Patent Issued for System for improving data security (USPTO 11646888): The Prudential Insurance Company of America

2023 MAY 26 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- The Prudential Insurance Company of America (Newark, New Jersey, United States) has been issued patent number 11646888, according to news reporting originating out of Alexandria, Virginia, by NewsRx editors.

The patent’s inventors are Apsingekar, Venkatesh Sarvottamrao (San Jose, CA, US), Lavine, James Francis (Corte Madera, CA, US), Motadoo, Sahil Vinod (Sunnyvale, CA, US), Schille, Christopher John (San Jose, CA, US).

This patent was filed on November 4, 2021 and was published online on May 9, 2023.

From the background information supplied by the inventors, news correspondents obtained the following quote: “Users provide their information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.”

Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “Users provide information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.

“In conventional systems, the users have very little control over this information. The users provide their information to a provider to gain access to goods or services from the provider. The provider maintains the information (e.g., on a server). If that server were to be breached by a malicious user, the information would be exposed to the malicious user. Additionally, some providers even sell the information to other providers, often unbeknownst to the users. This sale and movement of the information further exposes the information to malicious users and lessens the control that the users have over such information.

“This disclosure contemplates an unconventional system for securing information (e.g., a user’s personally identifiable information (PII)). Generally, the system allows the user to store his PII on a personal device, such as a smartphone. When a third party wants to access the user’s PII (e.g., to update the PII or to retrieve the PII), a notification will be presented to the user on the personal device seeking consent to the access. The notification may inform the user as to what information is being requested and which entity is requesting the access. The requested access will be denied unless the user consents to the access. In this manner, the user is given control over the dissemination of his PII. Additionally, the system alters or adjusts the PII that is stored in third-party servers so that even if these servers are breached, the user’s actual PII is not exposed.

“According to an embodiment, a system includes a device of a user and a token handler separate from the device. The device receives personally identifiable information the user and encrypts the personally identifiable information to produce first encrypted personally identifiable information. The token handler receives the first encrypted personally identifiable information from the device of the user, decrypts the first encrypted personally identifiable information to produce the personally identifiable information, generates a token representing the personally identifiable information, and receives the token indicating a request for the personally identifiable information. The device receives consent from the user to provide the personally identifiable information in response to the request for the personally identifiable information, in response to receiving the consent from the user, encrypts the personally identifiable information to produce second encrypted personally identifiable information, and communicates the second encrypted personally identifiable information to the token handler.

“When PII is to be stored or updated, the system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user’s personal device or updates the PII stored in the user’s personal device. The system then generates a token representing the PII. The token can be presented at a later time to redeem or access the PII, subject to the user’s consent. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user’s actual PII from the token. In this manner, the security of the PII is improved over conventional systems.”

The claims supplied by the inventors are:

“1. A system for protecting personally identifiable information, the system comprising: a hardware device configured to: generate a public encryption key of the hardware device; receive personally identifiable information of a user; and a hardware processor separate from the hardware device, the hardware processor configured to generate, based on the public encryption key of the hardware device, a public encryption key of the hardware processor; wherein the hardware device is further configured to encrypt the personally identifiable information to produce first encrypted personally identifiable information using at least the public encryption key of the hardware processor; wherein the hardware processor is further configured to: receive the first encrypted personally identifiable information from the hardware device; decrypt the first encrypted personally identifiable information to produce the personally identifiable information; generate a token representing the personally identifiable information; and receive the token indicating a request for the personally identifiable information; wherein the hardware device is further configured to: establish a connection with the hardware processor; after determining that the hardware processor has received the token indicating the request for the personally identifiable information, prompt the user for consent to provide the personally identifiable information; in response to receiving the consent from the user, encrypt the personally identifiable information to produce second encrypted personally identifiable information; and communicate the second encrypted personally identifiable information to the hardware processor.

“2. The system of claim 1, wherein the hardware processor is further configured to delete the public encryption key of the hardware processor in response to a determination that the public encryption key of the hardware processor has been active for a period of time that exceeds a threshold.

“3. The system of claim 1, further comprising a second hardware device, the hardware processor further configured to: receive, from the second hardware device, a public encryption key of the second hardware device; generate a second public encryption key of the hardware processor based on the public encryption key of the second hardware device; and link the second hardware device to the hardware device, wherein the second hardware device is configured to download the personally identifiable information from a cloud after being linked to the hardware device.

“4. The system of claim 3, wherein: the hardware processor is further configured to receive, from the second hardware device, a salted passphrase associated with the hardware device; and linking the second hardware device to the hardware device is accomplished using the salted passphrase.

“5. The system of claim 3, wherein the second hardware device is further configured to delete the personally identifiable information from the cloud after downloading the personally identifiable information from the cloud.

“6. The system of claim 1, wherein: the hardware processor is further configured to communicate the token to the hardware device; and the hardware device is further configured to: create a local repository; store the token in the local repository; and push the local repository to a cloud.

“7. The system of claim 6, wherein the hardware processor is further configured to: encrypt a portion of the personally identifiable information using a public encryption key of an external system and the public encryption key of the hardware processor; store, in the cloud, the portion of the personally identifiable information encrypted using the public encryption key of the external system and the public encryption key of the hardware processor; receive a request for the portion of the personally identifiable information; in response to the request for the portion of the personally identifiable information, retrieve, from the cloud, the portion of the personally identifiable information encrypted using the public encryption key of the external system and the public encryption key of the hardware processor; and decrypt the encrypted portion of the personally identifiable information using a private encryption key of the hardware processor to produce the portion of the personally identifiable information encrypted using the public encryption key of the external system.

“8. The system of claim 1, wherein the hardware processor is further configured to: adjust the personally identifiable information to produce anonymized data; and generate an identifier for a ledger storing the anonymized data.

“9. The system of claim 1, wherein the hardware processor is further configured to: receive a request to lock out the user; receive the token indicating a second request for the personally identifiable information after receiving the request to lock out the user; and in response to receiving the request to lock out the user, reject the second request for the personally identifiable information.

“10. A method for protecting personally identifiable information, the method comprising: generating, by a hardware device, a public encryption key of the hardware device; receiving, by the hardware device, personally identifiable information of a user; generating, by a hardware processor separate from the hardware device, a public encryption key of the hardware processor, wherein the public encryption key of the hardware processor is generated based on the public encryption key of the hardware device; encrypting, by the hardware, the personally identifiable information to produce first encrypted personally identifiable information using at least the public encryption key of the hardware processor; receiving, by the hardware processor, the first encrypted personally identifiable information from the hardware device; decrypting, by the hardware processor, the first encrypted personally identifiable information to produce the personally identifiable information; generating a token representing the personally identifiable information; receiving, by the hardware processor, the token indicating a request for the personally identifiable information; establishing, by the hardware device, a connection with the hardware processor; after determining that the hardware processor has received the token indicating the request for the personally identifiable information, prompting, by the hardware device, the user for consent to provide the personally identifiable information; in response to receiving the consent from the user, encrypting, by the hardware device, the personally identifiable information to produce second encrypted personally identifiable information; and communicating, by the hardware device, the second encrypted personally identifiable information to the hardware processor.

“11. The method of claim 10, further comprising deleting, by the hardware processor, the public encryption key of the hardware processor in response to a determination that the public encryption key of the hardware processor has been active for a period of time that exceeds a threshold.

“12. The method of claim 10, further comprising: receiving, by the hardware processor, from a second hardware device, a public encryption key of the second hardware device; generating, by the hardware processor, a second public encryption key of the hardware processor based on the public encryption key of the second hardware device; linking, by the hardware processor, the second hardware device to the hardware device; and downloading, by the second hardware device, the personally identifiable information from a cloud after being linked to the hardware device.

“13. The method of claim 12, further comprising: receiving, from the second hardware device, a salted passphrase associated with the hardware device; and linking the second hardware device to the hardware device is performed using the salted passphrase.

“14. The method of claim 12, further comprising deleting, by the second hardware device, the personally identifiable information from the cloud after downloading the personally identifiable information from the cloud.

“15. The method of claim 10, further comprising: communicating, by the hardware processor, the token to the hardware device; creating, by the hardware device, a local repository; storing the token in the local repository; and pushing the local repository to a cloud.

“16. The method of claim 15, further comprising: encrypting, by the hardware processor, a portion of the personally identifiable information using a public encryption key of an external system and the public encryption key of the hardware processor; storing, by the hardware processor, in the cloud, the portion of the personally identifiable information encrypted using the public encryption key of the external system and the public encryption key of the hardware processor; receiving, by the hardware processor, a request for the portion of the personally identifiable information; in response to the request for the portion of the personally identifiable information, retrieving, by the hardware processor, from the cloud, the portion of the personally identifiable information encrypted using the public encryption key of the external system and the public encryption key of the hardware processor; and decrypting, by the hardware processor, the encrypted portion of the personally identifiable information using a private encryption key of the hardware processor to produce the portion of the personally identifiable information encrypted using the public encryption key of the external system.

“17. The method of claim 10, further comprising: adjusting, by the hardware processor, the personally identifiable information to produce anonymized data; and generating, by the hardware processor, an identifier for a ledger storing the anonymized data.”

There are additional claims. Please visit full patent to read further.

For the URL and additional information on this patent, see: Apsingekar, Venkatesh Sarvottamrao. System for improving data security. U.S. Patent Number 11646888, filed November 4, 2021, and published online on May 9, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11646888)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)