Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06Q-020/00
G06Q-020/38
출원번호
US-0671178
(2012-11-07)
등록번호
US-9652769
(2017-05-16)
발명자
/ 주소
Golin, Eric J.
출원인 / 주소
Carbonite, Inc.
대리인 / 주소
Foley & Lardner LLP
인용정보
피인용 횟수 :
2인용 특허 :
5
초록▼
A token is generated and processed as a substitute for sensitive information, e.g., payment information associated with a customer making a purchase of a product/service from a vendor. The customer's payment information is encrypted and stored in a first memory record of a secure computer system. A
A token is generated and processed as a substitute for sensitive information, e.g., payment information associated with a customer making a purchase of a product/service from a vendor. The customer's payment information is encrypted and stored in a first memory record of a secure computer system. A token is generated that includes memory-related information identifying the first memory record, and the token is transmitted to the vendor for storage in a customer record. To facilitate payment for the purchase, the vendor transmits the token to another party (e.g., a billing service or payment processor), and the encrypted payment information is read from the first memory record of the secure computer system based on the memory-related information in the token. The encrypted payment information is then decrypted to recover the payment information which is then used to effect payment.
대표청구항▼
1. A method for generating a token to identify payment information relating to a purchase of a product and/or service from a vendor, the method comprising: receiving the payment information, by a communications interface of a device, from a billing service acting as a billing agent of the vendor;ide
1. A method for generating a token to identify payment information relating to a purchase of a product and/or service from a vendor, the method comprising: receiving the payment information, by a communications interface of a device, from a billing service acting as a billing agent of the vendor;identifying, by a tokenization system executed by a processor of the device, a first memory address of a first record of a token database;generating, by the tokenization system, a unique identifier comprising a timestamp;determining, by the tokenization system from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor;aggregating, by the tokenization system, the PAN and the length of the PAN and the unique identifier into an aggregated record;encrypting, by the tokenization system, the aggregated record using an encryption key to generate an encrypted record;generating, by the tokenization system, a token key identifier that identifies a second memory address of a second record of the token database, different from the first record;storing the encrypted record, the token key identifier, and the unique identifier, by the tokenization system, in the first record of the token database at the first memory address;storing, by the tokenization system in the second record of the token database at the second memory address, an identification of the encryption key;transmitting, by the communication interface, a token comprising the first memory address and the timestamp to the vendor;subsequently receiving, by the communication interface from a payment processing system, the token;extracting, by the tokenization system, the first memory address and the unique identifier from the token;retrieving, by the tokenization system from the first memory address, the token key identifier identifying the second memory address;retrieving, by the tokenization system from the second memory address, the identification of the encryption key;decrypting, by the tokenization system, the aggregated record with the encryption key;extracting, by the tokenization system, the unique identifier from the aggregated record;determining, by the tokenization system, that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token; andresponsive to the determination, transmitting, by the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record. 2. The method of claim 1, wherein the token is generated without generating a random number. 3. The method of claim 1, wherein the token further comprises token information representing a version of the token. 4. The method of claim 1, further comprising determining, by the tokenization system, that the length of the PAN is less than a predetermined length, and padding the PAN to the predetermined length responsive to the determination that the length of the PAN is less than the predetermined length. 5. A system, comprising: a device comprising a processor, a communication interface, and a memory storing a token database and computer executable instructions that, when executed by the processor, cause the processor to perform operations of:receiving, via the communication interface from a billing service acting as a billing agent of a vendor, payment information relating to a purchase of a product and/or service from the vendor,identifying a first memory address of a first record of the token database,generating a unique identifier comprising a timestamp,determining, from the received payment information, a length of a primary account number (PAN) of an account used to purchase the product and/or service from the vendor,aggregating the PAN and the length of the PAN and the unique identifier into an aggregated record,encrypting, the aggregated record using an encryption key to generate an encrypted record,generating a token key identifier that identifies a second memory address of a second record of the token database, different from the first record,storing the encrypted record, the token key identifier, and the unique identifier in the first record of the token database at the first memory address,storing, in the second record of the token database at the second memory address, an identification of the encryption key,transmitting, via the communication interface, a token comprising the first memory address and the timestamp to the vendor,subsequently receiving, via the communication interface from a payment processing system, the token,extracting the first memory address and the unique identifier from the token,retrieving, from the first memory address, the token key identifier identifying the second memory address,retrieving, from the second memory address, the identification of the encryption key,decrypting the aggregated record with the encryption key,extracting the unique identifier from the aggregated record,determining that the unique identifier extracted from the aggregated record matches the unique identifier extracted from the token, andresponsive to the determination, transmitting, via the communication interface, the PAN to the payment processing system, the PAN extracted from the aggregated record. 6. The system of claim 5, wherein the token is generated without generating a random number. 7. The system of claim 5, wherein the token further comprises token information representing a version of the token. 8. The system of claim 5, wherein the operation further comprises determining that the length of the PAN is less than a predetermined length, and padding the PAN to the predetermined length responsive to the determination that the length of the PAN is less than the predetermined length.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Pieper, Philipp; Mayers, Rodney, Method for transmitting information from a first information provider to a second information provider via an information intermediary.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.