System and method for tokenizing information from a digital wallet host by an acquirer processor
US-2017200150-A1 · Jul 13, 2017 · US
System and methods for point to point encryption and tokenization
US11178115B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11178115-B2 |
| Application number | US-201715710107-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 20, 2017 |
| Priority date | Sep 21, 2016 |
| Publication date | Nov 16, 2021 |
| Grant date | Nov 16, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Mechanisms for providing point to point encryption and tokenization enabling decryption, tokenization and storage of sensitive encrypted data on one system are discussed.
First claim
Opening claim text (preview).
We claim: 1. A point to point encryption and tokenization system, comprising: a pin entry device (PED) configured to receive and encrypt card holder data (CHD); a first computing system in communication with the PED and configured to receive the encrypted CHD; a second computing system in communication with the first computing system via a communications network and configured to receive the encrypted CHD from the first communication system, the second computing system hosting a Payment Card Industry Data Security Standard (PCI DSS)-compliant environment, including: a decryption module configured to decrypt the CHD a tokenization module configured to generate a token representing the CHD, an authorization module configured to re-encrypt the CHD for an outside authorization device to process the CHD, and in response to receiving a confirmation from the outside authorization device, transmit the confirmation of the processed CHD and a copy of the token representing the CHD to the first computing system, the copy of the token stored by the first computing system to enable subsequent transactions requiring the CHD; and a database configured to store the token representing the decrypted CHD and the decrypted CHD; wherein the second computing system is further configured to: receive a request from the first computing system for an operation on decrypted CHD, the request accompanied by the copy of the token; receive the copy of the token representing the decrypted CHD at the tokenization module; retrieve the decrypted CHD from the database using the copy of the token; and re-encrypt the retrieved decrypted CHD for the outside authorization device to process the CHD in response to receiving the request including the copy of the token. 2. The system of claim 1 , wherein the decryption module is a Hardware Security Module (HSM). 3. The system of claim 1 wherein the first computing system is further configured to: store the copy of the token representing the CHD in a transaction log. 4. The system of claim 1 , wherein the first computing system and the second computing system are located in different geographic locations. 5. The system of claim 1 , wherein the CHD is encrypted using asymmetric encryption. 6. The system of claim 1 , wherein the second computing system further comprising a key management system configured to issue public keys and store security certificates. 7. The system of claim 1 , wherein the decrypted CHD is in a first format, the encrypted CHD is in a second format and the token representing the decrypted CHD is in a third format. 8. The system of claim 1 , wherein the token is an alphanumeric string. 9. A point to point encryption and tokenization method, comprising: receiving and encrypting card holder data (CHD) with a pin entry device (PED); receiving the encrypted CHD at a first computing system in communication with the PED; transmitting the encrypted CHD from the first computing system to a second computing system hosting a Payment Card Industry Data Security Standard (PCI DSS)-compliant environment as part of a request to process the encrypted data via a communications network; decrypting the encrypted CHD with a decryption module executing on the second computing system; generating a token representing the decrypted CHD with a token module executing on the second computing system; re-encrypting the decrypted CHD for an outside authorization device to process the CHD; receiving a confirmation of the processed CHD from the outside authorization device; transmitting, confirmation of the processed CHD and a copy of the token to the first computing system, the copy of the token stored by the first computing system to enable subsequent transactions requiring the CHD; and storing the token representing the decrypted CHD and the decrypted CHD in the database; receiving, via the second computing system, a request from the first computing system for processing of the decrypted CHD, the request accompanied by the copy of the token; receiving the copy of the token representing the decrypted CHD at the tokenization module; retrieving, via the tokenization module, the decrypted CHD using the copy of the token; and re-encrypting the retrieved decrypted CHD for the outside authorization device to process the CHD in response to receiving the request including the copy of the token. 10. The method of claim 9 , wherein the decryption module is a Hardware Security Module (HSM). 11. The method of claim 9 , wherein the first computing system and the second computing system are located in different geographic locations. 12. The method of claim 9 , wherein the CHD is encrypted using asymmetric encryption. 13. The method of claim 9 , wherein the second computing system includes a key management system configured to issue public keys and store security certificates. 14. The method of claim 9 , wherein the decrypted CHD is in a first format, the encrypted CHD is in a second format and the token representing the decrypted CHD is in a third format. 15. The method of claim 9 , wherein the token is an alphanumeric string. 16. A non-transitory computer-readable medium storing instructions, wherein the instructions are executable by a processor to: receive and encrypting card holder data (CHD) with a pin entry device (PED); receive the encrypted CHD at a first computing system in communication with the PED; transmit the encrypted CHD from the first computing system to a second computing system hosting a Payment Card Industry Data Security Standard (PCI DSS)-compliant environment as part of a request to with a decryption module executing on the second computing system; generate a token representing the decrypted CHD with a token module executing on the second computing system; re-encrypting the decrypted CHD for an outside authorization device to process the CHD; receiving a confirmation of the processed CHD from the outside authorization device; transmit, the confirmation of the processed decrypted CHD and a copy of the token to the first computing system, the copy of the token stored by the first computing system to enable subsequent transactions requiring the CHD; and store the token representing the decrypted CHD and the decrypted CHD in the database; receive, via the second computing system, a request from the first computing system for processing of the decrypted CHD, the request accompanied by the copy of the token; receive the copy of the token representing the decrypted CHD at the tokenization module; retrieve, via the tokenization module, the decrypted CHD using the copy of the token; and re-encrypt the retrieved decrypted CHD for the outside authorization device to process the CHD in response to receiving the request including the copy of the token. 17. The non-transitory computer readable memory medium of claim 16 , wherein the decryption system is a Hardware Security Module (HSM).
Assignees
Inventors
Classifications
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Protecting personal data, e.g. for financial or medical purposes · CPC title
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11178115B2 cover?
- Mechanisms for providing point to point encryption and tokenization enabling decryption, tokenization and storage of sensitive encrypted data on one system are discussed.
- Who is the assignee on this patent?
- Walmart Apollo Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).