| CPC G06F 21/6254 (2013.01) [G06F 16/93 (2019.01); G06F 21/6218 (2013.01); G06F 21/6227 (2013.01); G06F 40/103 (2020.01); G06F 40/166 (2020.01); G06F 40/284 (2020.01); G06F 2221/2141 (2013.01)] | 19 Claims |
|
1. A method for securing data, the method comprising:
receiving, by a tokenization system from a first client computing system, a request for data anonymization, the request referencing data containing values of interest;
performing, by the tokenization system, a tokenization operation on the data, the tokenization operation comprising:
splitting a value of interest in a data field in the data into multiple regions, each region of the multiple regions corresponding to a subfield of the data field;
generating, for a respective region of the multiple regions of the value of interest in the data, a corresponding token based on the respective region of the multiple regions of the value of interest; and
placing the corresponding token in the subfield of the data field, thereby producing an anonymized version of the data;
storing, by the tokenization system, the value of interest, with the respective region having the corresponding token in the subfield of the data field, in a secure data vault, wherein the respective region of the value of interest is stored with the corresponding token in the secure data vault as a token-value pair, wherein the corresponding token is one of a plurality of format-preserving tokens generated for the values of interest in the data;
communicating, by the tokenization system, the anonymized version of the data to the first client computing system;
receiving, by the tokenization system from the first client computing system or a second client computing system, a request for revealing the anonymized version of the data containing the corresponding token;
performing, by the tokenization system, a reveal operation on the anonymized version of the data, the reveal operation comprising:
querying the secure data vault for the corresponding token; and
retrieving the respective region of the value of interest from the secure data vault using the corresponding token,
the reveal operation producing a detokenized version of the data containing the value of interest; and
communicating, by the tokenization system, the detokenized version of the data to the first client computing system or to the second client computing system.
|