US 11,657,181 B2
System for improving data security through key management
Venkatesh Sarvottamrao Apsingekar, San Jose, CA (US); Sahil Vinod Motadoo, Sunnyvale, CA (US); Christopher John Schille, San Jose, CA (US); and James Francis Lavine, Corte Madera, CA (US)
Assigned to THE PRUDENTIAL INSURANCE COMPANY OF AMERICA, Newark, NJ (US)
Filed by The Prudential Insurance Company of America, Newark, NJ (US)
Filed on Feb. 1, 2022, as Appl. No. 17/590,121.
Application 17/590,121 is a continuation of application No. 16/807,809, filed on Mar. 3, 2020, granted, now 11,250,157.
Prior Publication US 2022/0156405 A1, May 19, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); H04L 9/30 (2006.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC G06F 21/6245 (2013.01) [H04L 9/088 (2013.01); H04L 9/0825 (2013.01); H04L 9/0827 (2013.01); H04L 9/3213 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for securing personally identifiable information, the system comprising a token handler comprising:
a memory configured to store an encryption schedule comprising:
an indication that a first portion of a user's personally identifiable information was encrypted using a first public encryption key of a set of public encryption keys; and
an indication that a second portion of the user's personally identifiable information was encrypted using a second public encryption key of the set of public encryption keys; and
a hardware processor communicatively coupled to the memory, the hardware processor configured to:
receive, from a second system, a token indicating a request for redemption of the first and second portions of the user's personally identifiable information;
select, based on the encryption schedule, a first private encryption key corresponding to the first public encryption key;
decrypt, using the first private encryption key, the first portion of the user's personally identifiable information encrypted using the first public encryption key to produce the first portion of the user's personally identifiable information;
select, based on the encryption schedule, a second private encryption key of the token handler conesponding to the second public encryption key;
decrypt, using the second private encryption key, the second portion of the user's personally identifiable information encrypted using the second public encryption key to produce the second portion of the user's personally identifiable information;
determine that an age of the set of public encryption keys exceeds a time threshold; and
in response to determining that the age of the set of public encryption keys exceeds the time threshold:
encrypt, using a first public encryption key of a second set of public encryption keys, the first portion of the user's personally identifiable information;
encrypt, using a second public encryption key of the second set of public encryption keys, the second portion of the user's personally identifiable information; and
add, to the encryption schedule, an indication that the first portion of the user's personally identifiable information was encrypted using the first public encryption key of the second set of public encryption keys and an indication that the second portion of the user's personally identifiable information was encrypted using the second public encryption key of the second set of public encryption keys.