Patent Issued for System for improving data security when redeeming data (USPTO 11803622): The Prudential Insurance Company of America
2023 NOV 20 (NewsRx) -- By a
The patent’s inventors are Apsingekar, Venkatesh Sarvottamrao (
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Users provide their information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “Users provide information (e.g., name, address, telephone number, email address, social security number, etc.) in a variety of contexts (e.g., mortgage applications, credit card applications, financial account applications, air travel ticket orders, medical office visits, etc.). If this information were exposed to or taken by a malicious user, then the malicious user would be able to use this information to impersonate the users to conduct undesired or unwanted transactions.
“In conventional systems, the users have very little control over this information. The users provide their information to a provider to gain access to goods or services from the provider. The provider maintains the information (e.g., on a server). If that server were to be breached by a malicious user, the information would be exposed to the malicious user. Additionally, some providers even sell the information to other providers, often unbeknownst to the users. This sale and movement of the information further exposes the information to malicious users and lessens the control that the users have over such information.
“This disclosure contemplates an unconventional system for securing information (e.g., a user’s personally identifiable information (PII)). Generally, the system allows the user to store his PII on a personal device, such as a smartphone. When a third party wants to access the user’s PII (e.g., to update the PII or to retrieve the PII), a notification will be presented to the user on the personal device seeking consent to the access. The notification may inform the user as to what information is being requested and which entity is requesting the access. The requested access will be denied unless the user consents to the access. In this manner, the user is given control over the dissemination of his PII. Additionally, the system alters or adjusts the PII that is stored in third-party servers so that even if these servers are breached, the user’s actual PII is not exposed.
“According to an embodiment, a system includes a device of a user and a token handler separate from the device. The device receives personally identifiable information the user and encrypts the personally identifiable information to produce first encrypted personally identifiable information. The token handler receives the first encrypted personally identifiable information from the device of the user, decrypts the first encrypted personally identifiable information to produce the personally identifiable information, generates a token representing the personally identifiable information, and receives the token indicating a request for the personally identifiable information. The device receives consent from the user to provide the personally identifiable information in response to the request for the personally identifiable information, in response to receiving the consent from the user, encrypts the personally identifiable information to produce second encrypted personally identifiable information, and communicates the second encrypted personally identifiable information to the token handler.
“When PII is to be stored or updated, the system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user’s personal device or updates the PII stored in the user’s personal device. The system then generates a token representing the PII. The token can be presented at a later time to redeem or access the PII, subject to the user’s consent. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user’s actual PII from the token. In this manner, the security of the PII is improved over conventional systems.”
The claims supplied by the inventors are:
“1. A system for retrieving personally identifiable information, the system comprising: a hardware processor configured to: receive, from a second system, a token associated with personally identifiable information of a user; and in response to receiving the token, store a request to redeem the personally identifiable information of the user; and a computing device of the user separate from the hardware processor, the computing device configured to: store the personally identifiable information encrypted using a first public encryption key; establish a connection with the hardware processor; after establishing the connection and in response to the request being stored, request consent from the user to redeem the personally identifiable information; in response to receiving the consent from the user: encrypt, using a second public encryption key, the personally identifiable information encrypted using the first public encryption key to produce the personally identifiable information encrypted using the first public encryption key and the second public encryption key; and communicate the personally identifiable information encrypted using the first public encryption key and the second public encryption key to the hardware processor.
“2. The system of claim 1, wherein: the system further comprises the second system, the second system configured to: retrieve, from the hardware processor, the personally identifiable information encrypted using the first public encryption key and the second public encryption key; decrypt, using a first private encryption key, the personally identifiable information encrypted using the first public encryption key and the second public encryption key, to produce the personally identifiable information encrypted using the first public encryption key; and communicate, to the hardware processor, the personally identifiable information encrypted using the first public encryption key; and the hardware processor is further configured to: decrypt, using a second private encryption key, the personally identifiable information encrypted using the first public encryption key to produce the personally identifiable information; and provide the personally identifiable information to the second system.
“3. The system of claim 2, wherein the hardware processor is further configured to provide the personally identifiable information to the second system through a phone call.
“4. The system of claim 2, wherein: the hardware processor is further configured to update a status of the request in response to receiving the personally identifiable information encrypted using the first public encryption key and the second public encryption key; and the system further comprises the second system, the second system configured to retrieve the personally identifiable information encrypted using the first public encryption key and the second public encryption key from a cache associated with the hardware processor, in response to the update of the status of the request.
“5. The system of claim 1, wherein: the computing device of the user is further configured to generate a salted passphrase of the user by: receiving a passphrase from the user; and hashing the passphrase with a phone number and an email address of the user to produce the salted passphrase; and the hardware processor is further configured to generate the first public encryption key using a public encryption key for the computing device.
“6. The system of claim 1, wherein the hardware processor is further configured to, in response to receiving the token, wait for the computing device to establish the connection.
“7. The system of claim 1, wherein the hardware processor is further configured to: receive, from the second system, a request for a portion of the personally identifiable information; in response to receiving the request for the portion of the personally identifiable information, retrieve, from a repository in a cloud, the portion of the personally identifiable information encrypted using the first public encryption key and the second public encryption key; and decrypt, using a first private encryption key, the portion of the personally identifiable information encrypted using the first public encryption key and the second public encryption key to produce the portion of the personally identifiable information encrypted using the second public encryption key.
“8. The system of claim 1, wherein the computing device is further configured to communicate the token to the hardware processor.
“9. The system of claim 1, wherein the hardware processor is further configured to: retrieve, based on the token, the second public encryption key; and communicate the second public encryption key to the computing device.
“10. The system of claim 1, wherein the system further comprises the second system, the second system configured to retrieve the token from a database associated with the second system.
“11. A method for retrieving personally identifiable information, the method comprising: receiving, by a hardware processor, from an external system, a token associated with personally identifiable information of a user; in response to receiving the token, storing, by the hardware processor, a request to redeem the personally identifiable information of the user; storing, by a computing device separate from the hardware processor, the personally identifiable information encrypted using a first public encryption key; establishing, by the computing device, a connection with the hardware processor; after establishing the connection and in response to the request being stored, requesting, by the computing device, consent from the user to redeem the personally identifiable information; in response to receiving the consent from the user: encrypting, by the computing device, using a second public encryption key, the personally identifiable information encrypted using the first public encryption key to produce the personally identifiable information encrypted using the first public encryption key and the second public encryption key; and communicating, by the computing device, the personally identifiable information encrypted using the first public encryption key and the second public encryption key to the hardware processor.
“12. The method of claim 11, further comprising: retrieving, by the external system, from the hardware processor, the personally identifiable information encrypted using the first public encryption key and the second public encryption key; decrypting, by the external system, using a first private encryption key, the personally identifiable information encrypted using the first public encryption key and the second public encryption key, to produce the personally identifiable information encrypted using the first public encryption key; communicating, by the external system, to the hardware processor, the personally identifiable information encrypted using the first public encryption key; decrypting, by the hardware processor, using a second private encryption key, the personally identifiable information encrypted using the first public encryption key to produce the personally identifiable information; and providing, by the hardware processor, the personally identifiable information to the external system.
“13. The method of claim 12, wherein providing, by the hardware processor, the personally identifiable information to the external system comprises providing the personally identifiable information to the external system through a phone call.
“14. The method of claim 12, further comprising updating, by the hardware processor, a status of the request in response to receiving the personally identifiable information encrypted using the first public encryption key and the second public encryption key, wherein the external system retrieves the personally identifiable information encrypted using the first public encryption key and the second public encryption key from a cache associated with the hardware processor in response to the update of the status of the request.
“15. The method of claim 11, further comprising: generating, by the computing device of the user, a salted passphrase of the user by: receiving a passphrase from the user; and hashing the passphrase with a phone number and an email address of the user to produce the salted passphrase; and generating, by the hardware processor, the first public encryption key using a public encryption key for the computing device.
“16. The method of claim 11, further comprising, in response to receiving the token, waiting, by the hardware processor, for the computing device to establish the connection.
“17. The method of claim 11, further comprising: receiving, by the hardware processor, from the external system, a request for a portion of the personally identifiable information; in response to receiving the request for the portion of the personally identifiable information, retrieving, by the hardware processor, from a repository in a cloud, the portion of the personally identifiable information encrypted using the first public encryption key and the second public encryption key; and decrypting, by the hardware processor, using a first private encryption key, the portion of the personally identifiable information encrypted using the first public encryption key and the second public encryption key to produce the portion of the personally identifiable information encrypted using the second public encryption key.
“18. The method of claim 11, further comprising communicating, by the computing device, the token to the hardware processor.
“19. The method of claim 11, further comprising: retrieving, by the hardware processor, based on the token, the second public encryption key; and communicating, by the hardware processor, the second public encryption key to the computing device.”
There are additional claims. Please visit full patent to read further.
For the URL and additional information on this patent, see: Apsingekar, Venkatesh Sarvottamrao. System for improving data security when redeeming data.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Computer-implemented system and method for facilitating data security of documents (USPTO 11803661): ImageSource Inc.
Researchers Submit Patent Application, “System And Methods For Vulnerability Assessment And Provisioning Of Related Services And Products For Efficient Risk Suppression”, for Approval (USPTO 20230351456): Aon Risk Consultants Inc.
Advisor News
- More than half of Gen X investors support parents or children
- Year-end Roth IRA conversions: What you need to know before the deadline
- Debt is limiting American retirement savings
- How starting a conversation with a stranger is like dating
- Why your clients might face higher taxes in retirement
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Making sense of Medicare's hospital rules
- Is long-term care insurance right move?
- Pisgah Legal offering free health insurance help
- Data on Managed Care Reported by Researchers at University of Michigan (Racial/ethnic Disparities In Cost-related Barriers To Care Among Near-poor Beneficiaries In Medicare Advantage Vs Traditional Medicare): Managed Care
- Pay first, deliver later: Some women are being asked to prepay for their baby
More Health/Employee Benefits NewsLife Insurance News