Systems and methods for secure detokenization
First Claim
Patent Images
1. A method comprising:
- receiving, by a second token provider computer, from a requestor computer, a de-tokenization request comprising a requestor certificate and a second token generated by the second token provider computer, the requestor certificate including a requestor public key;
determining, by the second token provider computer, a first token associated with the second token, wherein the first token was generated by a first token provider computer;
replacing, by the second token provider computer, the second token with the first token in the de-tokenization request; and
forwarding, by the second token provider computer, the de-tokenization request with the requestor certificate and the first token to the first token provider computer, wherein the first token provider computer returns a credential associated with the first token to the requestor computer, wherein the credential returned to the requestor computer is encrypted using the requestor public key, and wherein the requestor certificate indicates that the requestor computer is authorized to receive the credential.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor'"'"'s authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.
-
Citations
22 Claims
-
1. A method comprising:
-
receiving, by a second token provider computer, from a requestor computer, a de-tokenization request comprising a requestor certificate and a second token generated by the second token provider computer, the requestor certificate including a requestor public key; determining, by the second token provider computer, a first token associated with the second token, wherein the first token was generated by a first token provider computer; replacing, by the second token provider computer, the second token with the first token in the de-tokenization request; and forwarding, by the second token provider computer, the de-tokenization request with the requestor certificate and the first token to the first token provider computer, wherein the first token provider computer returns a credential associated with the first token to the requestor computer, wherein the credential returned to the requestor computer is encrypted using the requestor public key, and wherein the requestor certificate indicates that the requestor computer is authorized to receive the credential. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A second token provider computer comprising:
-
a processor; and a computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising; receiving from a requestor computer, a de-tokenization request comprising a requestor certificate and a second token generated by the second token provider computer, the requestor certificate including a requestor public key; determining a first token associated with the second token, wherein the first token was generated by a first token provider computer; replacing the second token with the first token in the requestor certificate; and forwarding the de-tokenization request to the first token provider computer, wherein the first token provider computer returns a credential associated with the first token to the requestor computer, wherein the credential returned to the requestor computer is encrypted using the requestor public key, and wherein the requestor certificate indicates that the requestor is authorized to receive the credential. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving, by a first token provider computer, from a second token provider computer, a de-tokenization request comprising a first token generated by the first token provider computer and a requestor certificate associated with a requestor computer, wherein the de-tokenization request originated from the requestor computer, and wherein the second token provider computer replaced a second token with the first token in the de-tokenization request; determining, by the first token provider computer, a credential associated with the first token; determining, by the first token provider computer, that the requestor computer is authorized to receive the credential; encrypting, by the first token provider computer, the credential with a public key included in the requestor certificate; and sending, by the first token provider computer, a de-tokenization response to the requestor computer, the de-tokenization response including the encrypted credential. - View Dependent Claims (12, 13, 19, 20, 21, 22)
-
-
14. A first token provider computer comprising:
-
a processor; and a computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising; receiving from a second token provider computer, a de-tokenization request comprising a first token generated by the first token provider computer and a requestor certificate associated with a requestor computer, wherein the de-tokenization request originated from the requestor computer, and wherein the second token provider computer replaced a second token with the first token in the de-tokenization request; determining a credential associated with the first token; determining that the requestor computer is authorized to receive the credential; encrypting the credential with a public key included in the requestor certificate; and sending a de-tokenization response to the requestor computer, the de-tokenization response including the encrypted credential. - View Dependent Claims (15, 16, 17, 18)
-
Specification