Abstract: Hardware Security Modules (HSMs) are used to secure data, such as encryption keys. Access to HSMs may be shared across applications, and virtualized to allow the HSMs to generate, store, and provide encryption and decryption processes to various applications when the HSMs are located apart from the particular systems on which the applications are stored. This configuration allows for application owners or developers to easily interface with the HSMs, such that applications may simply request an encryption key from the HSMs, utilize the encryption key for encrypting data, store the encryption key within the HSMs, and/or retrieve the encryption key for decryption without the disadvantages associated with HSMs. Utilizing centralized HSMs improves the efficiency of use, memory storage, and security of the HSMs, due at least in part to allowing application owners and/or developers to interface with HSMs without forcing cryptographic processes that are specific to the application.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for triple format preserving encryption for activity data transmissions. In particular the invention provides a secure platform for transmission and storage of data based on multi-level compounded encryption while preserving native data format post-encryption to allow compatibility of post-encryption data with existing systems. In particular, the invention is configured for generating a plurality of encryption keys such that each of the encryption keys are structured to preserve pre-encryption data format, post-encryption. The invention is further configured for sequentially compounding encryption of native format data using the plurality of encryption keys.

Abstract: Hardware Security Modules (HSMs) may be utilized to store master keys that are used to secure (e.g., wrap) encryption keys that are stored outside of the HSMs. The wrapping of the encryption keys may include using the master key to mask each of the plurality of encryption keys. The master keys are then stored within the HSMs and the wrapped encryption keys may be stored outside of the HSMs. Since the plurality of encryption keys are wrapped, the wrapped encryption keys may be stored outside of the HSMs with a reduced potential for the wrapped encryption keys to be misappropriated. As such, the plurality of encryption keys may be stored in systems that do not have as many security requirements, and thus, have more memory available. As such, the memory needed to store keys within the HSMs is reduced.

Abstract: Hardware Security Modules (HSMs) may be utilized to store master keys that are used to secure (e.g., wrap) encryption keys that are stored outside of the HSMs. The wrapping of the encryption keys may include using the master key to mask each of the plurality of encryption keys. The master keys are then stored within the HSMs and the wrapped encryption keys may be stored outside of the HSMs. Since the plurality of encryption keys are wrapped, the wrapped encryption keys may be stored outside of the HSMs with a reduced potential for the wrapped encryption keys to be misappropriated. As such, the plurality of encryption keys may be stored in systems that do not have as many security requirements, and thus, have more memory available. As such, the memory needed to store keys within the HSMs is reduced.

Abstract: Hardware Security Modules (HSMs) are used to secure data, such as encryption keys. Access to HSMs may be shared across applications, and virtualized to allow the HSMs to generate, store, and provide encryption and decryption processes to various applications when the HSMs are located apart from the particular systems on which the applications are stored. This configuration allows for application owners or developers to easily interface with the HSMs, such that applications may simply request an encryption key from the HSMs, utilize the encryption key for encrypting data, store the encryption key within the HSMs, and/or retrieve the encryption key for decryption without the disadvantages associated with HSMs. Utilizing centralized HSMs improves the efficiency of use, memory storage, and security of the HSMs, due at least in part to allowing application owners and/or developers to interface with HSMs without forcing cryptographic processes that are specific to the application.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for triple format preserving encryption for activity data transmissions. In particular the invention provides a secure platform for transmission and storage of data based on multi-level compounded encryption while preserving native data format post-encryption to allow compatibility of post-encryption data with existing systems. In particular, the invention is configured for generating a plurality of encryption keys such that each of the encryption keys are structured to preserve pre-encryption data format, post-encryption. The invention is further configured for sequentially compounding encryption of native format data using the plurality of encryption keys.

Abstract: The present invention includes securing data using vaultless tokenization and encryption. The present invention uses static random token tables in conjunction with encryption methods in order to tokenize sensitive data for the purposes of secure transfer and storage. The present invention is configured to identify data for secure storage, split the data into two or more data segments, access one or more static random token tables containing random tokens, retrieve two or more random tokens from the one or more static random tables for each of the two or more data segments, combine the two or more random tokens into a tokenized sequence, and return the tokenized sequence. Moreover, additional encryption may occur before or after the data is split and/or before or after combining the random tokens into a tokenized sequence.

Abstract: The present invention includes securing data using vaultless tokenization and encryption. The present invention uses static random token tables in conjunction with encryption methods in order to tokenize sensitive data for the purposes of secure transfer and storage. The present invention is configured to identify data for secure storage, split the data into two or more data segments, access one or more static random token tables containing random tokens, retrieve two or more random tokens from the one or more static random tables for each of the two or more data segments, combine the two or more random tokens into a tokenized sequence, and return the tokenized sequence. Moreover, additional encryption may occur before or after the data is split and/or before or after combining the random tokens into a tokenized sequence.