What technology area does this patent fall under?

Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 13 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Masking and unmasking data over a network

US9680799B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9680799-B2
Application number	US-201514859965-A
Country	US
Kind code	B2
Filing date	Sep 21, 2015
Priority date	Sep 21, 2015
Publication date	Jun 13, 2017
Grant date	Jun 13, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An apparatus with one or more masking rules stored in a memory receives unmasked data associated with a first session identifier via a network and converts the received unmasked data into masked data by applying the one or more masking rules to the unmasked data. The apparatus generates a first mapped identifier associated with the unmasked data and first session identifier. The apparatus also receives, via a network, a second mapped identifier associated with a second session identifier. Upon receiving the second mapped identifier and second session identifier, the apparatus determines whether the second session identifier corresponds to the first session identifier and finds the first mapped identifier corresponding to the received second mapped identifier. The apparatus retrieves and sends the unmasked data associated with the first mapped identifier.

First claim

Opening claim text (preview).

What is claimed is: 1. An apparatus comprising: a memory operable to store one or more masking rules; an interface operable to receive, via a network, unmasked data associated with a first session identifier from a user interface server; a processor, in response to receiving unmasked data associated with a first session identifier, operable to; convert the received unmasked data into masked data by applying the one or more masking rules to the received unmasked data; generate a first mapped identifier and associate it with the received unmasked data and the associated first session identifier; store the unmasked data, associated first session identifier; and associated first mapped identifier in the memory; and send the masked data and associated first mapped identifier to a user workstation, wherein the masked data is stored into a data store; the interface being further operable to receive, via a network, a second mapped identifier associated with a second session identifier from the user interface server; the processor, in response to receiving the second mapped identifier associated with the second session identifier; being further operable to: determine whether the second session identifier corresponds to the first session identifier stored in the memory; in response to determining that the second session identifier corresponds to the first session identifier stored in the memory, find the first mapped identifier stored in the memory corresponding to the received second mapped identifier; retrieve the unmasked data associated with the first mapped identifier from the memory; and send the unmasked data to the user workstation. 2. The apparatus of claim 1 , wherein the first session identifier expires after a predetermined amount of time and wherein the first mapped identifier is deleted from the memory when the first session identifier expires. 3. The apparatus of claim 1 , wherein the first session identifier is generated when a service is initialized at the user workstation and the first session identifier expires when the service is terminated. 4. The apparatus of claim 1 , wherein the masking rules specify the masking techniques for converting the unmasked data into masked data. 5. The apparatus of claim 4 , wherein the masking rules specify masking the data by converting the unmasked data into symbols. 6. The apparatus of claim 1 , wherein the session identifiers, mapped identifiers, and unmasked data that are stored in the memory are all encrypted. 7. The apparatus of claim 1 , wherein the masking rules specify the type of information that needs to be masked. 8. An apparatus for converting unmasked data into masked data comprising: an interface operable to receive, upon the initiation of a session at a user workstation, unmasked data associated with a first session identifier via a network from a user interface server; and a processor operable to: apply one or more masking rules to the received unmasked data; generate a first mapped identifier and associate the first mapped identifier with the received unmasked data and the first session identifier; and send the masked data and associated first mapped identifier to the user workstation via the network, wherein the masked data is stored into a data store; and a memory operable to store the unmasked data, associated first session identifier, and associated first mapped identifier; wherein the interface is further operable to receive, via a network, a second mapped identifier associated with a second session identifier from a user interface server; wherein the processor is further operable to: determine whether the second session identifier corresponds to the first session identifier stored in the memory; in response to determining that the second session identifier corresponds to the first session identifier stored in the memory, find the first mapped identifier stored in the memory corresponding to the received second mapped identifier; retrieve the unmasked data associated with the first mapped identifier from the memory; and send the retrieved unmasked data to the user workstation. 9. The apparatus of claim 8 , wherein the masking rules specify the masking techniques for converting the unmasked data into masked data. 10. The apparatus of claim 9 , wherein the masking rules specify masking the data by converting the unmasked data into symbols. 11. The apparatus of claim 8 , wherein the stored first session identifier expires upon the termination of the session at the user workstation. 12. The apparatus of claim 11 , wherein the stored first mapped identifier and stored unmasked data are deleted when the stored first session identifier expires. 13. The apparatus of claim 8 , wherein the masking rules specify the type of information that needs to be masked. 14. A method comprising: receiving, by a masking server, via a network, unmasked data associated with a first session identifier; converting, by the masking server, the received unmasked data into masked data by applying one or more masking rules to the received unmasked data; generating, by the masking server, a first mapped identifier and associating it with the received unmasked data and the associated first session identifier; storing, by the masking server, the unmasked data, associated first session identifier, and associated first mapped identifier in a memory; sending, by the masking server, the masked data and associated first mapped identifier to a user workstation wherein the masked data is stored into a data tore; receiving, by the masking server, via a network, a second mapped identifier associated with a second session identifier from the user interface server; determining, by the masking server, whether the second session identifier corresponds to the first session identifier stored in the memory; in response to determining that the second session identifier corresponds to the first session identifier stored in the memory, finding, by the masking server, the first mapped identifier stored in the memory corresponding to the received second mapped identifier; retrieving, by the masking server, the unmasked data associated with the first mapped identifier from the memory; and sending, by the masking server, the retrieved unmasked data to the user workstation. 15. The method of claim 14 , wherein the first session identifier expires after a predetermined amount of time and wherein the first mapped identifier is deleted from the memory when the first session identifier expires. 16. The method of claim 14 , wherein the first session identifier is generated when a service is initialized at the user workstation and the first session identifier expires when the service is terminated at the user workstation. 17. The method of claim 14 , wherein the masking rules specify the masking techniques for converting the unmasked data into masked data. 18. The method of claim 14 , wherein the session identifiers, mapped identifiers, and unmasked data that are stored in the memory are encrypted. 19. The method of claim 14 , wherein the first session identifier is generated when a user logs into a user account and the first session identifier expires when the user logs out of the user account.

Assignees

Bank Of America

Inventors

Classifications

H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
G06F21/6263
during internet communication, e.g. revealing personal data from cookies · CPC title
G06F21/6245
Protecting personal data, e.g. for financial or medical purposes · CPC title
H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
G06F16/258
Data format conversion from or to a database · CPC title

Patent family

Related publications grouped by family.

View patent family 58283490

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9680799B2 cover?: An apparatus with one or more masking rules stored in a memory receives unmasked data associated with a first session identifier via a network and converts the received unmasked data into masked data by applying the one or more masking rules to the unmasked data. The apparatus generates a first mapped identifier associated with the unmasked data and first session identifier. The apparatus also …
Who is the assignee on this patent?: Bank Of America
What technology area does this patent fall under?: Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 13 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).