Patent Issued for System for improving data security through key management (USPTO 11657181): The Prudential Insurance Company of America
2023 JUN 08 (NewsRx) -- By a
The patent’s assignee for patent number 11657181 is
News editors obtained the following quote from the background information supplied by the inventors: “Users provide their information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Users provide information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.
“In conventional systems, the users have very little control over this information. The users provide their information to a provider to gain access to goods or services from the provider. The provider maintains the information (e.g., on a server). If that server were to be breached by a malicious user, the information would be exposed to the malicious user. Additionally, some providers even sell the information to other providers, often unbeknownst to the users. This sale and movement of the information further exposes the information to malicious users and lessens the control that the users have over such information.
“This disclosure contemplates an unconventional system for securing information (e.g., a user’s personally identifiable information (PII)). Generally, the system allows the user to store his PII on a personal device, such as a smartphone. When a third party wants to access the user’s PII (e.g., to update the PII or to retrieve the PII), a notification will be presented to the user on the personal device seeking consent to the access. The notification may inform the user as to what information is being requested and which entity is requesting the access. The requested access will be denied unless the user consents to the access. In this manner, the user is given control over the dissemination of his PII. Additionally, the system alters or adjusts the PII that is stored in third-party servers so that even if these servers are breached, the user’s actual PII is not exposed.
“According to an embodiment, a system includes a device of a user and a token handler separate from the device. The device receives personally identifiable information the user and encrypts the personally identifiable information to produce first encrypted personally identifiable information. The token handler receives the first encrypted personally identifiable information from the device of the user, decrypts the first encrypted personally identifiable information to produce the personally identifiable information, generates a token representing the personally identifiable information, and receives the token indicating a request for the personally identifiable information. The device receives consent from the user to provide the personally identifiable information in response to the request for the personally identifiable information, in response to receiving the consent from the user, encrypts the personally identifiable information to produce second encrypted personally identifiable information, and communicates the second encrypted personally identifiable information to the token handler.
“When PII is to be stored or updated, the system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user’s personal device or updates the PII stored in the user’s personal device. The system then generates a token representing the PII. The token can be presented at a later time to redeem or access the PII, subject to the user’s consent. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user’s actual PII from the token. In this manner, the security of the PII is improved over conventional systems.”
The claims supplied by the inventors are:
“1. A system for securing personally identifiable information, the system comprising a token handler comprising: a memory configured to store an encryption schedule comprising: an indication that a first portion of a user’s personally identifiable information was encrypted using a first public encryption key of a set of public encryption keys; and an indication that a second portion of the user’s personally identifiable information was encrypted using a second public encryption key of the set of public encryption keys; and a hardware processor communicatively coupled to the memory, the hardware processor configured to: receive, from a second system, a token indicating a request for redemption of the first and second portions of the user’s personally identifiable information; select, based on the encryption schedule, a first private encryption key corresponding to the first public encryption key; decrypt, using the first private encryption key, the first portion of the user’s personally identifiable information encrypted using the first public encryption key to produce the first portion of the user’s personally identifiable information; select, based on the encryption schedule, a second private encryption key of the token handler conesponding to the second public encryption key; decrypt, using the second private encryption key, the second portion of the user’s personally identifiable information encrypted using the second public encryption key to produce the second portion of the user’s personally identifiable information; determine that an age of the set of public encryption keys exceeds a time threshold; and in response to determining that the age of the set of public encryption keys exceeds the time threshold: encrypt, using a first public encryption key of a second set of public encryption keys, the first portion of the user’s personally identifiable information; encrypt, using a second public encryption key of the second set of public encryption keys, the second portion of the user’s personally identifiable information; and add, to the encryption schedule, an indication that the first portion of the user’s personally identifiable information was encrypted using the first public encryption key of the second set of public encryption keys and an indication that the second portion of the user’s personally identifiable information was encrypted using the second public encryption key of the second set of public encryption keys.
“2. The system of claim 1, wherein, in response to determining that the age of the set of public encryption keys exceeds the time threshold, the processor is further configured to verify the first portion of the user’s personally identifiable information and the second portion of the user’s personally identifiable information.
“3. The system of claim 1, wherein, in response to determining that the age of the set of public encryption keys exceeds the time threshold, the processor is configured to generate the second set of public encryption keys.
“4. The system of claim 1, wherein the processor is further configured to: after determining that the age of the set of public encryption keys exceeds the predetermined time threshold, receive a token indicating a second request for redemption of the first and second portions of the user’s personally identifiable information; and reject the second request based on the determination that the age of the set of public encryption keys exceeds the predetermined threshold.
“5. The system of claim 1, wherein the processor is further configured to: determine that a device separate from the token handler has established a connection with the token handler after receiving the token from the second system; and in response to determining that the device has established the connection, communicate the encryption schedule to the device.
“6. The system of claim 5, wherein the processor is further configured to communicate the set of public encryption keys to the device.
“7. The system of claim 1, wherein determining that the age of the set of public encryption keys exceeds the time threshold comprises determining, based on an ordinal assigned to a key of the set of public encryption keys and on a number of keys in the set of public encryption keys, that an age of the key exceeds the time threshold.
“8. The system of claim 1, wherein the memory is configured to store a key vault comprising the set of public encryption keys and an ordinal assigned to each key of the set of public encryption keys.
“9. The system of claim 8, wherein the encryption schedule identifies the first public encryption key using the ordinal assigned to the first public encryption key in the key vault.
“10. The system of claim 1, wherein the system further comprises the second system which is configured to randomly select the first and second public encryption keys from the set of public encryption keys.
“11. A method for securing personally identifiable information, the method comprising: receiving a token indicating a request for redemption of a first portion of a user’s personally identifiable information and a second portion of the user’s personally identifiable information; selecting, based on an encryption schedule, a first private encryption key corresponding to a first public encryption key of a set of public encryption keys, wherein the encryption schedule comprises an indication that the first portion of the user’s personally identifiable information was encrypted using the first public encryption key of the set of public encryption keys; decrypting, using the first private encryption key, the first portion of the user’s personally identifiable information encrypted using the first public encryption key to produce the first portion of the user’s personally identifiable information; selecting, based on the encryption schedule, a second private encryption key of the token handler corresponding to a second public encryption key of the set of public encryption keys, wherein the encryption schedule comprises an indication that the second portion of the user’s personally identifiable information was encrypted using the second public encryption key of the set of public encryption keys; decrypting, using the second private encryption key, the second portion of the user’s personally identifiable information encrypted using the second public encryption key to produce the second portion of the user’s personally identifiable information; determining that an age of the set of public encryption keys exceeds a time threshold; and in response to determining that the age of the set of public encryption keys exceeds the time threshold: encrypting, using a first public encryption key of a second set of public encryption keys, the first portion of the user’s personally identifiable information; encrypting, using a second public encryption key of the second set of public encryption keys, the second portion of the user’s personally identifiable information; and adding, to the encryption schedule, an indication that the first portion of the user’s personally identifiable information was encrypted using the first public encryption key of the second set of public encryption keys and an indication that the second portion of the user’s personally identifiable information was encrypted using the second public encryption key of the second set of public encryption keys.
“12. The method of claim 11, wherein, in response to determining that the age of the set of public encryption keys exceeds the time threshold, the method further comprises verifying the first portion of the user’s personally identifiable information and the second portion of the user’s personally identifiable information.
“13. The method of claim 11, wherein, in response to determining that the age of the set of public encryption keys exceeds the time threshold, the method further comprises generating the second set of public encryption keys.
“14. The method of claim 11, further comprising: after determining that the age of the set of public encryption keys exceeds the predetermined time threshold, receiving a token indicating a second request for redemption of the first and second portions of the user’s personally identifiable information; and rejecting the second request based on the determination that the age of the set of public encryption keys exceeds the predetermined threshold.
“15. The method of claim 11, further comprising communicating the encryption schedule to a device that has received the token.
“16. The method of claim 15, further comprising communicating the set of public encryption keys to the device.
“17. The method of claim 11, wherein determining that the age of the set of public encryption keys exceeds the time threshold comprises determining, based on an ordinal assigned to a key of the set of public encryption keys and on a number of keys in the set of public encryption keys, that an age of the key exceeds the time threshold.
“18. The method of claim 11, further comprising storing a key vault comprising the set of public encryption keys and an ordinal assigned to each key of the set of public encryption keys.
“19. The method of claim 18, wherein the encryption schedule identifies the first public encryption key using the ordinal assigned to the first public encryption key in the key vault.
“20. The method of claim 11, wherein the first and second public encryption keys were randomly selected from the set of public encryption keys.”
For additional information on this patent, see: Apsingekar, Venkatesh Sarvottamrao. System for improving data security through key management.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for System for determining type of property inspection based on captured images (USPTO 11657464): Allstate Insurance Company
Reports Outline Risk Management Study Results from Inner Mongolia University (Detection approach for unusable shared bikes enabled by reinforcement learning and PageRank algorithm): Insurance – Risk Management
Advisor News
- Economy ‘in a sweet spot’ but some concerns ahead
- Trump, Capitol allies likely looking at quick cryptocurrency legislation
- SEC panel reviews mandatory arbitration clause in investment advisory agreements
- Financial shocks, caregiving, inflation and technology are top retirement concerns
- Proposal to raise Social Security age under fire
More Advisor NewsAnnuity News
Health/Employee Benefits News
- AM Best Removes from Under Review With Positive Implications and Upgrades Issuer Credit Rating of Physicians Health Plan of Northern Indiana, Inc.
- PHOENIX – Native Americans in Arizona and three other states could now see government health coverage for some traditional
- The Latest: Luigi Mangione faces new federal charges according to unsealed criminal complaint
- Poll finds shocking number of adults sympathize with killing of health care CEO
- Man accused in UnitedHealthcare CEO killing expected to appear at hearing on extradition to New York
More Health/Employee Benefits NewsLife Insurance News