	US 11,775,968 B2
	Method and system for secure key rotation
Yasser Abou-Nasr, Chino Hills, CA (US); and Michael Boland, Souderton, CA (US)
Assigned to Lightspeed Commerce USA, Inc., Toronto (CA)
Filed by Lightspeed Commerce USA Inc., New York, NY (US)
Filed on Aug. 17, 2020, as Appl. No. 16/994,775.
Application 16/994,775 is a continuation of application No. 15/921,039, filed on Mar. 14, 2018, granted, now 10,776,783.
Application 15/921,039 is a continuation of application No. 13/798,832, filed on Mar. 13, 2013, granted, now 9,953,317, issued on Apr. 24, 2018.
Prior Publication US 2021/0035097 A1, Feb. 4, 2021
Int. Cl. G06Q 20/34 (2012.01); G06Q 20/38 (2012.01)

CPC G06Q 20/3829 (2013.01) [G06Q 20/34 (2013.01)]

8 Claims

1. A computer system for executing an electronic payment transaction while conducting a key rotation and re-keying comprising:

a transaction server comprised of:

a card vault component, comprised of a payment token in encrypted form and a corresponding token encryption key identifier;

a data structure comprised of a first data encryption key stored in encrypted form and a second data encryption key stored in encrypted form and a corresponding first key identifier and second key identifier;

a data memory comprised of program code that when executed causes the transaction server to:

decrypt the first and second data encryption keys;

store the decrypted first and second data encryption keys only in a local data memory of the transaction server that is executing the electronic payment transactions;

determine the condition that either the first data encryption key or the second data encryption key identifiers match the token encryption key identifier;

determine which of the members of a set of the first data encryption key and the second data encryption key is one generation older than the other data encryption key in the set;

decrypt the payment token using the determined data encryption key; and

process the electronic payment transaction using the decrypted payment token.