PRIVACY IDENTIFIER REMEDIATION

US 20080263645A1
Filed: 04/23/2007
Published: 10/23/2008
Est. Priority Date: 04/23/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of privacy identifier remediation, comprising the steps of:

capturing a privacy identifier at a front end server;

forwarding the privacy identifier to a secure server installation;

at the secure server installation, obtaining a token to replace the privacy identifier, the token being unique and meaningless in relation to the privacy identifier;

forwarding the token from the secure server installation to a back end server; and

processing the token as a proxy for the privacy identifier at the back end server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure server installation is provided that abstracts credit card identifiers from its server, network, application and database environments, thus reducing investment in securing, segregating and/or isolating these environments in their entirety. The secure server installation intercepts credit card transactions sent from front end applications to back end applications, and forwards tokens in replacement of credit card identifiers for processing by the back end applications.

The same secure server installation can be applied for the encryption, storage (data-at-rest), transmission of private data within a network of other private or sensitive data not limited to social insurance numbers, drivers license numbers, phone numbers, bank account numbers, etc.

70 Citations

View as Search Results

32 Claims

1. A method of privacy identifier remediation, comprising the steps of:
- capturing a privacy identifier at a front end server;
  
  forwarding the privacy identifier to a secure server installation;
  
  at the secure server installation, obtaining a token to replace the privacy identifier, the token being unique and meaningless in relation to the privacy identifier;
  
  forwarding the token from the secure server installation to a back end server; and
  
  processing the token as a proxy for the privacy identifier at the back end server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 in which obtaining the token comprises:
    - checking for a pre-existing token corresponding to the privacy identifier;
      
      if there is a pre-existing token corresponding to the privacy identifier, then forwarding the pre-existing token in replacement of the privacy identifier; and
      
      if there is no pre-existing token corresponding to the privacy identifier, then generating a token and forwarding the generated token in replacement of the privacy identifier.
  - 3. The method of claim 2 in which:
    - generating a token is carried out in a token management server; and
      
      pre-existing tokens are stored in a storage medium managed by a database server.
  - 4. The method of claim 2 in which generating the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
  - 5. The method of claim 1 further comprising:
    - requesting private information identifier validation by generating a validation request message for sending to a private information validation server, the validation request message containing the token;
      
      at the secure server installation, replacing the token in the validation request message by the private information identifier; and
      
      forwarding the validation request message to the private information validation server.
  - 6. The method of claim 1 further comprising the step of:
    - encrypting the privacy identifier at the secure server installation to generate an encrypted privacy identifier with a keyed hash the privacy identifier; and
      
      associating the token with the encrypted privacy identifier.
  - 7. The method of claim 6 in which:
    - encrypting the privacy identifier is carried out at a secure encryption server; and
      
      associating the token with the encrypted privacy identifier is carried out at a token management server.
  - 8. The method of claim 7 in which obtaining the token comprises:
    - checking for a pre-existing token corresponding to the privacy identifier with the search of the keyed hash of the privacy identifier;
      
      if there is a pre-existing token corresponding to the privacy identifier, then forwarding the pre-existing token in replacement of the privacy identifier; and
      
      if there is no pre-existing token corresponding to the privacy identifier, then generating a token and forwarding the generated token in replacement of the privacy identifier.
  - 9. The method of claim 8 in which:
    - generating a token is carried out in the token management server; and
      
      pre-existing tokens are stored in a storage medium managed by a database server.
  - 10. The method of claim 9 in which generating the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
  - 11. The method of claim 10 further comprising:
    - requesting privacy identifier validation by generating a validation request message for sending to a private information validation server, the validation request message containing the token;
      
      at the secure server installation, replacing the token in the validation request message by the privacy identifier; and
      
      forwarding the validation request message to the private information validation server.
  - 12. The process of claim 1 in which the privacy identifier comprises a credit card number.
  - 13. Apparatus configured to carry out the steps of method claim 1.

14. A method of privacy identifier remediation, comprising the steps of:
- capturing a privacy identifier at a front end server;
  
  forwarding the privacy identifier to a secure server installation;
  
  at the secure server installation, encrypting the privacy identifier to generate an encrypted privacy identifier with the keyed hash of the privacy identifier, generating a token uniquely associated with the privacy identifier, the token being meaningless in relation to the privacy identifier and storing the token and encrypted privacy identifier;
  
  forwarding the token to a back end server; and
  
  processing the token as a proxy for the privacy identifier at the back end server.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 further comprising the steps of:
    - requesting privacy identifier validation by generating a validation request message for sending to a private information validation server, the validation request message containing the token;
      
      at the secure server installation, replacing the token in the validation request message by the privacy identifier; and
      
      forwarding the validation request message to the private information validation server.
  - 16. The method of claim 15 further comprising confirming transaction completion after validation of the privacy identifier at the privacy validation server.
  - 17. The method of claim 16 in which the privacy identifier comprises a credit card number.

18. A method of credit card identifier remediation, comprising the steps of:
- receiving a credit card processing request, the request containing a credit card identifier;
  
  obtaining a token to replace the credit card identifier, the token being unique and meaningless in relation to the credit card identifier; and
  
  forwarding the token for processing as a proxy for the credit card identifier.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. The method of claim 18 in which obtaining the token comprises:
    - checking for a pre-existing token corresponding to the credit card identifier;
      
      if there is a pre-existing token corresponding to the credit card identifier, then forwarding the pre-existing token in replacement of the credit card identifier; and
      
      if there is no pre-existing token corresponding to the credit card identifier, then generating a token and forwarding the generated token in replacement of the credit card identifier.
  - 20. The method of claim 19 in which checking for a pre-existing token is carried out by searching for a keyed hash of the credit card identifier associated with the token.
  - 21. The method of claim 19 in which:
    - generating a token is carried out in a token management server; and
      
      pre-existing tokens are stored in a storage medium managed by a database server.
  - 22. The method of claim 18 in which obtaining the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
  - 23. The method of claim 18 further comprising the step of:
    - encrypting the credit card identifier to generate an encrypted credit card identifier; and
      
      associating the token with the encrypted credit card identifier.
  - 24. The method of claim 23 in which:
    - encrypting the credit card and the keyed hash of the credit card identifier is carried out at a secure encryption server; and
      
      associating the token with the encrypted credit card identifier is carried out at a token management server.
  - 25. The method of claim 24 in which obtaining the token comprises:
    - checking for a pre-existing token corresponding to the credit card identifier;
      
      if there is a pre-existing token corresponding to the credit card identifier, then forwarding the pre-existing token in replacement of the credit card identifier; and
      
      if there is no pre-existing token corresponding to the credit card identifier, then generating a token and forwarding the generated token in replacement of the credit card identifier.
  - 26. The method of claim 25 in which checking for a pre-existing token is carried out by searching for a keyed hash of the credit card identifier associated with the token
  - 27. The method of claim 26 in which:
    - generating a token is carried out in the token management server; and
      
      pre-existing tokens are stored in a storage medium managed by a database server.
  - 28. The method of claim 27 in which generating the token comprises looking up an ordered sequence of tokens and selecting an unused token from the ordered sequence of tokens.
  - 29. Apparatus configured to carry out the steps of method claim 18.

30. A secure server installation, comprising:
- one or more servers connected via a firewall to a network router; and
  
  the one or more servers being configured to;
  
  receive a privacy processing request, the request containing a privacy identifier;
  
  encrypting the privacy identifier for safe storage of the encrypted privacy identifier, the encrypted privacy identifier being encrypted with a key for decryption;
  
  obtain a token to replace the privacy identifier, the token being unique and meaningless in relation to the privacy identifier; and
  
  forward the token for processing as a proxy for the privacy identifier.
- View Dependent Claims (31, 32)
- - 31. The secure server installation of claim 30 in which the one or more servers comprise:
    - a secure encryption server for carrying out encryption and decryption functions; and
      
      a token management server for coordinating selection of a token.
  - 32. The secure server installation of claim 31 in which the one or more servers comprise a database server for managing storage of tokens and encrypted privacy identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telus Communications Incorporated (Telus Corporation)
Original Assignee
Telus Communications Incorporated (Telus Corporation)
Inventors
Renter, Christopher K., Niles, Denis A.

Application Number

US11/739,031
Publication Number

US 20080263645A1
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/3672   initialising or reloading t...

G06Q 20/385   using an alias or single-us...

G06Q 20/403   Solvency checks

H04L 2463/102   applying security measure f...

H04L 63/0407   wherein the identity of one...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

PRIVACY IDENTIFIER REMEDIATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

PRIVACY IDENTIFIER REMEDIATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links