US 11,954,230 B2
System for improving data security through key management
Venkatesh Sarvottamrao Apsingekar, San Jose, CA (US); Sahil Vinod Motadoo, Sunnyvale, CA (US); Christopher John Schille, San Jose, CA (US); and James Francis Lavine, Corte Madera, CA (US)
Assigned to THE PRUDENTIAL INSURANCE COMPANY OF AMERICA, Newark, NJ (US)
Filed by The Prudential Insurance Company of America, Newark, NJ (US)
Filed on Apr. 12, 2023, as Appl. No. 18/299,134.
Application 18/299,134 is a continuation of application No. 17/590,121, filed on Feb. 1, 2022, granted, now 11,657,181.
Application 17/590,121 is a continuation of application No. 16/807,809, filed on Mar. 3, 2020, granted, now 11,250,157, issued on Feb. 15, 2022.
Prior Publication US 2023/0252188 A1, Aug. 10, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01)
CPC G06F 21/6245 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0827 (2013.01); H04L 9/088 (2013.01); H04L 9/3213 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A token handler for securing personally identifiable information, the token handler comprising a memory and a hardware processor communicatively coupled to the memory, the hardware processor configured to:
generate a set of public encryption keys of the token handler;
communicate the set of public encryption keys of the token handler to a data originator;
receive, from the data originator, a request to store a user's personally identifiable information, the request to store comprising a first portion of the user's personally identifiable information encrypted using a first public encryption key of the token handler from the set and a second portion of the user's personally identifiable information encrypted using a second public encryption key of the token handler from the set;
add, to an encryption schedule, an indication that the first portion of the user's personally identifiable information was encrypted using the first public encryption key and an indication that the second portion of the user's personally identifiable information was encrypted using the second public encryption key;
receive, from the data originator, a token indicating a request for redemption of the first and second portions of the user's personally identifiable information;
select, based on the encryption schedule, a first private encryption key of the token handler corresponding to the first public encryption key;
decrypt, using the first private encryption key, the first portion of the user's personally identifiable information encrypted using the first public encryption key to produce the first portion of the user's personally identifiable information;
select, based on the encryption schedule, a second private encryption key of the token handler corresponding to the second public encryption key;
decrypt, using the second private encryption key, the second portion of the user's personally identifiable information encrypted using the second public encryption key to produce the second portion of the user's personally identifiable information; and
store a key vault comprising the set of public encryption keys and an ordinal assigned to each key of the set of public encryption keys, wherein the encryption schedule identifies the first public encryption key using the ordinal assigned to the first public encryption key in the key vault.