the first token in place of the first piece of sensitive data;
  
  generating a second token for a second piece of sensitive data;
  
  providing the second token in place of the second piece of sensitive data to a second entity that maintains nonsensitive data associated with the second piece of sensitive data;
  
  generating a first hash associated with the first piece of sensitive data;
  
  generating a second hash associated with the second piece of sensitive data;
  
  determining that the first hash matches the second hash; and
  
  as a result of having determined that the first hash matches the second hash, indicating to the second entity that the first piece of sensitive data and the second piece of sensitive data are linked.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more non-transitory computer-readable media of claim 15, wherein the computer-executable instructions further cause the one or more processors to:
    - assign a time to live to the first piece of sensitive data;
      
      delete the first piece of sensitive data following expiration of the time to live; and
      
      as a result of deleting the first piece of sensitive data, send an instruction to the first entity to delete the token corresponding to the first piece of sensitive data.
  - 17. The one or more non-transitory computer-readable media as recited in claim 15, wherein the first token and the second token further include a same data type as part of the respective first token and second token.
  - 18. The one or more non-transitory computer-readable media as recited in claim 17, wherein the first token and the second token further include a same user identifier associated with a particular user as part of the respective first token and second token.
  - 19. The one or more non-transitory computer-readable media as recited in claim 15, wherein the first piece of sensitive data is received by the first entity as part of a first transaction and the second piece of sensitive data is received by the second entity as part of a second transaction.
  - 20. The one or more non-transitory computer-readable media as recited in claim 15, wherein the second piece of sensitive data is stored as a separate instance of the secure data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Kozolchyk, Jonathan, Canavor, Darren E., Fielding, Jeffrey J., Mallya, Vaibhav, McAdams, Darin Keith
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US15/235,687
Publication Number

US 20160352695A1
Time in Patent Office

389 Days
Field of Search

713185
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/102   Entity profiles

H04L 67/1097   for distributed storage of ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3239   involving non-keyed hash fu...

H04L 9/40   Network security protocols

Token-based secure data management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Token-based secure data management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links