Tokenized payment processing schemes
Abstract
A data-processing system, such as a payment processing system, including a tokenizer, such as a card encryption and storage system (CES) employing a tokenization feature. In one embodiment, the present invention provides a first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer. The method includes the steps of: (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer; (c) the first computer receiving, from the third computer, a token having no algorithmic relationship to the confidential information; and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
(a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer; (c) the first computer receiving, from the third computer, a token having no algorithmic relationship to the confidential information; and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
2 . The invention of claim 1 , wherein the first computer comprises:
a first software program adapted to interface with the second computer; and a second software program different from the first software program, the second software program adapted to interface with the third computer but not the second computer.
3 . The invention of claim 2 , wherein:
step (a) comprises:
(a1) the first software program receiving the information for performing the transaction, except for the confidential information; and
(a2) the second software program receiving the confidential information manually entered by the user;
step (b) comprises the second software program sending the confidential information to the third computer; step (c) comprises the second software program receiving the token from the third computer; and step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
4 . The invention of claim 3 , further comprising the second software program buffering the token in a buffer, wherein, prior to step (d), the user pastes the token from the buffer into an entry field of the first software program.
5 . The invention of claim 4 , wherein the buffer is an operating-system clipboard of the first computer.
6 . The invention of claim 3 , wherein substep (a2) comprises the second software program receiving the confidential information by means of the user typing the confidential information into an entry field of a window displayed by the second software program.
7 . The invention of claim 2 , wherein:
step (a) comprises the first software program receiving the information for performing the transaction, including the confidential information; step (b) comprises:
(b1) the second software program receiving the confidential information from the first software program by inspecting an entry field of a window of the first software program that includes the confidential information; and
(b2) the second software program sending the confidential information to the third computer;
step (c) comprises:
(c1) the second software program receiving the token from the third computer; and
(c2) the second software program replacing the confidential information in the entry field of the window of the first software program with the token; and
step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
8 . The invention of claim 1 , wherein the first computer comprises:
a software program adapted to interface with the second computer; and a packet inspector adapted (i) to receive packets from the software program, (ii) to forward the packets to the second computer, and (iii) to selectively modify one or more of the packets prior to forwarding the packets to the second computer.
9 . The invention of claim 8 , wherein:
step (a) comprises the software program receiving the information for performing the transaction, including the confidential information; step (b) comprises:
(b1) the packet inspector receiving one or more packets of data from the software program, including the confidential information; and
(b2) the packet inspector sending the confidential information to the third computer;
step (c) comprises:
(c1) the packet inspector receiving the token from the third computer; and
(c2) the packet inspector modifying wherein the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and
step (d) comprises the packet inspector sending to the second computer the one or more modified packets of data, wherein the one or more modified packets of data include (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
10 . Apparatus for preventing the transmission of confidential information to a second computer in communication with the apparatus, the apparatus adapted to:
(a) receive information for performing a transaction, the information including confidential information manually entered by a user; (b) send the confidential information to a third computer; (c) receive, from the third computer, a token having no algorithmic relationship to the confidential information; and (d) send to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
11 . The invention of claim 10 , wherein the apparatus comprises:
a first software program adapted to interface with the second computer; and a second software program different from the first software program, the second software program adapted to interface with the third computer but not the second computer.
12 . The invention of claim 11 , wherein:
step (a) comprises:
(a1) the first software program receiving the information for performing the transaction, except for the confidential information; and
(a2) the second software program receiving the confidential information manually entered by the user;
step (b) comprises the second software program sending the confidential information to the third computer; step (c) comprises the second software program receiving the token from the third computer; and step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
13 . The invention of claim 12 , wherein the second software program is adapted to store the token in a buffer, wherein, prior to step (d), the user pastes the token from the buffer into an entry field of the first software program.
14 . The invention of claim 13 , wherein the buffer is an operating-system clipboard of the first computer.
15 . The invention of claim 12 , wherein substep (a2) comprises the second software program receiving the confidential information by means of the user typing the confidential information into an entry field of a window displayed by the second software program.
16 . The invention of claim 11 , wherein:
step (a) comprises the first software program receiving the information for performing the transaction, including the confidential information; step (b) comprises:
(b1) the second software program receiving the confidential information from the first software program by inspecting an entry field of a window of the first software program that includes the confidential information; and
(b2) the second software program sending the confidential information to the third computer;
step (c) comprises:
(c1) the second software program receiving the token from the third computer; and
(c2) the second software program replacing the confidential information in the entry field of the window of the first software program with the token; and
step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
17 . The invention of claim 10 , wherein the apparatus comprises:
a software program adapted to interface with the second computer; and a packet inspector adapted (i) to receive packets from the software program, (ii) to forward the packets to the second computer, and (iii) to selectively modify one or more of the packets prior to forwarding the packets to the second computer.
18 . The invention of claim 17 , wherein:
step (a) comprises the software program receiving the information for performing the transaction, including the confidential information; step (b) comprises:
(b1) the packet inspector receiving one or more packets of data from the software program, including the confidential information; and
(b2) the packet inspector sending the confidential information to the third computer;
step (c) comprises:
(c1) the packet inspector receiving the token from the third computer; and
(c2) the packet inspector modifying wherein the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and
step (d) comprises the packet inspector sending to the second computer the one or more modified packets of data, wherein the one or more modified packets of data include (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
19 . The invention of claim 18 , wherein the packet inspector is a dedicated hardware appliance having a processor different from a processor executing the software program.
20 . A first-computer-implemented method for preventing the transmission of confidential information, the method comprising the steps of:
(a) the first computer either (i) inspecting an entry field of a window of a software program to determine whether the entry field includes confidential information, or (ii) inspecting one or more packets of received data, to determine whether the one or more packets of data include confidential information; (b) if the inclusion of confidential information is determined in step (a), then
(b1) the first computer sending the confidential information to a second computer, and
(b2) the first computer receiving, from the second computer, a token having no algorithmic relationship to the confidential information; and
(c) the first computer either (i) replacing the confidential information in the entry field of the window of the software program with the token, or (ii) modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.