Tokenization in mobile environments

US 9,904,923 B2
Filed: 06/26/2017
Issued: 02/27/2018
Est. Priority Date: 02/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method for tokenizing data, comprising:

receiving, at an input/output interface of a communication system, information associated with an interaction between a user and the communication system;

generating, by a token server of the communication system, a first set of token tables, each token table in the first set of token tables mapping each of a plurality of input values to a different token value;

tokenizing, by a security engine of the communication system, the received information using the first set of token tables to form first tokenized information;

transmitting, by the input/output interface of the communication system, the first set of token tables to a central security system communicatively coupled to both the communication system and a central server communicatively coupled to a network associated with the interaction; and

transmitting, by the input/output interface of the communication system, the first tokenized information to the central server, the central server configured to receive the first set of token tables and a second set of token tables from the central security system, each token table in the second set of token tables mapping each of a plurality of input values to a different token value, and further configured to tokenize the first tokenized information using the second set of token tables to form second tokenized information and to transmit the second tokenized information to the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.

111 Citations

20 Claims

1. A method for tokenizing data, comprising:
- receiving, at an input/output interface of a communication system, information associated with an interaction between a user and the communication system;
  
  generating, by a token server of the communication system, a first set of token tables, each token table in the first set of token tables mapping each of a plurality of input values to a different token value;
  
  tokenizing, by a security engine of the communication system, the received information using the first set of token tables to form first tokenized information;
  
  transmitting, by the input/output interface of the communication system, the first set of token tables to a central security system communicatively coupled to both the communication system and a central server communicatively coupled to a network associated with the interaction; and
  
  transmitting, by the input/output interface of the communication system, the first tokenized information to the central server, the central server configured to receive the first set of token tables and a second set of token tables from the central security system, each token table in the second set of token tables mapping each of a plurality of input values to a different token value, and further configured to tokenize the first tokenized information using the second set of token tables to form second tokenized information and to transmit the second tokenized information to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the received information comprises information associated with a user account.
  - 3. The method of claim 1, wherein the received information comprises information identifying the user.
  - 4. The method of claim 1, wherein the received information comprises information describing the interaction.
  - 5. The method of claim 1, wherein the received information comprises information describing the network.
  - 6. The method of claim 1, wherein the first set of token tables and the second set of token tables are each generated based on a type of the interaction.
  - 7. The method of claim 1, wherein the first set of token tables further comprises a first encryption algorithm and wherein the second set of token tables further comprises a second encryption algorithm.
  - 8. The method of claim 7, further comprising:
    - encrypting, by the communication system, the first tokenized information based on the first encryption algorithm;
      
      decrypting, by the central server, the first tokenized information based on the first encryption algorithm; and
      
      encrypting, by the central server, the second tokenized information based on the second encryption algorithm.
  - 9. The method of claim 1, wherein the first set of token tables further comprises a first initialization vector (“
    - IV”
      
      ) and a first IV modification operation, and wherein the second set of token tables further comprises a second IV and a second IV modification operation.
  - 10. The method of claim 9, further comprising:
    - modifying, by the communication system, the first tokenized information with the first IV based on the first IV modification operation;
      
      demodifying, by the central server, the first tokenized information with the first IV based on the first IV modification operation; and
      
      modifying, by the central server, the second tokenized information with the second IV based on the second IV modification operation.

11. A system for tokenizing data, comprising:
- a communication system, configured to;
  
  receive, at an input/output interface of the communication system, information associated with an interaction between a user and the communication system;
  
  generate, by a token server of the communication system, a first set of token tables, each token table in the first set of token tables mapping each of a plurality of input values to a different token value;
  
  tokenize, by a security engine of the communication system, the received information using on the first set of token tables to form first tokenized information;
  
  transmit, by the input/output interface of the communication system, the first set of token tables to a central security system communicatively coupled to both the communication system and a central server communicatively coupled to a network associated with the interaction; and
  
  transmit, by the input/output interface of the communication system, the first tokenized information to the central, the central server configure to receive the first set of token tables and a second set of token tables from the central security system, each token table in the second set of token tables mapping each of a plurality of input values to a different token value, and further configured to tokenize the first tokenized information using the second set of token tables to form second tokenized information and to transmit the second tokenized information to the network.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the received information comprises information associated with a user account.
  - 13. The system of claim 11, wherein the received information comprises information identifying the user.
  - 14. The system of claim 11, wherein the received information comprises information describing the interaction.
  - 15. The system of claim 11, wherein the received information comprises information describing the network.
  - 16. The system of claim 11, wherein the first set of token tables and the second set of token tables are each generated based on a type of the interaction.
  - 17. The system of claim 11, wherein the first set of token tables further comprises a first encryption algorithm and wherein the second set of token tables further comprises a second encryption algorithm.
  - 18. The system of claim 17, wherein the communication system is further configured to encrypt the first tokenized information based on the first encryption algorithm, and wherein the central server is further configured to decrypt the first tokenized information based on the first encryption algorithm and encrypt the second tokenized information based on the second encryption algorithm.
  - 19. The system of claim 11, wherein the first set of token tables further comprises a first initialization vector (“
    - IV”
      
      ) and a first IV modification operation, and wherein the second set of token tables further comprises a second IV and a second IV modification operation.
  - 20. The system of claim 19, wherein the communication system is further configured to modify the first tokenized information with the first IV based on the first IV modification operation, and wherein the central server is further configured to demodify the first tokenized information with the first IV based on the first IV modification operation and modify the second tokenized information with the second IV based on the second IV modification operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf, Rozenberg, Yigal
Primary Examiner(s)
LE, CHAU D

Application Number

US15/632,690
Publication Number

US 20170293915A1
Time in Patent Office

246 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3223   Realising banking transacti...

G06Q 20/326   Payment applications instal...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/4014   Identity check for transact...

G06Q 20/405   Establishing or using trans...

G06Q 2220/00   Business processing using c...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

Tokenization in mobile environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

111 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tokenization in mobile environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links