Patent Issued for System for improving data security when redeeming data (USPTO 11281752): The Prudential Insurance Company of America
2022 APR 11 (NewsRx) -- By a
The patent’s inventors are Apsingekar, Venkatesh Sarvottamrao (
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Users provide their information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “Users provide information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.
“In conventional systems, the users have very little control over this information. The users provide their information to a provider to gain access to goods or services from the provider. The provider maintains the information (e.g., on a server). If that server were to be breached by a malicious user, the information would be exposed to the malicious user. Additionally, some providers even sell the information to other providers, often unbeknownst to the users. This sale and movement of the information further exposes the information to malicious users and lessens the control that the users have over such information.
“This disclosure contemplates an unconventional system for securing information (e.g., a user’s personally identifiable information (PII)). Generally, the system allows the user to store his PII on a personal device, such as a smartphone. When a third party wants to access the user’s PII (e.g., to update the PII or to retrieve the PII), a notification will be presented to the user on the personal device seeking consent to the access. The notification may inform the user as to what information is being requested and which entity is requesting the access. The requested access will be denied unless the user consents to the access. In this manner, the user is given control over the dissemination of his PII. Additionally, the system alters or adjusts the PII that is stored in third-party servers so that even if these servers are breached, the user’s actual PII is not exposed.
“According to an embodiment, a system includes a device of a user and a token handler separate from the device. The device receives personally identifiable information the user and encrypts the personally identifiable information to produce first encrypted personally identifiable information. The token handler receives the first encrypted personally identifiable information from the device of the user, decrypts the first encrypted personally identifiable information to produce the personally identifiable information, generates a token representing the personally identifiable information, and receives the token indicating a request for the personally identifiable information. The device receives consent from the user to provide the personally identifiable information in response to the request for the personally identifiable information, in response to receiving the consent from the user, encrypts the personally identifiable information to produce second encrypted personally identifiable information, and communicates the second encrypted personally identifiable information to the token handler.
“When PII is to be stored or updated, the system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user’s personal device or updates the PII stored in the user’s personal device. The system then generates a token representing the PII. The token can be presented at a later time to redeem or access the PII, subject to the user’s consent. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user’s actual PII from the token. In this manner, the security of the PII is improved over conventional systems.”
The claims supplied by the inventors are:
“1. A system for retrieving personally identifiable information, the system comprising: a token handler configured to: receive, from a data originator, a token representing personally identifiable information; and in response to receiving the token from the data originator, insert into a first queue a request to redeem personally identifiable information of a user corresponding to the personally identifiable information; and a device of the user separate from the token handler, the device configured to: store the personally identifiable information encrypted using a public encryption key of the token handler; establish a connection with the token handler, the token handler further configured to update a status of the request to redeem in a second queue in response to determining that the device has established the connection; in response to the updated status in the second queue and after establishing the connection, present a notification message to the user seeking consent to redeem the personally identifiable information; in response to receiving the consent from the user: encrypt, using a public encryption key of the data originator, the personally identifiable information encrypted using the public encryption key of the token handler to produce the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator; and communicate the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator to the token handler.
“2. The system of claim 1, wherein: the data originator is configured to: retrieve, from the token handler, the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator; decrypt, using a private encryption key of the data originator, the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator, to produce the personally identifiable information encrypted using the public encryption key of the token handler; and communicate, to the token handler, the personally identifiable information encrypted using the public encryption key of the token handler; and the token handler further configured to: decrypt, using a private encryption key of the token handler, the personally identifiable information encrypted using the public encryption key of the token handler to produce the personally identifiable information; and provide the personally identifiable information to the data originator.
“3. The system of claim 2, wherein the token handler is further configured to provide the personally identifiable information to the data originator through a phone call.
“4. The system of claim 1, wherein the token handler is configured to further update the status of the request in the second queue in response to receiving the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator, the data originator retrieves the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator from a cache of the token handler in response to the further updated status.
“5. The system of claim 1, wherein: the device of the user is further configured to generate a salted passphrase of the user by: receiving a passphrase from the user; and hashing the passphrase with a phone number and an email address of the user to produce the salted passphrase; and the token handler is further configured to generate the public encryption key for the token handler using a public encryption key for the device.
“6. The system of claim 1, wherein the token handler is further configured to, in response to receiving the token, wait for the device to establish the connection with the token handler.
“7. The system of claim 1, wherein the token handler is further configured to: receive, from the data originator, a request for a portion of the personally identifiable information; in response to receiving the request for the portion of the personally identifiable information, retrieve, from a repository in a cloud, the portion of the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator; decrypt, using the private encryption of the token handler, the portion of the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator to produce the portion of the personally identifiable information encrypted using the public encryption key of the data originator.
“8. The system of claim 1, wherein the device is further configured to communicate the token to the token handler.
“9. The system of claim 1, wherein the token handler is further configured to: retrieve, based on the token, the public encryption key for the data originator; and communicate the public encryption key for the data originator to the device.
“10. The system of claim 1, wherein the data originator is further configured to retrieve the token from a database of the data originator.
“11. A method for retrieving personally identifiable information, the method comprising: receiving, by a token handler, from a data originator, a token representing personally identifiable information; in response to receiving the token from the data originator, inserting, by the token handler, into a first queue a request to redeem personally identifiable information of a user corresponding to the personally identifiable information; storing, by a device separate from the token handler, the personally identifiable information encrypted using a public encryption key of the token handler; establishing, by the device, a connection with the token handler, the token handler further configured to update a status of the request to redeem in a second queue in response to determining that the device has established the connection; in response to the updated status in the second queue and after establishing the connection, presenting, by the device, a notification message to the user seeking consent to redeem the personally identifiable information; in response to receiving the consent from the user: encrypting, by the device, using a public encryption key of the data originator, the personally identifiable information encrypted using the public encryption key of the token handler to produce the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator; and communicating, by the device, the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator to the token handler.
“12. The method of claim 11, further comprising: retrieving, by the data originator, from the token handler, the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator; decrypting, by the data originator, using a private encryption key of the data originator, the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator, to produce the personally identifiable information encrypted using the public encryption key of the token handler; communicating, by the data originator, to the token handler, the personally identifiable information encrypted using the public encryption key of the token handler; decrypting, by the token handler, using a private encryption key of the token handler, the personally identifiable information encrypted using the public encryption key of the token handler to produce the personally identifiable information; and providing, by the token handler the personally identifiable information to the data originator.
“13. The method of claim 12, further comprising providing, by the token handler, the personally identifiable information to the data originator through a phone call.
“14. The method of claim 11, further comprising: further updating, by the token handler, the status of the request in the second queue in response to receiving the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator; and retrieving, by the data originator, the personally identifiable information encrypted using the public encryption key of the token handler and the public encryption key of the data originator from a cache of the token handler in response to the further updated status.
“15. The method of claim 11, further comprising: generating, by the device of the user, a salted passphrase of the user by: receiving a passphrase from the user; and hashing the passphrase with a phone number and an email address of the user to produce the salted passphrase; and generating, by the token handler, the public encryption key for the token handler using a public encryption key for the device.
“16. The method of claim 11, further comprising waiting, by the token handler, in response to receiving the token, for the device to establish the connection with the token handler.”
There are additional claims. Please visit full patent to read further.
For the URL and additional information on this patent, see: Apsingekar, Venkatesh Sarvottamrao. System for improving data security when redeeming data.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Texas A&M University Reports Findings in Risk Management (Derivation of the Empirical Bayesian method for the Negative Binomial-Lindley generalized linear model with application in traffic safety): Risk Management
COMSATS University Researchers Have Provided New Study Findings on Risk Management (Determining Financial Uncertainty through the Dynamics of Sukuk Bonds and Prices in Emerging Market Indices): Insurance – Risk Management
Advisor News
- CFP Board announces CEO leadership transition
- State Street study looks at why AUM in model portfolios is increasing
- Supreme Court to look at ERISA rules in upcoming Cornell case
- FPA announces passing of CEO, succession plan
- Study: Do most affluent investors prefer a single financial services provider?
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Health centers brace for chance of limited funds
- Anti-LGBTQ+ policies harm the health of not only LGBTQ+ people, but all Americans
- 59% of insurance sector breaches caused by third-party attacks.
- Why 10-pay LTCi could be a smart move
- Factsheet January 2025
More Health/Employee Benefits NewsLife Insurance News
- 59% of insurance sector breaches caused by third-party attacks.
- Pacific Life Announces Promotions of Karen Neeley and Patricia Thompson to Senior Vice President
- Lincoln Financial Reports 2024 Fourth Quarter and Full Year Results
- 2024 Annual Information Form
- 4th Quarter 2024 Results 2024 Management's Discussion and Analysis
More Life Insurance News