US20120321078A1 - Key rotation and selective re-encryption for data security - Google Patents

Key rotation and selective re-encryption for data security Download PDF

Info

Publication number
US20120321078A1
US20120321078A1 US13/527,860 US201213527860A US2012321078A1 US 20120321078 A1 US20120321078 A1 US 20120321078A1 US 201213527860 A US201213527860 A US 201213527860A US 2012321078 A1 US2012321078 A1 US 2012321078A1
Authority
US
United States
Prior art keywords
key
data
new
encrypted
profile number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/527,860
Inventor
Jason Chambers
Theresa Robison
Dameion Dorsner
Sridhar Manickam
Daniel Konisky
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Silicon Valley Bank Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US13/527,860 priority Critical patent/US20120321078A1/en
Publication of US20120321078A1 publication Critical patent/US20120321078A1/en
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LIAISON TECHNOLOGIES, INC.
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LIAISON TECHNOLOGIES, INC.
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LIAISON TECHNOLOGIES, INC.
Assigned to LIAISON TECHNOLOGIES, INC. reassignment LIAISON TECHNOLOGIES, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: SILICON VALLEY BANK
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK CORRECTIVE ASSIGNMENT TO CORRECT THE LISTED PATENTS,NAMELY 5 NOS. LISTED AS PATENT NOS.(9590916,9344182,9650219,9588270,9294701),SHOULD BE LISTED AS APPLICATION NOS. PREVIOUSLY RECORDED ON REEL 047950 FRAME 0910. ASSIGNOR(S) HEREBY CONFIRMS THE SECURITY INTEREST. Assignors: LIAISON TECHNOLOGIES, INC.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/163Interprocessor communication
    • G06F15/173Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star, snowflake

Definitions

  • the following disclosure relates generally to data security applications and, more particularly, to systems and methods for maintaining data security using certificate-based mutual authentication.
  • Data encryption uses an encryption key to encrypt the sensitive data.
  • the resulting encrypted data sometimes called cipher text, can be stored in a database.
  • the encrypted data is generally larger than the original value, requiring more space. Storing the encryption key in the same place exposes the encrypted data to easy decryption if the database is compromised.
  • a method of selectively re-encrypting a subset of encrypted data values, for use in a data processing operation for protecting sensitive data includes the steps of: (1) establishing a data store for storing a plurality of records, wherein each record comprises an encrypted value associated with original sensitive data, and a key profile number associated with an encryption key that was used to generate the encrypted value; (2) identifying a compromised key and a compromised key profile number associated therewith; (3) generating a new key and a new key profile number associated therewith; (4) identifying in the data store a subset of records, wherein the subset is characterized by a key profile number that matches the compromised key profile number, and (5) for each record in the subset: (a) de-encrypting the encrypted value using the compromised key to reveal the original sensitive data; (b) re-encrypting the original sensitive data using the new key to generate a new encrypted data value; (c) replacing the encrypted value with the new encrypted data value; and (d) replacing the compromised key profile number with the new
  • each record further comprises a token value associated with the original sensitive data, and the method is executed without changing the token value.
  • the step of generating the new key includes generating an activation date associated therewith, and the step of identifying occurs after the activation date.
  • the method may also include activating a new encryption key on a future date, which includes the steps of: (6) establishing a data processing operation comprising a key manager for generating encryption keys, a token manager for encrypting sensitive data, and a data vault for storing encrypted data; (7) establishing a key management data store, in communication with the key manager, for storing a plurality of records, wherein each record comprises an encryption key, a key profile number, and an activation date; (8) generating a new record, comprising a new encryption key, a new key profile number, a new activation date; and (9) distributing the new record to the token manager for implementation of the new encryption key and the new key profile number upon reaching the activation date.
  • a method of encryption key retirement for use in a data processing operation for protecting sensitive data includes the steps of: (1) establishing a data processing operation comprising a key manager for generating encryption keys, a token manager for encrypting sensitive data, and a data vault for storing encrypted data; (2) establishing a data store, in communication with the data vault, for storing a plurality of records, wherein each record comprises an encrypted value associated with original sensitive data, and a key profile number associated with an encryption key that was used to generate the encrypted value; (3) identifying a compromised key and a compromised key profile number associated therewith; (4) generating a new key and a new key profile number associated therewith; (5) identifying in the data store a subset of records, wherein the subset is characterized by a key profile number that matches the compromised key profile number, and (6) for each record in the subset: (a) de-encrypting the encrypted value using the compromised key to reveal the original sensitive data; (b) re-encrypting the original sensitive data using the new key to generate a new
  • each record further comprises a token value associated with the original sensitive data, and wherein the method is executed without changing the token value.
  • the step of generating the new key includes generating an activation date associated therewith, and wherein the step of identifying occurs after the activation date.
  • FIG. 1 is an exemplary system architecture diagram, according to particular embodiments.
  • FIG. 2A is an illustration of sensitive data and a corresponding token, according to particular embodiments.
  • FIG. 2B is an illustration of sensitive data and a corresponding token, according to particular embodiments.
  • FIG. 3 is an illustration of a portion of an exemplary data store in a data vault, according to particular embodiments.
  • Ranges can be expressed herein as from “about” one particular value, and/or to “about” another particular value. When such a range is expressed, another aspect includes from the one particular value and/or to the other particular value. Similarly, when values are expressed as approximations, by use of the antecedent “about,” it will be understood that the particular value forms another aspect. It will be further understood that the endpoints of each of the ranges are significant both in relation to the other endpoint, and independently of the other endpoint.
  • the terms “optional” or “optionally” mean that the subsequently described event or circumstance may or may not occur, and that the description includes instances where said event or circumstance occurs and instances where it does not.
  • aspects of this disclosure relate to systems and methods for protecting and using sensitive data such as credit card numbers in compliance with regulations and best practices.
  • sensitive data such as credit card numbers in compliance with regulations and best practices.
  • the systems and methods are described herein primarily within the context of credit card numbers, the technology described herein is useful and applicable for protecting any type of sensitive data, such as social security numbers, passport numbers, license numbers, account numbers, payroll data, national health insurance numbers, personally-identifiable information (PII) such as name and date of birth, and the like.
  • PII personally-identifiable information
  • FIG. 1 illustrates the architecture for an exemplary system 100 , according to particular embodiments.
  • the system 100 as shown includes four distinct modules: a token manager 110 , a key manager 120 , a data vault 130 , and a client/application 140 .
  • the key manager 120 manages encryption keys that are used to encrypt sensitive data and permit only authorized users to reveal or otherwise access the sensitive data.
  • the encryption keys may be distributed to the token manager 110 for use in encryption and decryption functions.
  • the token manager 110 is a central part of the system 100 , providing tokenization, encryption, client management, event logging, and administrative functions. Tokenization describes the process of receiving sensitive data and generating a token to be used in its place.
  • the token manager 110 generates the token, encrypts the original sensitive data, and stores the encrypted data (cipher text) in the data vault 130 .
  • the encrypted data is stored only in the data vault 130 .
  • the token is a reference to the encrypted data; there is no mathematical relationship between a token and the encrypted data. Therefore, the token may be safely used throughout the system 100 , while the encrypted data it represents remains stored in the data vault 130 .
  • the token manager 110 ensures that there is a one-to-one relationship between the sensitive data and the generated token, so that referential integrity is maintained throughout the system 100 .
  • the data vault 130 is a depository such as a database for storing the tokens and the encrypted data.
  • the data vault does not store the encryption key, which is stored and controlled using the key manager 120 .
  • the data vault 130 may store a key profile number or other pointer that indicates which key was used to encrypt the data.
  • the token manager 110 may use a data access technology such as JDBC (Java Database Connectivity) to communicate with the data vault 130 .
  • JDBC Java Database Connectivity
  • the client or application 140 may be any of a variety of applications or platforms involved in the collection, handling, or processing of sensitive data.
  • the client/application 140 may be a financial application for processing or analyzing payments received by a business enterprise.
  • Another client/application 140 may be a point-of-sale device such as a cash register or payment card reader.
  • integration of client/applications 140 may be accomplished through SOAP/web services.
  • any application 140 that supports web services can be integrated with the token manager 110 and may be configured to make calls to tokenize/encrypt sensitive data or, if authorized, to decrypt/access the sensitive data.
  • the system 100 may include other modules depending on the implementation.
  • the system 100 may include a directory 150 includes a database for storing any type of data useful in the system 100 .
  • the directory 150 may include client IP addresses, hostnames, user identities, client role definitions, client permissions and data access policies, and the like.
  • the token manager 110 may use LDAP or another protocol for accessing and maintaining the directory 150 .
  • the system 100 may also include an administrator 152 with access to the token manager 110 .
  • the administrator 152 may use HTTP/S or another secure protocol for communicating with the token manager 110 .
  • the token manager 110 and the key manager 120 may be configured to generate security event messages via Syslog. These logs can be directed to an event log 154 which may include an event management application (SIEM) for logging, collecting, storing, analyzing, and/or reporting events.
  • SIEM event management application
  • the token manager 110 may also be configured to send e-mail alerts using an e-mail server 156 via SMTP or similar protocol.
  • the system 100 may also include a metadata store 158 .
  • the token manager 110 receives sensitive data from an application 140 along with a request to protect it, generates a token, and inserts the token in place of the sensitive data.
  • the key manager 120 supplies an encryption key to the token manager 110 , which then encrypts the sensitive data and stores the encrypted data (cipher text) in the data vault 130 .
  • Tokens can be used safely in any application or database without exposing the sensitive data.
  • the application 140 transmits a request (by web services call, for example) to the token manager 110 and presents the token.
  • the token manager 110 validates the credentials of the requesting application and, if authorized, looks-up the token in the data vault 130 , identifies the matching cipher text, decrypts the cipher text, and returns the original sensitive data back to the application 140 .
  • the system 100 ensures a one-to-one relationship between a token and the sensitive data it represents.
  • the data vault 130 contains a single encrypted version of each original sensitive data. Even when encryption keys change over time, there is only one instance of the encrypted value stored in the data vault 130 . In use, this means that the returned token will consistently represent the same original data throughout the system 100 , in different applications and across multiple data sets.
  • the token manager 110 in particular embodiments may be configured to generate a token that is structurally similar in length and format to that of the original sensitive data.
  • a token 200 a can be formatted to preserve any number of leading and trailing characters found in the original sensitive data 10 .
  • the head 202 a includes the leading six characters
  • the tail 206 a includes the trailing four
  • the body 204 a includes tokenized characters.
  • a token 200 b can be formatted to preserve both the length and the data type (alpha or numeric, and the like) of the original sensitive data 10 .
  • the head 202 b includes the leading six characters
  • the body 204 b includes six numeric characters
  • the tail 206 b includes the trailing four characters. Any number (including zero) of the leading and/or trailing characters from the original sensitive data 10 may be preserved.
  • the format-preserving tokenization process is also described in the commonly owned and co-pending U.S. patent application Ser. No. 13/040,133, entitled “System and Methods for Format Preserving Tokenization of Sensitive Information,” which is herein incorporated by reference in its entirety.
  • the task of generating a token may be accomplished in one or more steps performed by a token generation algorithm.
  • the token generation algorithm may be configured to generate a token that is independent of at least a portion of the data in a sensitive data string.
  • the key manager 120 in particular embodiments generates encryption keys and, together with the token manager 110 , controls the usage of keys throughout the system 100 . Keys can be changed monthly, quarterly, annually—any time the user wants or needs to change the encryption key currently in use. Key rotation can be implemented, for example, when the current key is compromised, corrupted, or otherwise not desirable. Key rotation is controlled and administered by the key manager 120 .
  • Key versioning allows the token manager 110 to automatically use the current key for encryption—and to access the past key when performing a decryption.
  • the key manager 120 assigns a version number, called a key profile number, which remains associated with a particular encryption key.
  • the token manager 110 maintains a record of which key profile number is associated with each encrypted value.
  • the data vault 130 in particular embodiments, maintains a data store 600 that includes at least a token 200 c , the associated encrypted data 620 , and the key profile number 610 associated with the encryption key that was used to create each item of encrypted data 620 . A portion of such a data store 600 is illustrated in FIG. 3 .
  • the key profile number 610 allows any component accessing the data store 600 in the data vault 130 to identify the encryption key that was used to create any particular item of encrypted data 620 . Even if the key is no longer in active use, the key profile number 610 can be used to lookup the associated encryption key 620 (stored and maintained by the key manager 120 ) and perform a decryption at any time.
  • Key versioning also allows users to create and distribute an encryption key for use at a later date; a feature called effective date key rotation.
  • each encryption key includes an associated key profile number 610 and an effective date.
  • the administrator 152 or other authorized user can generate a new key and a new key profile number, and assign an effective date in the future when the new key will be activated and available for use.
  • the new key can be distributed to the token manager 110 , but will not be used to encrypt data until the selected activation date and time.
  • the token manger 110 will automatically detect when the activation date is reached, and will use the new key without any further input or instruction from the key manager 120 or administrator 152 to initiate the key rotation.
  • Key retirement is desired when an encryption key is compromised, corrupted, stolen, or otherwise identified for de-activation.
  • the key profile number 610 allows the token manager 110 to de-activate or retire an encryption key so that it is never used again. All the encrypted data associated with that key should be decrypted and re-encrypted using a new key. This effort may impact many thousands or millions of encrypted data entries, depending on how long the compromised key was in active use.
  • the key profile number 610 allows the quick and effective identification of every item of encrypted data 620 associated with a compromised key.
  • the encryption key associated with key profile number “ 1313 ” has been compromised.
  • the key manager 120 or token manager 100 may access the data vault 130 where the data store 600 is maintained. Instead of searching line by line through the data store 600 , a simple query can be executed that will find all the data associated with the compromised key profile 613 . After this subset of data is identified, the following steps will effectively retire the compromised key. First, each item of encrypted data is retrieved and decrypted using the compromised key. Next, each item of data is re-encrypted using a new key, and the new encrypted data is stored. Also, the compromised key profile 613 is removed, and replaced with the new key profile number, which is also stored.
  • tokenized data string 200 c does not change, even when its associated key is retired and replaced with a new key.
  • key versioning and key retirement help to preserve the one-to-one relationship between the token and the data value.
  • the system can perform a selective re-encryption of data associated with any particular key profile number, or set of key profile numbers, at any time, without generating a new token.
  • the re-encryption process may be configured to run in the background, while all components and servers remain active, and without interfering with continued operation of the system.

Abstract

Systems and methods for maintaining data security through encryption key retirement and selective re-encryption are presented. A method of selectively re-encrypting a subset of encrypted values includes storing each encrypted value together with the key profile number for the encryption key that was used to generate that encrypted value. When a key is compromised, its associated key profile number allows the efficient identification of all the encrypted values that were created using the now-compromised key. Once identified, the encrypted values may be decrypted using the compromised key and re-encrypted using a new key, without changing other related data such as the token associated with the encrypted value.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of and priority to U.S. Provisional Application No. 61/499,121, entitled “Token Manager for Data Protection,” filed Jun. 20, 2011, which is herein incorporated by reference in its entirety.
    • TECHNICAL FIELD
  • The following disclosure relates generally to data security applications and, more particularly, to systems and methods for maintaining data security using certificate-based mutual authentication.
    • BACKGROUND
  • The proliferation of business-critical and sensitive electronic data creates a data security challenge, especially when sensitive data is collected in geographically distant locations and stored in multiple applications and databases for later processing.
  • Data encryption uses an encryption key to encrypt the sensitive data. The resulting encrypted data, sometimes called cipher text, can be stored in a database. The encrypted data is generally larger than the original value, requiring more space. Storing the encryption key in the same place exposes the encrypted data to easy decryption if the database is compromised.
  • In existing systems, when an encryption key is compromised (corrupted or stolen, for example) the entire database of encrypted data, row by row, must be checked to determine if that data is linked in any way to the compromised encryption key. If so, that data must be decrypted and re-encrypted. For encryption keys that were used over long periods or for a large number of transactions, there may be many thousands of data entries that were processed by a key that is now compromised. Efforts at improving the recovery from a compromised encryption key have been unsatisfactory.
    • SUMMARY
  • According to various embodiments, a method of selectively re-encrypting a subset of encrypted data values, for use in a data processing operation for protecting sensitive data, includes the steps of: (1) establishing a data store for storing a plurality of records, wherein each record comprises an encrypted value associated with original sensitive data, and a key profile number associated with an encryption key that was used to generate the encrypted value; (2) identifying a compromised key and a compromised key profile number associated therewith; (3) generating a new key and a new key profile number associated therewith; (4) identifying in the data store a subset of records, wherein the subset is characterized by a key profile number that matches the compromised key profile number, and (5) for each record in the subset: (a) de-encrypting the encrypted value using the compromised key to reveal the original sensitive data; (b) re-encrypting the original sensitive data using the new key to generate a new encrypted data value; (c) replacing the encrypted value with the new encrypted data value; and (d) replacing the compromised key profile number with the new key profile number.
  • In another aspect of the method, each record further comprises a token value associated with the original sensitive data, and the method is executed without changing the token value.
  • In another aspect, the step of generating the new key includes generating an activation date associated therewith, and the step of identifying occurs after the activation date.
  • The method may also include activating a new encryption key on a future date, which includes the steps of: (6) establishing a data processing operation comprising a key manager for generating encryption keys, a token manager for encrypting sensitive data, and a data vault for storing encrypted data; (7) establishing a key management data store, in communication with the key manager, for storing a plurality of records, wherein each record comprises an encryption key, a key profile number, and an activation date; (8) generating a new record, comprising a new encryption key, a new key profile number, a new activation date; and (9) distributing the new record to the token manager for implementation of the new encryption key and the new key profile number upon reaching the activation date.
  • A method of encryption key retirement for use in a data processing operation for protecting sensitive data, includes the steps of: (1) establishing a data processing operation comprising a key manager for generating encryption keys, a token manager for encrypting sensitive data, and a data vault for storing encrypted data; (2) establishing a data store, in communication with the data vault, for storing a plurality of records, wherein each record comprises an encrypted value associated with original sensitive data, and a key profile number associated with an encryption key that was used to generate the encrypted value; (3) identifying a compromised key and a compromised key profile number associated therewith; (4) generating a new key and a new key profile number associated therewith; (5) identifying in the data store a subset of records, wherein the subset is characterized by a key profile number that matches the compromised key profile number, and (6) for each record in the subset: (a) de-encrypting the encrypted value using the compromised key to reveal the original sensitive data; (b) re-encrypting the original sensitive data using the new key to generate a new encrypted data value; (c) replacing the encrypted value with the new encrypted data value; and (d) replacing the compromised key profile number with the new key profile number.
  • In another aspect of this method, each record further comprises a token value associated with the original sensitive data, and wherein the method is executed without changing the token value. The step of generating the new key includes generating an activation date associated therewith, and wherein the step of identifying occurs after the activation date.
    • BRIEF DESCRIPTION OF THE DRAWING
  • Having thus described various embodiments in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:
  • FIG. 1 is an exemplary system architecture diagram, according to particular embodiments.
  • FIG. 2A is an illustration of sensitive data and a corresponding token, according to particular embodiments.
  • FIG. 2B is an illustration of sensitive data and a corresponding token, according to particular embodiments.
  • FIG. 3 is an illustration of a portion of an exemplary data store in a data vault, according to particular embodiments.
    •  DETAILED DESCRIPTION
  • The present systems and apparatuses and methods are understood more readily by reference to the following detailed description, examples, drawing, and claims, and their previous and following descriptions. However, before the present devices, systems, and/or methods are disclosed and described, it is to be understood that this invention is not limited to the specific devices, systems, and/or methods disclosed unless otherwise specified, as such can, of course, vary. It is also to be understood that the terminology used herein is for the purpose of describing particular aspects only and is not intended to be limiting.
  • The following description is provided as an enabling teaching in its best, currently known embodiment. To this end, those skilled in the relevant art will recognize and appreciate that many changes can be made to the various aspects described herein, while still obtaining the beneficial results of the technology disclosed. It will also be apparent that some of the desired benefits can be obtained by selecting some of the features while not utilizing others. Accordingly, those with ordinary skill in the art will recognize that many modifications and adaptations are possible, and may even be desirable in certain circumstances, and are a part of the invention described. Thus, the following description is provided as illustrative of the principles of the invention and not in limitation thereof.
  • As used throughout, the singular forms “a,” “an” and “the” include plural referents unless the context clearly dictates otherwise. Thus, for example, reference to “a” component can include two or more such components unless the context indicates otherwise.
  • Ranges can be expressed herein as from “about” one particular value, and/or to “about” another particular value. When such a range is expressed, another aspect includes from the one particular value and/or to the other particular value. Similarly, when values are expressed as approximations, by use of the antecedent “about,” it will be understood that the particular value forms another aspect. It will be further understood that the endpoints of each of the ranges are significant both in relation to the other endpoint, and independently of the other endpoint.
  • As used herein, the terms “optional” or “optionally” mean that the subsequently described event or circumstance may or may not occur, and that the description includes instances where said event or circumstance occurs and instances where it does not.
    • Exemplary Tokenization System
  • Aspects of this disclosure relate to systems and methods for protecting and using sensitive data such as credit card numbers in compliance with regulations and best practices. Although the systems and methods are described herein primarily within the context of credit card numbers, the technology described herein is useful and applicable for protecting any type of sensitive data, such as social security numbers, passport numbers, license numbers, account numbers, payroll data, national health insurance numbers, personally-identifiable information (PII) such as name and date of birth, and the like.
  • FIG. 1 illustrates the architecture for an exemplary system 100, according to particular embodiments. The system 100 as shown includes four distinct modules: a token manager 110, a key manager 120, a data vault 130, and a client/application 140.
  • The key manager 120 manages encryption keys that are used to encrypt sensitive data and permit only authorized users to reveal or otherwise access the sensitive data. The encryption keys may be distributed to the token manager 110 for use in encryption and decryption functions.
  • The token manager 110 is a central part of the system 100, providing tokenization, encryption, client management, event logging, and administrative functions. Tokenization describes the process of receiving sensitive data and generating a token to be used in its place. The token manager 110 generates the token, encrypts the original sensitive data, and stores the encrypted data (cipher text) in the data vault 130. The encrypted data is stored only in the data vault 130. The token is a reference to the encrypted data; there is no mathematical relationship between a token and the encrypted data. Therefore, the token may be safely used throughout the system 100, while the encrypted data it represents remains stored in the data vault 130. The token manager 110 ensures that there is a one-to-one relationship between the sensitive data and the generated token, so that referential integrity is maintained throughout the system 100.
  • The data vault 130 is a depository such as a database for storing the tokens and the encrypted data. The data vault does not store the encryption key, which is stored and controlled using the key manager 120. In particular embodiments, the data vault 130 may store a key profile number or other pointer that indicates which key was used to encrypt the data. The token manager 110 may use a data access technology such as JDBC (Java Database Connectivity) to communicate with the data vault 130.
  • The client or application 140 may be any of a variety of applications or platforms involved in the collection, handling, or processing of sensitive data. For example, the client/application 140 may be a financial application for processing or analyzing payments received by a business enterprise. Another client/application 140 may be a point-of-sale device such as a cash register or payment card reader. In particular embodiments, integration of client/applications 140 may be accomplished through SOAP/web services. In this aspect, any application 140 that supports web services can be integrated with the token manager 110 and may be configured to make calls to tokenize/encrypt sensitive data or, if authorized, to decrypt/access the sensitive data.
  • As illustrated in FIG. 1, the system 100 may include other modules depending on the implementation. For example, the system 100 may include a directory 150 includes a database for storing any type of data useful in the system 100. For example, the directory 150 may include client IP addresses, hostnames, user identities, client role definitions, client permissions and data access policies, and the like. The token manager 110 may use LDAP or another protocol for accessing and maintaining the directory 150.
  • The system 100 may also include an administrator 152 with access to the token manager 110. The administrator 152 may use HTTP/S or another secure protocol for communicating with the token manager 110.
  • The token manager 110 and the key manager 120 may be configured to generate security event messages via Syslog. These logs can be directed to an event log 154 which may include an event management application (SIEM) for logging, collecting, storing, analyzing, and/or reporting events.
  • The token manager 110 may also be configured to send e-mail alerts using an e-mail server 156 via SMTP or similar protocol. The system 100 may also include a metadata store 158.
  • In use, the token manager 110, according to particular embodiments, receives sensitive data from an application 140 along with a request to protect it, generates a token, and inserts the token in place of the sensitive data. The key manager 120 supplies an encryption key to the token manager 110, which then encrypts the sensitive data and stores the encrypted data (cipher text) in the data vault 130. Tokens can be used safely in any application or database without exposing the sensitive data.
  • When an application 140 or database requires the original sensitive data, the application 140 transmits a request (by web services call, for example) to the token manager 110 and presents the token. The token manager 110 validates the credentials of the requesting application and, if authorized, looks-up the token in the data vault 130, identifies the matching cipher text, decrypts the cipher text, and returns the original sensitive data back to the application 140.
  • According to particular embodiments, the system 100 ensures a one-to-one relationship between a token and the sensitive data it represents. The data vault 130 contains a single encrypted version of each original sensitive data. Even when encryption keys change over time, there is only one instance of the encrypted value stored in the data vault 130. In use, this means that the returned token will consistently represent the same original data throughout the system 100, in different applications and across multiple data sets.
    • Token Characteristics
  • The token manager 110 in particular embodiments may be configured to generate a token that is structurally similar in length and format to that of the original sensitive data. For example, as shown in FIG. 2A, a token 200 a can be formatted to preserve any number of leading and trailing characters found in the original sensitive data 10. In the example shown, the head 202 a includes the leading six characters, the tail 206 a includes the trailing four, and the body 204 a includes tokenized characters.
  • As shown in FIG. 2B, a token 200 b can be formatted to preserve both the length and the data type (alpha or numeric, and the like) of the original sensitive data 10. In the example shown, the head 202 b includes the leading six characters, the body 204 b includes six numeric characters, and the tail 206 b includes the trailing four characters. Any number (including zero) of the leading and/or trailing characters from the original sensitive data 10 may be preserved. The format-preserving tokenization process is also described in the commonly owned and co-pending U.S. patent application Ser. No. 13/040,133, entitled “System and Methods for Format Preserving Tokenization of Sensitive Information,” which is herein incorporated by reference in its entirety.
  • The task of generating a token may be accomplished in one or more steps performed by a token generation algorithm. As described above, the token generation algorithm may be configured to generate a token that is independent of at least a portion of the data in a sensitive data string.
    • Key Versioning and Key Retirement
  • The key manager 120 in particular embodiments generates encryption keys and, together with the token manager 110, controls the usage of keys throughout the system 100. Keys can be changed monthly, quarterly, annually—any time the user wants or needs to change the encryption key currently in use. Key rotation can be implemented, for example, when the current key is compromised, corrupted, or otherwise not desirable. Key rotation is controlled and administered by the key manager 120.
  • Key versioning allows the token manager 110 to automatically use the current key for encryption—and to access the past key when performing a decryption. In particular embodiments, the key manager 120 assigns a version number, called a key profile number, which remains associated with a particular encryption key. The token manager 110 maintains a record of which key profile number is associated with each encrypted value. The data vault 130, in particular embodiments, maintains a data store 600 that includes at least a token 200 c, the associated encrypted data 620, and the key profile number 610 associated with the encryption key that was used to create each item of encrypted data 620. A portion of such a data store 600 is illustrated in FIG. 3.
  • The key profile number 610 allows any component accessing the data store 600 in the data vault 130 to identify the encryption key that was used to create any particular item of encrypted data 620. Even if the key is no longer in active use, the key profile number 610 can be used to lookup the associated encryption key 620 (stored and maintained by the key manager 120) and perform a decryption at any time.
  • Key versioning also allows users to create and distribute an encryption key for use at a later date; a feature called effective date key rotation. In particular embodiments, each encryption key includes an associated key profile number 610 and an effective date. The administrator 152 or other authorized user can generate a new key and a new key profile number, and assign an effective date in the future when the new key will be activated and available for use. The new key can be distributed to the token manager 110, but will not be used to encrypt data until the selected activation date and time. The token manger 110 will automatically detect when the activation date is reached, and will use the new key without any further input or instruction from the key manager 120 or administrator 152 to initiate the key rotation.
  • Key retirement is desired when an encryption key is compromised, corrupted, stolen, or otherwise identified for de-activation. The key profile number 610 allows the token manager 110 to de-activate or retire an encryption key so that it is never used again. All the encrypted data associated with that key should be decrypted and re-encrypted using a new key. This effort may impact many thousands or millions of encrypted data entries, depending on how long the compromised key was in active use. The key profile number 610 allows the quick and effective identification of every item of encrypted data 620 associated with a compromised key.
  • For example, as illustrated in FIG. 3, the encryption key associated with key profile number “1313” has been compromised. To protect the sensitive data, all the encrypted data associated with the compromised key profile 613 must be decrypted and re-encrypted, using a new key. In particular embodiments, the key manager 120 or token manager 100 (via a web-based graphical user interface, typically) may access the data vault 130 where the data store 600 is maintained. Instead of searching line by line through the data store 600, a simple query can be executed that will find all the data associated with the compromised key profile 613. After this subset of data is identified, the following steps will effectively retire the compromised key. First, each item of encrypted data is retrieved and decrypted using the compromised key. Next, each item of data is re-encrypted using a new key, and the new encrypted data is stored. Also, the compromised key profile 613 is removed, and replaced with the new key profile number, which is also stored.
  • Notice that the tokenized data string 200 c does not change, even when its associated key is retired and replaced with a new key. In this aspect, key versioning and key retirement help to preserve the one-to-one relationship between the token and the data value.
  • The system can perform a selective re-encryption of data associated with any particular key profile number, or set of key profile numbers, at any time, without generating a new token. The re-encryption process may be configured to run in the background, while all components and servers remain active, and without interfering with continued operation of the system.
    • CONCLUSION
  • Although the systems and methods are described herein primarily within the context of numerical data such as credit card numbers, the technology described herein is useful and applicable for protecting any type of sensitive data, such as social security numbers, passport numbers, license numbers, account numbers, payroll data, national health insurance numbers, personally-identifiable information (PII) such as name and date of birth, and the like. Moreover, although several embodiments have been described herein, those of ordinary skill in art, with the benefit of the teachings of this disclosure, will understand and comprehend many other embodiments and modifications for this technology. The invention therefore is not limited to the specific embodiments disclosed or discussed herein, and that may other embodiments and modifications are intended to be included within the scope of the appended claims. Moreover, although specific terms are occasionally used herein, as well as in the claims or concepts that follow, such terms are used in a generic and descriptive sense only, and should not be construed as limiting the described invention or the claims that follow.

Claims (7)

1. A method of selectively re-encrypting a subset of encrypted data values, for use in a data processing operation for protecting sensitive data, said method comprising the computer-implemented steps of:
establishing a data store for storing a plurality of records, wherein each record comprises an encrypted value associated with original sensitive data, and a key profile number associated with an encryption key that was used to generate said encrypted value;
identifying a compromised key and a compromised key profile number associated therewith;
generating a new key and a new key profile number associated therewith;
identifying in said data store a subset of records, wherein said subset is characterized by a key profile number that matches said compromised key profile number, and for each record in said subset:
(a) de-encrypting said encrypted value using said compromised key to reveal said original sensitive data;
(b) re-encrypting said original sensitive data using said new key to generate a new encrypted data value;
(c) replacing said encrypted value with said new encrypted data value; and
(d) replacing said compromised key profile number with said new key profile number.
2. The method of claim 1, wherein each said record further comprises a token value associated with said original sensitive data, and wherein said method is executed without changing said token value.
3. The method of claim 1, wherein said step of generating said new key includes generating an activation date associated therewith, and wherein said step of identifying occurs after said activation date.
4. A method for activating a new encryption key on a future date, for use in a data processing operation for protecting sensitive data, said method comprising the computer-implemented steps of:
establishing a data processing operation comprising a key manager for generating encryption keys, a token manager for encrypting sensitive data, and a data vault for storing encrypted data;
establishing a key management data store, in communication with said key manager, for storing a plurality of records, wherein each record comprises an encryption key, a key profile number, and an activation date;
generating a new record, comprising a new encryption key, a new key profile number, a new activation date; and
distributing said new record to said token manager for implementation of said new encryption key and said new key profile number upon reaching said activation date.
5. A method of encryption key retirement for use in a data processing operation for protecting sensitive data, said method comprising the computer-implemented steps of:
establishing a data processing operation comprising a key manager for generating encryption keys, a token manager for encrypting sensitive data, and a data vault for storing encrypted data;
establishing a data store, in communication with said data vault, for storing a plurality of records, wherein each record comprises an encrypted value associated with original sensitive data, and a key profile number associated with an encryption key that was used to generate said encrypted value;
identifying a compromised key and a compromised key profile number associated therewith;
generating a new key and a new key profile number associated therewith;
identifying in said data store a subset of records, wherein said subset is characterized by a key profile number that matches said compromised key profile number, and for each record in said subset:
(a) de-encrypting said encrypted value using said compromised key to reveal said original sensitive data;
(b) re-encrypting said original sensitive data using said new key to generate a new encrypted data value;
(c) replacing said encrypted value with said new encrypted data value; and
(d) replacing said compromised key profile number with said new key profile number.
6. The method of claim 5, wherein each said record further comprises a token value associated with said original sensitive data, and wherein said method is executed without changing said token value.
7. The method of claim 5, wherein said step of generating said new key includes generating an activation date associated therewith, and wherein said step of identifying occurs after said activation date.
US13/527,860 2011-06-20 2012-06-20 Key rotation and selective re-encryption for data security Abandoned US20120321078A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/527,860 US20120321078A1 (en) 2011-06-20 2012-06-20 Key rotation and selective re-encryption for data security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161499121P 2011-06-20 2011-06-20
US13/527,860 US20120321078A1 (en) 2011-06-20 2012-06-20 Key rotation and selective re-encryption for data security

Publications (1)

Publication Number Publication Date
US20120321078A1 true US20120321078A1 (en) 2012-12-20

Family

ID=47353665

Family Applications (4)

Application Number Title Priority Date Filing Date
US13/527,860 Abandoned US20120321078A1 (en) 2011-06-20 2012-06-20 Key rotation and selective re-encryption for data security
US13/527,867 Abandoned US20120324225A1 (en) 2011-06-20 2012-06-20 Certificate-based mutual authentication for data security
US13/527,837 Active 2032-11-10 US8806204B2 (en) 2011-06-20 2012-06-20 Systems and methods for maintaining data security across multiple active domains
US13/527,852 Expired - Fee Related US8812844B2 (en) 2011-06-20 2012-06-20 Luhn validation and data security across multiple active domains

Family Applications After (3)

Application Number Title Priority Date Filing Date
US13/527,867 Abandoned US20120324225A1 (en) 2011-06-20 2012-06-20 Certificate-based mutual authentication for data security
US13/527,837 Active 2032-11-10 US8806204B2 (en) 2011-06-20 2012-06-20 Systems and methods for maintaining data security across multiple active domains
US13/527,852 Expired - Fee Related US8812844B2 (en) 2011-06-20 2012-06-20 Luhn validation and data security across multiple active domains

Country Status (1)

Country Link
US (4) US20120321078A1 (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9258121B2 (en) * 2014-06-20 2016-02-09 Gemalto Sa Method to manage modification of encryption credentials
CN106991298A (en) * 2016-01-21 2017-07-28 阿里巴巴集团控股有限公司 Access method, the authorization requests method and device of application program docking port
US20180357426A1 (en) * 2017-06-13 2018-12-13 Microsoft Technology Licensing, Llc Active Key Rolling for Sensitive Data Protection
CN109040092A (en) * 2018-08-17 2018-12-18 北京海泰方圆科技股份有限公司 data random encrypting method and device
US10248953B2 (en) 2013-10-09 2019-04-02 The Toronto-Dominion Bank Systems and methods for providing tokenized transaction accounts
US10389688B2 (en) * 2016-08-23 2019-08-20 NXT-Security, LLC Vaultless tokenization engine
US10510071B2 (en) * 2014-09-29 2019-12-17 The Toronto-Dominion Bank Systems and methods for generating and administering mobile applications using pre-loaded tokens
US10607017B2 (en) * 2017-01-04 2020-03-31 Ca, Inc. Restricting access to sensitive data using tokenization
US20220067206A1 (en) * 2020-08-28 2022-03-03 Open Text Holdings, Inc. Token-based data security systems and methods with embeddable markers in unstructured data
US11323479B2 (en) 2013-07-01 2022-05-03 Amazon Technologies, Inc. Data loss prevention techniques
US20220191018A1 (en) * 2020-12-14 2022-06-16 International Business Machines Corporation Key rotation on a publish-subscribe system
US11368300B2 (en) 2014-06-27 2022-06-21 Amazon Technologies, Inc. Supporting a fixed transaction rate with a variably-backed logical cryptographic key
US11372993B2 (en) 2013-02-12 2022-06-28 Amazon Technologies, Inc. Automatic key rotation
US11381393B2 (en) 2019-09-24 2022-07-05 Akamai Technologies Inc. Key rotation for sensitive data tokenization
US11470054B2 (en) * 2013-06-13 2022-10-11 Amazon Technologies, Inc. Key rotation techniques
US11615214B2 (en) * 2019-07-15 2023-03-28 Micron Technology, Inc. Cryptographic key management
US11626996B2 (en) 2014-09-15 2023-04-11 Amazon Technologies, Inc. Distributed system web of trust provisioning
US11695555B2 (en) 2013-02-12 2023-07-04 Amazon Technologies, Inc. Federated key management
US20230246838A1 (en) * 2020-03-03 2023-08-03 The Prudential Insurance Company Of America System for Improving Data Security
US11748510B1 (en) * 2019-10-29 2023-09-05 United Services Automobile Association (Usaa) Protection of personal data stored in vehicular computing systems
US11954690B2 (en) 2019-01-18 2024-04-09 The Toronto-Dominion Bank Systems and methods for providing tokenized transactions accounts

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8412945B2 (en) * 2011-08-09 2013-04-02 CloudPassage, Inc. Systems and methods for implementing security in a cloud computing environment
US8689355B1 (en) * 2011-08-30 2014-04-01 Emc Corporation Secure recovery of credentials
KR101986312B1 (en) * 2011-11-04 2019-06-05 주식회사 케이티 Method for Creating Trust Relationship and Embedded UICC
US8972543B1 (en) * 2012-04-11 2015-03-03 Spirent Communications, Inc. Managing clients utilizing reverse transactions
US20150095160A1 (en) * 2013-10-01 2015-04-02 Paschar Llc Method and system for providing advertising on mobile devices
US9602537B2 (en) * 2013-03-15 2017-03-21 Vmware, Inc. Systems and methods for providing secure communication
US9081978B1 (en) * 2013-05-30 2015-07-14 Amazon Technologies, Inc. Storing tokenized information in untrusted environments
US10275766B2 (en) 2013-09-24 2019-04-30 Google Llc Encrypting financial account numbers such that every decryption attempt results in valid account numbers
US9313195B2 (en) 2013-09-30 2016-04-12 Protegrity Corporation Collision avoidance in a distributed tokenization environment
US9111116B2 (en) 2013-09-30 2015-08-18 Protegrity Corporation Collision avoidance in a distributed tokenization environment
EP2854069B1 (en) * 2013-09-30 2019-06-05 Protegrity Corporation Collision avoidance in a distributed tokenization environment
US11574300B1 (en) 2014-04-30 2023-02-07 Wells Fargo Bank, N.A. Mobile wallet systems and methods using trace identifier using card networks
US9397835B1 (en) * 2014-05-21 2016-07-19 Amazon Technologies, Inc. Web of trust management in a distributed system
CN105825371A (en) * 2015-01-07 2016-08-03 阿里巴巴集团控股有限公司 Method and device for processing service
US10469477B2 (en) 2015-03-31 2019-11-05 Amazon Technologies, Inc. Key export techniques
US10410210B1 (en) * 2015-04-01 2019-09-10 National Technology & Engineering Solutions Of Sandia, Llc Secure generation and inversion of tokens
CN104850786B (en) * 2015-06-03 2018-03-20 舒辉 Malicious code integrity analysis method based on environment reconstruct
US9727749B2 (en) 2015-06-08 2017-08-08 Microsoft Technology Licensing, Llc Limited-access functionality accessible at login screen
US11082849B2 (en) * 2015-08-07 2021-08-03 Qualcomm Incorporated Validating authorization for use of a set of features of a device
US10419401B2 (en) 2016-01-08 2019-09-17 Capital One Services, Llc Methods and systems for securing data in the public cloud
CN107026825A (en) * 2016-02-02 2017-08-08 中国移动通信集团陕西有限公司 A kind of method and system for accessing big data system
US10903854B2 (en) 2016-04-20 2021-01-26 Micro Focus Llc Replacing a subset of digits in a sequence
US10027669B2 (en) 2016-10-26 2018-07-17 Intuit Inc. Authorization to access a server in the cloud without obtaining an initial secret
CN107733842A (en) * 2016-11-08 2018-02-23 北京奥斯达兴业科技有限公司 Method for authenticating and device based on cloud platform
US10412097B1 (en) 2017-01-24 2019-09-10 Intuit Inc. Method and system for providing distributed authentication
US10366240B1 (en) 2017-01-25 2019-07-30 Intuit Inc. Authorization to access a server in the cloud without obtaining an initial secret
US10671753B2 (en) 2017-03-23 2020-06-02 Microsoft Technology Licensing, Llc Sensitive data loss protection for structured user content viewed in user applications
US10410014B2 (en) 2017-03-23 2019-09-10 Microsoft Technology Licensing, Llc Configurable annotations for privacy-sensitive user content
US10380355B2 (en) 2017-03-23 2019-08-13 Microsoft Technology Licensing, Llc Obfuscation of user content in structured user data files
US10360403B2 (en) 2017-04-12 2019-07-23 International Business Machines Corporation Cognitive API policy manager
US10581861B2 (en) 2017-09-12 2020-03-03 International Business Machines Corporation Endpoint access manager
US11636473B2 (en) 2018-11-08 2023-04-25 International Business Machines Corporation Altering account numbers into invalid account numbers for secure transmission and storage
US20200279050A1 (en) * 2019-02-28 2020-09-03 SpyCloud, Inc. Generating and monitoring fictitious data entries to detect breaches
CN111934883B (en) * 2020-07-16 2024-01-26 中国民航信息网络股份有限公司 Credit card number tokenization method and system
US11921891B2 (en) * 2020-12-23 2024-03-05 PB Analytics Inc. Method for restricting access to a data owner's data

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060034456A1 (en) * 2002-02-01 2006-02-16 Secure Choice Llc Method and system for performing perfectly secure key exchange and authenticated messaging
US20070079119A1 (en) * 2000-11-16 2007-04-05 Ulf Mattsson Encryption key rotation
US20090249082A1 (en) * 2008-03-26 2009-10-01 Ulf Mattsson Method and apparatus for tokenization of sensitive sets of characters
US20100070754A1 (en) * 2008-06-10 2010-03-18 Paymetric, Inc. Payment encryption accelerator
US7984025B2 (en) * 1999-11-12 2011-07-19 Protegrity Corporation Method for reencryption of a database
US20110178933A1 (en) * 2010-01-20 2011-07-21 American Express Travel Related Services Company, Inc. Dynamically reacting policies and protections for securing mobile financial transaction data in transit
US20110307714A1 (en) * 2010-05-26 2011-12-15 Paymetric, Inc. Reference token service
US20120304273A1 (en) * 2011-05-27 2012-11-29 Fifth Third Processing Solutions, Llc Tokenizing Sensitive Data
US8458487B1 (en) * 2010-03-03 2013-06-04 Liaison Technologies, Inc. System and methods for format preserving tokenization of sensitive information

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6662237B1 (en) 1999-06-24 2003-12-09 Contivo, Inc. System for documenting application interfaces and their mapping relationship
US7237123B2 (en) 2000-09-22 2007-06-26 Ecd Systems, Inc. Systems and methods for preventing unauthorized use of digital content
CA2435624C (en) 2000-09-22 2013-05-07 Richard B. Levine Systems and methods for preventing unauthorized use of digital content
WO2006003743A1 (en) 2004-07-02 2006-01-12 Kazuhiro Oki Information-concealed postcard and method for producing the same
US7710988B1 (en) * 2005-03-11 2010-05-04 Xambala Corporation Method and system for non-deterministic finite automaton filtering
CA2631756A1 (en) 2005-12-01 2007-06-07 Firestar Software, Inc. System and method for exchanging information among exchange applications
US7891563B2 (en) 2007-05-17 2011-02-22 Shift4 Corporation Secure payment card transactions
US8341104B2 (en) * 2007-08-16 2012-12-25 Verizon Patent And Licensing Inc. Method and apparatus for rule-based masking of data
US7783666B1 (en) * 2007-09-26 2010-08-24 Netapp, Inc. Controlling access to storage resources by using access pattern based quotas
US8401183B2 (en) 2007-12-27 2013-03-19 Verizon Patent And Licensing Inc. Method and system for keying and securely storing data
US8208627B2 (en) 2008-05-02 2012-06-26 Voltage Security, Inc. Format-preserving cryptographic systems
US8651374B2 (en) 2008-06-02 2014-02-18 Sears Brands, L.L.C. System and method for payment card industry enterprise account number elimination
JP5126786B2 (en) * 2008-07-11 2013-01-23 曙ブレーキ工業株式会社 Pad clip for disc brake device
US8584251B2 (en) 2009-04-07 2013-11-12 Princeton Payment Solutions Token-based payment processing system
US10748146B2 (en) 2009-06-16 2020-08-18 Heartland Payment Systems, Llc Tamper-resistant secure methods, systems and apparatuses for credit and debit transactions
US8595812B2 (en) 2009-12-18 2013-11-26 Sabre Inc. Tokenized data security
US8745094B2 (en) 2010-03-01 2014-06-03 Protegrity Corporation Distributed tokenization using several substitution steps
US9558494B2 (en) 2010-04-19 2017-01-31 Tokenex, L.L.C. Devices, systems, and methods for tokenizing sensitive information
US8850071B2 (en) 2010-05-10 2014-09-30 Liaison Technologies, Inc. Map intuition system and method
US10318932B2 (en) 2011-06-07 2019-06-11 Entit Software Llc Payment card processing system with structure preserving encryption

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7984025B2 (en) * 1999-11-12 2011-07-19 Protegrity Corporation Method for reencryption of a database
US20070079119A1 (en) * 2000-11-16 2007-04-05 Ulf Mattsson Encryption key rotation
US20060034456A1 (en) * 2002-02-01 2006-02-16 Secure Choice Llc Method and system for performing perfectly secure key exchange and authenticated messaging
US20090249082A1 (en) * 2008-03-26 2009-10-01 Ulf Mattsson Method and apparatus for tokenization of sensitive sets of characters
US20100070754A1 (en) * 2008-06-10 2010-03-18 Paymetric, Inc. Payment encryption accelerator
US20110178933A1 (en) * 2010-01-20 2011-07-21 American Express Travel Related Services Company, Inc. Dynamically reacting policies and protections for securing mobile financial transaction data in transit
US8458487B1 (en) * 2010-03-03 2013-06-04 Liaison Technologies, Inc. System and methods for format preserving tokenization of sensitive information
US20110307714A1 (en) * 2010-05-26 2011-12-15 Paymetric, Inc. Reference token service
US20120304273A1 (en) * 2011-05-27 2012-11-29 Fifth Third Processing Solutions, Llc Tokenizing Sensitive Data

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11695555B2 (en) 2013-02-12 2023-07-04 Amazon Technologies, Inc. Federated key management
US11372993B2 (en) 2013-02-12 2022-06-28 Amazon Technologies, Inc. Automatic key rotation
US11470054B2 (en) * 2013-06-13 2022-10-11 Amazon Technologies, Inc. Key rotation techniques
US11323479B2 (en) 2013-07-01 2022-05-03 Amazon Technologies, Inc. Data loss prevention techniques
US11301864B2 (en) 2013-10-09 2022-04-12 The Toronto-Dominion Bank Systems and methods for providing tokenized transaction accounts
US10248953B2 (en) 2013-10-09 2019-04-02 The Toronto-Dominion Bank Systems and methods for providing tokenized transaction accounts
US10515370B2 (en) 2013-10-09 2019-12-24 The Toronto-Dominion Bank Systems and methods for providing tokenized transaction accounts
US9258121B2 (en) * 2014-06-20 2016-02-09 Gemalto Sa Method to manage modification of encryption credentials
US11368300B2 (en) 2014-06-27 2022-06-21 Amazon Technologies, Inc. Supporting a fixed transaction rate with a variably-backed logical cryptographic key
US11626996B2 (en) 2014-09-15 2023-04-11 Amazon Technologies, Inc. Distributed system web of trust provisioning
US10510071B2 (en) * 2014-09-29 2019-12-17 The Toronto-Dominion Bank Systems and methods for generating and administering mobile applications using pre-loaded tokens
US11138591B2 (en) 2014-09-29 2021-10-05 The Toronto-Dominion Bank Systems and methods for generating and administering mobile applications using pre-loaded tokens
CN106991298A (en) * 2016-01-21 2017-07-28 阿里巴巴集团控股有限公司 Access method, the authorization requests method and device of application program docking port
US10986073B2 (en) * 2016-08-23 2021-04-20 NXT-Security, LLC Vaultless tokenization engine
US10757080B2 (en) * 2016-08-23 2020-08-25 NXT-Security, LLC Vaultless tokenization engine
US20190327213A1 (en) * 2016-08-23 2019-10-24 NXT-Security, LLC Vaultless Tokenization Engine
US10389688B2 (en) * 2016-08-23 2019-08-20 NXT-Security, LLC Vaultless tokenization engine
US10607017B2 (en) * 2017-01-04 2020-03-31 Ca, Inc. Restricting access to sensitive data using tokenization
US10860724B2 (en) * 2017-06-13 2020-12-08 Microsoft Technology Licensing, Llc Active key rolling for sensitive data protection
US20180357426A1 (en) * 2017-06-13 2018-12-13 Microsoft Technology Licensing, Llc Active Key Rolling for Sensitive Data Protection
CN109040092A (en) * 2018-08-17 2018-12-18 北京海泰方圆科技股份有限公司 data random encrypting method and device
US11954690B2 (en) 2019-01-18 2024-04-09 The Toronto-Dominion Bank Systems and methods for providing tokenized transactions accounts
US11615214B2 (en) * 2019-07-15 2023-03-28 Micron Technology, Inc. Cryptographic key management
US11381393B2 (en) 2019-09-24 2022-07-05 Akamai Technologies Inc. Key rotation for sensitive data tokenization
US11748510B1 (en) * 2019-10-29 2023-09-05 United Services Automobile Association (Usaa) Protection of personal data stored in vehicular computing systems
US20230246838A1 (en) * 2020-03-03 2023-08-03 The Prudential Insurance Company Of America System for Improving Data Security
US11831776B2 (en) * 2020-03-03 2023-11-28 The Prudential Insurance Company Of America System for improving data security
US20220067206A1 (en) * 2020-08-28 2022-03-03 Open Text Holdings, Inc. Token-based data security systems and methods with embeddable markers in unstructured data
US11893136B2 (en) 2020-08-28 2024-02-06 Open Text Holdings, Inc. Token-based data security systems and methods with cross-referencing tokens in freeform text within structured document
US11947706B2 (en) * 2020-08-28 2024-04-02 Open Text Holdings, Inc. Token-based data security systems and methods with embeddable markers in unstructured data
US20220191018A1 (en) * 2020-12-14 2022-06-16 International Business Machines Corporation Key rotation on a publish-subscribe system

Also Published As

Publication number Publication date
US8812844B2 (en) 2014-08-19
US20120324555A1 (en) 2012-12-20
US20120324225A1 (en) 2012-12-20
US20120324223A1 (en) 2012-12-20
US8806204B2 (en) 2014-08-12

Similar Documents

Publication Publication Date Title
US20120321078A1 (en) Key rotation and selective re-encryption for data security
US11615210B1 (en) Third-party platform for tokenization and detokenization of network packet data
US10614244B1 (en) Sensitive data aliasing
US11652608B2 (en) System and method to protect sensitive information via distributed trust
US9158933B2 (en) Protection of encryption keys in a database
US7792300B1 (en) Method and apparatus for re-encrypting data in a transaction-based secure storage system
US8458487B1 (en) System and methods for format preserving tokenization of sensitive information
US10452320B2 (en) Encrypted data storage and retrieval system
US10503133B2 (en) Real time control of a remote device
US20070294539A1 (en) Method and system for transparently encrypting sensitive information
US9881164B1 (en) Securing data
KR102224998B1 (en) Computer-implemented system and method for protecting sensitive data via data re-encryption
CN101554010A (en) Systems and methods for document control using public key encryption
US20230306131A1 (en) Systems and methods for tracking propagation of sensitive data
Mattsson Database encryption-how to balance security with performance
US11163893B2 (en) Methods and systems for a redundantly secure data store using independent networks
KR102222600B1 (en) Method for simultaneously processing encryption and de-identification of privacy information, server and cloud computing service server for the same
US20230185934A1 (en) Rule-based targeted extraction and encryption of sensitive document features
EP3716124B1 (en) System and method of transmitting confidential data
Rasal et al. Improving Security in SAP-HANA Cloud by Applying Multiple Encryption Policies
Beley et al. A Management of Keys of Data Sheet in Data Warehouse
ZOPE et al. Encryption Techniques for High Security
Qiu et al. Safely delegating data mining tasks

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECURITY INTEREST;ASSIGNOR:LIAISON TECHNOLOGIES, INC.;REEL/FRAME:041808/0027

Effective date: 20170329

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECURITY INTEREST;ASSIGNOR:LIAISON TECHNOLOGIES, INC.;REEL/FRAME:047950/0910

Effective date: 20170329

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECURITY INTEREST;ASSIGNOR:LIAISON TECHNOLOGIES, INC.;REEL/FRAME:047950/0892

Effective date: 20130628

Owner name: LIAISON TECHNOLOGIES, INC., GEORGIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:SILICON VALLEY BANK;REEL/FRAME:048043/0532

Effective date: 20181217

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE LISTED PATENTS,NAMELY 5 NOS. LISTED AS PATENT NOS.(9590916,9344182,9650219,9588270,9294701),SHOULD BE LISTED AS APPLICATION NOS. PREVIOUSLY RECORDED ON REEL 047950 FRAME 0910. ASSIGNOR(S) HEREBY CONFIRMS THE SECURITY INTEREST;ASSIGNOR:LIAISON TECHNOLOGIES, INC.;REEL/FRAME:051255/0831

Effective date: 20170329