US 12,277,249 B2
System for improving data security through key management
Venkatesh Sarvottamrao Apsingekar, San Jose, CA (US); Sahil Vinod Motadoo, Sunnyvale, CA (US); Christopher John Schille, San Jose, CA (US); and James Francis Lavine, Corte Madera, CA (US)
Assigned to THE PRUDENTIAL INSURANCE COMPANY OF AMERICA, Newark, NJ (US)
Filed by The Prudential Insurance Company of America, Newark, NJ (US)
Filed on Mar. 5, 2024, as Appl. No. 18/595,780.
Application 18/595,780 is a continuation of application No. 18/299,134, filed on Apr. 12, 2023, granted, now 11,954,230.
Application 18/299,134 is a continuation of application No. 17/590,121, filed on Feb. 1, 2022, granted, now 11,657,181, issued on May 23, 2023.
Application 17/590,121 is a continuation of application No. 16/807,809, filed on Mar. 3, 2020, granted, now 11,250,157, issued on Feb. 15, 2022.
Prior Publication US 2025/0077704 A1, Mar. 6, 2025
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01)
CPC G06F 21/6245 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0827 (2013.01); H04L 9/088 (2013.01); H04L 9/3213 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A token handler for securing personally identifiable information, the token handler comprising a memory and a hardware processor communicatively coupled to the memory, the hardware processor configured to:
generate a set of public encryption keys of the token handler;
communicate the set of public encryption keys of the token handler to a data originator;
receive, from the data originator, a request to store a user's personally identifiable information, the request to store comprising a first portion of the user's personally identifiable information encrypted using a first public encryption key of the token handler from the set and a second portion of the user's personally identifiable information encrypted using a second public encryption key of the token handler from the set;
receive, from the data originator, a token indicating a request for redemption of the first and second portions of the user's personally identifiable information;
select a first private encryption key of the token handler corresponding to the first public encryption key;
decrypt, using the first private encryption key, the first portion of the user's personally identifiable information encrypted using the first public encryption key to produce the first portion of the user's personally identifiable information;
select a second private encryption key of the token handler corresponding to the second public encryption key;
decrypt, using the second private encryption key, the second portion of the user's personally identifiable information encrypted using the second public encryption key to produce the second portion of the user's personally identifiable information; and
store a key vault comprising the set of public encryption keys and an ordinal assigned to each key of the set of public encryption keys, wherein an encryption schedule identifies the first public encryption key using the ordinal assigned to the first public encryption key in the key vault.