US2020027081A1PendingUtilityA1

Token management for enhanced omni-channel payments experience and analytics

Assignee: CLOVER NETWORK INCPriority: Jun 13, 2018Filed: Sep 17, 2019Published: Jan 23, 2020
Est. expiryJun 13, 2038(~11.9 yrs left)· nominal 20-yr term from priority
G06Q 20/3823G06Q 20/3672G06Q 2220/00G06Q 20/20G06Q 20/322G06Q 20/202G06Q 20/385G06Q 20/3226G06Q 20/382G06Q 20/3827G06Q 20/3674H04L 9/50
64
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods and systems related to the use of tokenization services in payment processing systems are disclosed. The methods and systems include token translation services, token maps used as the basis for customer data models, specific approaches for securing the token maps and associated data, and the efficient storage of the token maps and associated data to facilitate enhanced payments experiences and analytics. One method includes transmitting a tokenization request with an encrypted payment account number from a POS to a tokenization service, receiving a token from the tokenization service in response to the tokenization request, salting the token with data to produce a salted token, encrypting the salted token using a secure processor on the POS, mapping the encrypted salted token to the payment account number in a map, and storing the map and the encrypted salted token in a memory on the secure processor on the POS.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method comprising:
 transmitting a tokenization request with an encrypted payment account number from a point of sale device to a tokenization service, wherein the point of sale device includes a memory and a secure processor;   receiving a token from the tokenization service in response to the tokenization request, wherein the token is a tokenized version of the encrypted payment account number;   tagging the token with data to produce a salted token;   encrypting the salted token using a secure processor on the point of sale device;   mapping the encrypted salted token to the payment account number in a map, wherein the payment account number is mapped using at least a portion of the payment account number; and   storing the map and the encrypted salted token in the memory associated with the secure processor on the point of sale device.   
     
     
         2 . The method of  claim 1 , further comprising:
 synchronizing the map across the point of sale device, a second point of sale device, and a central server;   receiving a request to authorization a second payment using the payment account number on the second point of sale device;   identifying the salted encrypted token using the payment account number and the map;   decrypting the salted encrypted token to retrieve the data; and   restricting the authorization of the second payment on the second point of sale device based on the data.   
     
     
         3 . The method of  claim 1 , further comprising:
 synchronizing the map across the point of sale device, a second point of sale device, and a central server;   receiving a request to authorize a second payment using the payment account number on the second point of sale device;   identifying the encrypted salted token using the payment account number and the map;   restricting the authorization of the second payment on the second point of sale device: (i) without decrypting the encrypted salted token; and (ii) based on the data.   
     
     
         4 . The method of  claim 1 , further comprising:
 providing an application programming interface on the point of sale device for conducting analytics using the encrypted salted token;   receiving a request for data on the application programming interface; and   providing a response on the application programming interface;   wherein the response includes data from a field of the encrypted salted token; and   wherein providing the response does not involve decrypting, at any time between when the request is received on the application programming interface and when the response is provided on the application programming interface, the encrypted salted token.   
     
     
         5 . The method of  claim 1 , wherein:
 the encrypting of the salted token is conducted using a format preserving encryption algorithm; and   the point of sale device is a point of sale terminal.   
     
     
         6 . The method of  claim 5 , further comprising:
 receiving a request to authorize a second payment using the payment account number on a second point of sale terminal;   identifying the encrypted salted token using the payment account number;   evaluating a field of the encrypted salted token without decrypting the encrypted salted token; and   restricting the authorization of the second payment on the second point of sale terminal based on the evaluating of the field of the encrypted salted token.   
     
     
         7 . The method of  claim 5 , further comprising:
 providing an application programming interface on the point of sale terminal for conducting analytics using the encrypted salted token;   receiving a request for data on the application programming interface; and   providing a response on the application programming interface;   wherein the response includes data from a field of the encrypted salted token; and   wherein providing the response does not involve decrypting, at any time between when the request is received on the application programming interface and when the response is provided on the application programming interface, the encrypted salted token.   
     
     
         8 . The method of  claim 7 , further comprising:
 rate-limiting the application programming interface.   
     
     
         9 . The method of  claim 7 , further comprising:
 sharding the encrypted salted token into at least a first shard and a second shard;   transmitting the second shard to a second point of sale terminal for a partitioned storage of the encrypted salted token; and   wherein storing the encrypted salted token in the memory associated with the secure processor involves storing the first shard in the memory as part of the partitioned storage.   
     
     
         10 . The method of  claim 1 , further comprising:
 receiving a payment account number at the point of sale device;   encrypting the payment account number on the point of sale device into the encrypted payment account number;   transmitting a second tokenization request with the encrypted payment account number to a second tokenization service;   receiving a second token from the tokenization service in response to the tokenization request, wherein the second token includes a second tokenized version of the encrypted payment account number;   transmitting a payment authorization request with the second token to a payment processor;   receiving an approval for the payment authorization request from the payment processor; and   wherein the transmitting of the second tokenization request and the tokenization request are both conducted by point of sale device in response to the single step of receiving the payment account number at the point of sale device.   
     
     
         11 . The method of  claim 10 , wherein:
 the transmitting of the second tokenization request and the tokenization request are conducted asynchronously by the point of sale device.   
     
     
         12 . The method of  claim 10 , further comprising:
 receiving the payment account number on a second point of sale device;   wherein the point of sale device is a point of sale terminal; and   wherein the second point of sale device includes a virtual point of sale instantiated on a server and a web browser.   
     
     
         13 . The method of  claim 12 , further comprising:
 retrieving the encrypted salted token using the map and the payment account number;   storing the encrypted salted token on the second point of sale device as a retrieved encrypted salted token;   transmitting a second payment authorization request from the second point of sale device using the retrieved encrypted salted token; and   receiving a second approval for the second payment authorization request.   
     
     
         14 . The method of  claim 12 , further comprising:
 transmitting a second payment authorization request from the second point of sale device;   receiving a second authorization for the second payment authorization request; and   associating the payment authorization and the second payment authorization in memory using the map.   
     
     
         15 . The method of  claim 14 , further comprising:
 providing an application programming interface on the point of sale device for conducting analytics using the map; and   obtaining data regarding the payment authorization and the second payment authorization via a single call to the application programming interface.   
     
     
         16 . A method comprising:
 transmitting a tokenization request with an encrypted payment account number from a point of sale device to a tokenization service, wherein the point of sale device includes a memory and a secure processor;   receiving a token from the tokenization service in response to the tokenization request, wherein the token is a tokenized version of the encrypted payment account number;   tagging the token with data to produce a salted token;   encrypting the salted token using a secure processor on the point of sale device;   mapping the encrypted salted token to the payment account number in a map, wherein the payment account number is mapped using at least a portion of the payment account number; and   synchronizing the map across the point of sale device, a second point of sale device, and a central server.   
     
     
         17 . The method of  claim 16 , further comprising:
 receiving a request to authorize a second payment using the payment account number on the second point of sale device;   identifying the encrypted salted token using the payment account number and the map;   decrypting the encrypted salted token to retrieve the data; and   restricting the authorization of the second payment on the second point of sale device based on the data.   
     
     
         18 . The method of  claim 16 , further comprising:
 receiving a request to authorize a second payment using the payment account number on the second point of sale device;   identifying the encrypted salted token using the payment account number and the map;   restricting the authorization of the second payment on the second point of sale device:   (i) without decrypting the encrypted salted token; and (ii) based on the data.   
     
     
         19 . The method of  claim 16 , further comprising:
 providing an application programming interface on the point of sale device for conducting analytics using the encrypted salted token;   receiving a request for data on the application programming interface; and   providing a response on the application programming interface;   wherein the response includes data from a field of the encrypted salted token; and   wherein providing the response does not involve decrypting, at any time between when the request is received on the application programming interface and when the response is provided on the application programming interface, the encrypted salted token.   
     
     
         20 . The method of  claim 16 , wherein:
 the encrypting of the salted token is conducted using a format preserving encryption algorithm; and   the point of sale device is a point of sale terminal.   
     
     
         21 . A computer-readable medium storing instructions to execute a method comprising:
 transmitting a tokenization request with an encrypted payment account number from a point of sale device to a tokenization service, wherein the point of sale device includes a memory and a secure processor;   receiving a token from the tokenization service in response to the tokenization request, wherein the token is a tokenized version of the encrypted payment account number;   tagging the token with data to produce a salted token;   encrypting the salted token using a secure processor on the point of sale device;   mapping the encrypted salted token to the payment account number in a map, wherein the payment account number is mapped using at least a portion of the payment account number; and   storing the map and the encrypted salted token in the memory associated with the secure processor on the point of sale device.   
     
     
         22 . The computer-readable medium of  claim 21 , the method further comprising:
 synchronizing the map across the point of sale device, a second point of sale device, and a central server;   receiving a request to authorize a second payment using the payment account number on the second point of sale device;   identifying the encrypted salted token using the payment account number and the map;   decrypting the encrypted salted token to retrieve the data; and   restricting the authorization of the second payment on the second point of sale device based on the data.   
     
     
         23 . The computer-readable medium of  claim 21 , the method further comprising:
 synchronizing the map across the point of sale device, a second point of sale device, and a central server;   receiving a request to authorize a second payment using the payment account number on the second point of sale device;   identifying the encrypted salted token using the payment account number and the map;   restricting the authorization of the second payment on the second point of sale device:   (i) without decrypting the encrypted salted token; and (ii) based on the data.   
     
     
         24 . The computer-readable medium of  claim 21 , the method further comprising:
 providing an application programming interface on the point of sale device for conducting analytics using the encrypted salted token;   receiving a request for data on the application programming interface; and   providing a response on the application programming interface;   wherein the response includes data from a field of the encrypted salted token; and   wherein providing the response does not involve decrypting, at any time between when the request is received on the application programming interface and when the response is provided on the application programming interface, the encrypted salted token.   
     
     
         25 . The computer-readable medium of  claim 21 , the method further comprising:
 the encrypting of the salted token is conducted using a format preserving encryption algorithm; and   the point of sale device is a point of sale terminal.

Join the waitlist — get patent alerts

Track US2020027081A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.