Abstract: Systems and methods for maintaining data security using Luhn validation in a multiple domain computing environment are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The token generation algorithm includes a Luhn validation routine for producing a tokenized data string that either passes or fails Luhn. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found.

Abstract: Systems and methods for maintaining data security across multiple active domains are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The primary domain includes a centralized key manager. In one embodiment, each domain includes its own local data vault and a replica of each data vault associated with every remote domain. Any domain can access the data vaults (local and replica) and retrieve a token created by any other domain. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found in the data vaults.

Abstract: Systems and methods for maintaining data security through encryption key retirement and selective re-encryption are presented. A method of selectively re-encrypting a subset of encrypted values includes storing each encrypted value together with the key profile number for the encryption key that was used to generate that encrypted value. When a key is compromised, its associated key profile number allows the efficient identification of all the encrypted values that were created using the now-compromised key. Once identified, the encrypted values may be decrypted using the compromised key and re-encrypted using a new key, without changing other related data such as the token associated with the encrypted value.

Abstract: Systems and methods for maintaining data security using Luhn validation in a multiple domain computing environment are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The token generation algorithm includes a Luhn validation routine for producing a tokenized data string that either passes or fails Luhn. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found.

Abstract: Systems and methods for maintaining data security across multiple active domains are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The primary domain includes a centralized key manager. In one embodiment, each domain includes its own local data vault and a replica of each data vault associated with every remote domain. Any domain can access the data vaults (local and replica) and retrieve a token created by any other domain. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found in the data vaults.

Abstract: Systems and methods for maintaining data security using client roles, API keys, and certificate-based mutual authentication are presented. A method of protecting sensitive data includes both client authorization techniques and the mutual exchange and verification of certificates between client and server. In one embodiment, access by a client to a server is further limited by temporal constraints, volume constraints, and an end user identity filter.