RU2756576C1 - Method for tokenisation of the bank card number and method for detokenisation of the bank card number - Google Patents

Abstract

FIELD: computing technology.

SUBSTANCE: computer-implemented method for tokenisation of the PAN (Primary Account Number) bank card number, wherein PAN is received and divided into the components thereof: bin (BIN) consisting of the first six characters, mask (MASK) consisting of the last four characters, and the middle part (mPAN); the offset value in the substitution table is determined wherein: the first offset value is calculated by the substitution table using cryptographic transformation of a concatenated string of the BIN and MASK values; the second offset value is calculated by the substitution table using mPAN cryptographic transformation; the sum offset value is calculated by adding the first and second offset values; the index in the substitution table is calculated by normalising the sum offset value by to the substitution table, wherein normalisation is performed according to the dimension of the table as the remainder from dividing the offset by the number of rows of the table, resulting in the sought index in the substitution table; using the obtained index, the tokenised part of the zPAN number is selected from the substitution table to replace mPAN; the tokenised DPAN card number is formed by replacing mPAN with zPAN, using BIN and MASK of the obtained PAN number.

EFFECT: increase in the efficiency of protection of bank card numbers.

7 cl, 3 dwg

Description

FIELD OF TECHNOLOGY

[0001] The claimed technical solution, in general, relates to the field of data encoding and decoding, and in particular to automated methods and systems for tokenization of bank card numbers and detokenization of bank card numbers.

LEVEL OF TECHNOLOGY

[0002] One of the most important tasks in information security is the protection of confidential data, which is complex and quite complex. Securing confidential data effectively in banking systems, payment applications, databases, storage devices, and server groups is challenging in itself and becomes even more challenging when disparate systems are used.

[0003] As a rule, in the case of confidential data, various solutions using encryption are considered, but in recent years, there has been an increase in interest in another technology - tokenization.

[0004] Properly implemented encryption is one of the most effective means of securing confidential data. It allows only authorized users to access the data and protects the data, both in storage and in transit. But encryption is not the only protection option - there are alternative methods. Moreover, sometimes the most correct solution will not be to try to protect confidential data with encryption, but to refuse to transfer it altogether.

[0005] Tokenization is precisely the technology that provides this opportunity - its principle is to replace real confidential data with some values - tokens. Tokenization is somewhat similar to encryption - both technologies are involved in masking real data, but the approach to this process is fundamentally different. In the case of encryption, the process of hiding data is reversible if the correct key is present. Anyone, having received the encryption key, will be able to recover the original data.

[0006] In the case of tokenization, the process is not reversible, because instead of data during tokenization, a token is used that does not carry any confidential information or the result of its crypto transformation, and is only logically related to real data that is stored in a well-protected database. In this case, the token can have the same format (size and structure) as the original data, which minimizes the need to make changes to the applications working with it. But at the same time, it is pointless to steal a token, since it will not help to obtain any real confidential data without access to the tokenization system.

[0007] The main advantage of tokenization is that tokens can be fully used within the environment of their use, but are completely useless outside of it. Tokenization is ideal for protecting sensitive data such as bank card numbers, social security numbers, and any other data that attackers regularly steal for use or sale on the black market. If the attackers fail to hack the tokenization server itself in order to obtain real data associated with the tokens, then the stolen tokens will give them absolutely no opportunity to use them.

[0008] The increasing interest in tokenization is primarily due to the fact that it allows you to provide data protection with a low load on the organization's systems. Adding encryption to systems - especially existing ones - significantly increases the load on them. Changes to applications to implement encryption reduce performance and increase the demands on developers and system administrators. In addition, in the case of using heterogeneous systems, it becomes necessary to encrypt, decrypt and re-encrypt data in different places, which creates additional vulnerabilities that can be exploited by attackers. Moreover, the more keys are used in the system, the more opportunities for its attack. Working with keys is especially dangerous, given the prevalence of malicious software (hereinafter referred to as software) for intercepting data directly in RAM, which allows access to keys without even having administrative privileges on the infected machine.

[0009] In addition to minimizing the requirements for making changes to the applications used, tokenization reduces the risks for sensitive data. If implemented correctly, applications will be able to use tokens throughout the system and access protected confidential data only when absolutely necessary.

Applications can store, use and make transactions using only a token and without putting real data at risk.

[0010] For example, one of the most common use cases for tokenization is for payments using payment cards. Using a token instead of the value of the payment card number allows tracking the transaction and its execution without the risk of compromising the real card data. Access to a real number will be required only in the processing circuit and when interacting with payment systems and other participants in payment systems. Well, in the event that the processing center also uses tokenization, then it is possible to conduct an internal transaction without using real data at all.

[0011] From the prior art patent US 10262128 B2 "Tokenized data security" is known, patentee: Saber GLBL Inc, published: 06.02.2014. This solution describes a method for tokenizing a user's account number to protect against cyber attacks using a token card.

[0012] A disadvantage of the known solution in the art is the lack of data security.

DISCLOSURE OF THE INVENTION

[0013] The claimed technical solution proposes a new approach to solving a technical problem, which consists in a more secure method of storing bank card data.

[0014] The technical result achieved by solving this problem is to improve the efficiency of the protection of bank card numbers.

[0015] The specified technical result is achieved due to the implementation of a computer-implemented method of tokenization of a bank card number (PAN), performed using at least one processor and containing the steps in which:

- get a PAN and carry out its division into its constituent parts: bin (BIN), consisting of the first six characters, a mask (MASK), consisting of the last four characters, and the middle part (mPAN);

- determine the value of the shift in the table of substitutions, at which:

• calculating the first shift value from the substitution table using crypto-transformation of the concatenated string of BIN and MASK values;

• calculate the second shift value from the substitution table using the mPAN crypto-transformation;

• calculate the total shift value by adding the first and second shift values;

- calculating the index in the table of substitutions, by normalizing the total value of the shift in the table of substitutions, and the normalization is performed by the dimension of the table as the remainder of dividing the offset by the number of rows in the table, thus obtaining the desired index in the table of substitutions;

- using the obtained index, the tokenized part of the zPAN number is selected from the substitution table to replace the mPAN;

- form a tokenized DPAN card number by replacing mPAN with zPAN using the BIN and MASK of the received PAN number.

[0016] In one of the particular embodiments of the method, the crypto-transformation algorithm is the FF3 algorithm.

[0017] The claimed technical solution is also carried out by performing a computer-implemented method for detokenizing a bank card number (DPAN) obtained using the above method, carried out using at least one processor and containing the steps at which:

- receive DPAN and carry out its division into its constituent parts: bin (BIN) consisting of the first six characters, mask (MASK), consisting of the last four characters, and the middle part (zPAN);

- determine the value of the shift in the table of substitutions, at which:

• calculating the first shift value from the substitution table using crypto-transformation of the string of BIN and MASK values;

• calculating the modulus of the first offset value from the substitution table by dividing the first offset value by the size of the offset table;

• calculate the index in the substitution table by searching for a row by the obtained zPAN value;

• calculate the second offset values in the replacement table based on the calculated index, the modulus of the first value and the dimension of the table;

- calculating mPAN using the inverse crypto transformation from the obtained second offset value using the encryption key with which the PAN to DPAN transformation was performed;

- form the PAN value based on the received mPAN, as well as the BIN and MASK values.

[0018] In one of the particular embodiments of the method, the crypto-transformation algorithm is the FF3 algorithm.

[0019] In another particular embodiment of the method, if the second offset value is negative, then the step of its calculation is iteratively repeated by incrementing the modulus of the first offset value by one.

[0020] The claimed technical solution is also implemented using a computer system that contains a processor and a memory that stores machine-readable instructions executed by the processor to implement the above methods.

BRIEF DESCRIPTION OF DRAWINGS

[0021] The features and advantages of the present technical solution will become apparent from the following detailed description and accompanying drawings.

[0022] FIG. 1 illustrates a flow diagram of a method for tokenizing a bank card number (PAN).

[0023] FIG. 2 illustrates a flow diagram of a method for detokenizing a bank card number (DPAN).

[0024] FIG. 3 illustrates an example of a general view of a computing system that provides an implementation of the claimed solution.

CARRYING OUT THE INVENTION

[0025] The following will describe the concepts and terms necessary to understand this technical solution.

[0026] Tokenization is the process of replacing a confidential data item with a non-confidential equivalent, called a token, which has no independent meaning / value for external or internal use.

[0027] A token is a link (ie, an identifier) that is matched against sensitive data through a tokenization system.

[0028] Detoxification is the inverse process of obtaining a PAN code value from a target token.

[0029] PCI DSS (Payment Card Industry Digital Security Standard) is a payment card security standard.

[0030] PAN (Primary Account Number) - payment card number.

[0031] DP AN (Digitized PAN) - tokenized payment card number.

[0032] BIN (Bank Identification Number) - identification number of the bank that issued the card.

[0033] MASK - the last 4 characters of the card, freely used for printing on checks and, together with the BIN, card identification within one client.

[0034] DPC - data center.

[0035] PCI SSC (Payment Card Industry Security Standards Consul) - Advice on payment card security standards.

[0036] HSM (Hardware Security Module) is a hardware solution for generating encryption keys and performing crypto transformations.

[0037] The Luna Algorithm is an algorithm for determining the validity of a card number based on decimal integrity.

[0038] This technical solution can be implemented on a computer, in the form of an automated information system (AIS) or a computer-readable medium containing instructions for performing the above method.

[0039] The technical solution can be implemented as a distributed computer system.

[0040] In this solution, the system means a computer system, a computer (electronic computer), CNC (numerical control), PLC (programmable logic controller), computerized control systems and any other devices capable of performing a given, well-defined sequence of computing operations (actions, instructions).

[0041] By a command processor is meant an electronic unit or an integrated circuit (microprocessor) that executes machine instructions (programs).

[0042] A command processor reads and executes machine instructions (programs) from one or more storage devices such as random-access memory (RAM) and / or read only memory (ROM) devices. The ROM can be, but is not limited to, hard disks (HDD), flash memory, solid state drives (SSD), optical data carriers (CD, DVD, BD, MD, etc.), etc.

[0043] A program is a sequence of instructions for execution by a computer control device or command processing device.

[0044] Let's calculate the amount of stored data for all cards, in theory existing in the industry: card numbers are from 13 to 19 characters and contain almost all combinations. We will not take into account the Luna algorithm and get a figure of about 10,000 Petabytes, provided 1 byte per card number:

[0045] We get an unattainable amount of data and store such an amount of information is more than redundant. Even if you cut down on unused BINs, the storage capacity will not be acceptable.

[0046] The way out is to store not all map elements, but only replaceable fragments (except for the first 6 and last 4 characters). In this case, the formula will be different:

[0047] The volume of 1 Terabyte must also be multiplied by the length of the stored string in the database, i.e. the length of the PAN itself and the required index, approximately 30 bytes. The total is 30 TB.

[0048] This amount of data is also large, but with such a volume it is possible to work with and optimize it.

[0049] When replacing the same replaced fragments of different cards, the results of the replaced fragments will also be the same, which will lead to implementation vulnerabilities and a gradual accumulating compromise of card data. And isolated cases of notoriety of the PAN-DPAN bundle will automatically compromise thousands of other card numbers en masse.

[0050] Consider the structure of the card number. The card number (PAN) consists of BIN (first 6 characters), MASK (last 4 characters) and the rest to be tokenized. Let's call the initial value of this part mPAN, the tokenized one - zPAN.

[0051] In order to have different zPANs for different combinations of BIN ⋅ MASK (hereinafter, the symbol denotes string concatenation, and the symbol "+" the arithmetic sum) with the same mPAN, it is necessary to make a selection from the replacement table using some shift algorithm that guarantees the absence of collisions ...

[0052] Consider the table of substitutions using the example of the popular card length = 16. To fulfill the above-described requirements for the implementation of the chosen strategy [3], the table must provide the replacement of 10 ⁶ PAN fragments. Since it is necessary to use hexadecimal characters in the substituted characters, but exclude combinations that do not contain hexadecimal digits (AF), the length of the substitution table will be 16 ⁶ - 10 ⁶ , that is, 15.8 million token values for 10 million initial data.

[0053] The task is to define an index on the replacement table. A simple index corresponding to the order of mPAN will allow selection of numbers of cards and tokens with the same mPAN for other BIN ⋅ MASK values, which is unacceptable.

[0054] A static offset index will also allow for fitting with a sufficient sample of PAN and DPAN (or mPAN and zPAN) matches.

[0055] Therefore, the index should be dynamic, that is, it does not have an understandable dependence on the BIN ⋅ MASK sequence, but does not create collisions, that is, it excludes repeated selection of zPANs for different mPANs, in other words, it should not be based on a random value.

[0056] To ensure uniqueness and avoid collisions, a number of steps need to be taken.

[0057] Make a composite dynamic index. The first part will be formed from the unchanged BIN ⋅ MASK value for the entire mPAN range. The second part is formed from the most replaceable part of the mPAN.

[0058] The formation of the actual index or shift (let's call it SHIFT) is possible directly from these components by the formula (BIN ⋅ MASK) + mPAN. The resulting SHIFT number normalized to the length of the substitution table SHIFT = ((BIN ⋅ MASK) + mPAN)% length ({zPAN}) will already provide uniqueness, but so far it has a clear dependency, i.e. when the MASK is increased by 1, SHIFT will also increase by 1, which can lead to the selection of the PAN and DPAN bundles.

[0059] An incomprehensible dependence can be achieved by crypto-transformation with the preservation of the format of the original data (Format Preserving Encryption) [4], when the output of the function is another pseudo-random element from the final array of the original data.

[0060] We use the implementation of the FF3 algorithm [5] to select a pseudo-random index from a set of indices using a secret value and an initial index value. The use of FF3 (BIN ⋅ MASK) shift as a base will allow doing both direct and inverse transformation of PAN-DPAN and DPAN-PAN, since one of the shift components is always known (BIN ⋅ MASK), it is unchanged in PAN and DP AN.

[0061] As shown in FIG. 1, the claimed method for tokenizing a bank card number (PAN) (100) consists of several steps performed by at least one processor.

[0062] In step (101), a PAN is obtained and divided into its constituent parts: a bin (BIN) consisting of the first six characters, a mask (MASK) consisting of the last four characters, and a middle part (mPAN).

[0063] Next, in step (102), the shift value in the substitution table is determined.

[0064] During the determination of the shift value in the substitution table:

- in step (103) calculating the first shift value from the substitution table by crypto-transforming the concatenated string of BIN and MASK values;

- in step (104), calculating the second shift value from the substitution table using the mPAN crypto transformation;

- in step (105), the total offset value is calculated by adding the first and second offset values.

[0065] Next, in step (106), the index in the substitution table is calculated by normalizing the total shift value in the substitution table, and the normalization is performed on the dimension of the table as the remainder of dividing the offset by the number of table rows, thereby obtaining the desired index in the substitution table.

[0066] Next, at step (107), using the obtained index, the tokenized part of the zPAN number is selected from the substitution table to replace the mPAN.

[0067] Next, in step (108), a tokenized DPAN card number is generated by replacing mPAN with zPAN using the BIN and MASK of the obtained PAN number.

[0068] The crypto-transformation algorithm used in the method (100) is the FF3 algorithm.

[0069] As shown in FIG. 2 method for detokenizing a bank card number (DPAN) (200) obtained using the above method, the processor performs a series of sequential steps.

[0070] In step (201), the DP AN is obtained and divided into its constituent parts: a bin (BIN) consisting of the first six characters, a mask (MASK) consisting of the last four characters, and a middle part (zPAN).

[0071] Next, in step (202), the shift value in the substitution table is determined.

[0072] During the determination of the shift value in the substitution table:

- at step (203) calculating the first shift value from the substitution table by crypto-transforming the string of BIN and MASK values;

- in step (204) calculating the modulus of the first offset value from the substitution table by dividing the first offset value by the offset table size;

- at step (205), the index in the substitution table is calculated by searching for a row by the obtained zPAN value;

- in step (206), the second offset values in the replacement table are calculated based on the calculated index, the modulus of the first value, and the dimension of the table.

[0073] Next, in step (207), the mPAN is calculated by inverse crypto transform from the obtained second offset value using the encryption key with which the PAN to DP AN was converted.

[0074] Next, in step (208), a PAN value is generated based on the obtained mPAN, as well as the BIN and MASK values.

[0075] The crypto-transformation algorithm used in the method (200) is the FF3 algorithm.

[0076] If in step (206) the second offset value is negative, then iteratively repeat the step of calculating it, incrementing the modulus of the first offset value by one.

[0077] The claimed technical solution provides a new way to tokenize bank cards. When implementing the claimed technical solution, a compact storage of replacement tables is achieved. PAN-DPAN data is not stored on devices, storage media, etc., thereby ensuring the impossibility of compromise. This technical solution does not require synchronous replication between data centers and tokenizer instances in real time. With an unknown encryption key, knowing the algorithm and examples of PAN-DPAN tokenized pairs, it becomes impossible to calculate other PAN-DPAN bundles. The use of a two-component shift according to the substitution table in the claimed technical solution allows you to quickly convert PAN-DPAN and DPAN-PAN.

[0078] FIG. 3 shows an example of a general view of a computing system (300) that provides the implementation of the claimed methods (100) (200) and or is part of a computer system, for example, a server, a personal computer, a part of a computing cluster that processes the necessary data to implement the claimed technical solution.

[0079] In the General case, the system (300) contains one or more processors (301) united by a common bus of information exchange, memory means such as RAM (302) and ROM (303), input / output interfaces (304), input devices / output (1105), and a device for networking (306).

[0080] The processor (301) (or multiple processors, multi-core processor, etc.) can be selected from a range of devices currently widely used, for example, such manufacturers as: Intel ™, AMD ™, Apple ™, Samsung Exynos ™. MediaTEK ™, Qualcomm Snapdragon ™, etc. Under the processor or one of the processors used in the system (300), it is also necessary to take into account a graphics processor, for example, NVIDIA GPU or Graphcore, the type of which is also suitable for full or partial execution of the method, and can also be used for training and applying machine learning models in various information systems.

[0081] RAM (302) is a random access memory and is intended for storing machine-readable instructions executed by the processor (301) for performing the necessary operations for logical data processing. RAM (302), as a rule, contains executable instructions of the operating system and corresponding software components (applications, software modules, etc.). In this case, the available memory of the graphics card or graphics processor can act as RAM (302).

[0082] ROM (303) is one or more persistent storage devices such as a hard disk drive (HDD), solid state drive (SSD), flash memory (EEPROM, NAND, etc.), optical storage media ( CD-R / RW, DVD-R / RW, BlueRay Disc, MD), etc.

[0083] Various types of I / O interfaces (304) are used to organize the operation of system components (300) and to organize the operation of external connected devices. The choice of the appropriate interfaces depends on the specific version of the computing device, which can be, but are not limited to: PCI, AGP, PS / 2, IrDa, FireWire, LPT, COM, SATA, IDE, Lightning, USB (2.0, 3.0, 3.1, micro, mini, type C), TRS / Audio jack (2.5, 3.5, 6.35), HDMI, DVI, VGA, Display Port, RJ45, RS232, etc.

[0084] To ensure the interaction of the user with the computing system (300), various means (305) I / O information are used, for example, a keyboard, display (monitor), touch display, touch pad, joystick, mouse manipulator, light pen, stylus, touch panel, trackball, speakers, microphone, augmented reality, optical sensors, tablet, light indicators, projector, camera, biometric identification (retina scanner, fingerprint scanner, voice recognition module), etc.

[0085] The networking tool (306) provides data transmission via an internal or external computer network, for example, Intranet, Internet, LAN, and the like. One or more means (306) may be used, but not limited to: Ethernet card, GSM modem, GPRS modem, LTE modem, 5G modem, satellite communication module, NFC module, Bluetooth and / or BLE module, Wi-Fi module and dr.

[0086] The presented application materials disclose preferred examples of the implementation of the technical solution and should not be construed as limiting other, particular examples of its implementation, not going beyond the scope of the claimed legal protection, which are obvious to specialists in the relevant field of technology.

Sources of information:

1. PCI DSS standard: https://www.pcisecuritystandards.org/documents/PCI DSS_v3-2-1.pdf

2. Requirements for data tokenization: https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_lnfo_Supplement.pd f

3. An article in the journal Bankovskoe Obozreniye on approaches to tokenization of card data in Sberbank https://bosfera.ru/bo/pci-dss-ne-vrag

4. Format Preserving Encryption https://en.wikipedia.org/wiki/Format-preserving_encryption

5. FF3 algorithm https://eprint.iacr.org/2017/521.pdf

Claims (23)

1. A computer-implemented method of tokenizing a bank card number PAN (Primary Account Number), performed using at least one processor and containing the stages at which: - receive a PAN and carry out its division into its component parts: the identification number of the bank that issued the card BIN (Bank Identification Number), consisting of the first six characters, the last four characters of the bank card (MASK), freely used for printing on checks and, together with BIN , to identify the card within one client, and the middle part of the bank card number subject to tokenization (mPAN); - determine the value of the shift in the table of substitutions, at which: • calculating the first shift value from the substitution table using crypto-transformation of the concatenated string of BIN and MASK values; • calculate the second shift value from the substitution table using the mPAN crypto-transformation; • calculate the total shift value by adding the first and second shift values; - calculating the index in the table of substitutions, by normalizing the total value of the shift in the table of substitutions, and the normalization is performed by the dimension of the table as the remainder of dividing the offset by the number of rows in the table, thus obtaining the desired index in the table of substitutions; - using the obtained index, the tokenized middle part of the bank card number (zPAN) is selected from the substitution table to replace the mPAN; - form a tokenized DPAN card number by replacing mPAN with zPAN using the BIN and MASK of the received PAN number. 2. The method according to claim 1, wherein the crypto-transformation algorithm is a crypto-transformation algorithm with preserving the format of the original data FF3 (Format Preserving Encryption). 3. A computer-implemented method for detokenizing a bank card number (DPAN) obtained using the method according to any one of claims 1, 2, performed using at least one processor and containing the steps at which: - get DPAN and carry out its division into its constituent parts: bin (BIN), consisting of the first six characters, a mask (MASK), consisting of the last four characters, and the middle part (zPAN); - determine the value of the shift in the table of substitutions, at which: • calculating the first shift value from the substitution table using crypto-transformation of the string of BIN and MASK values; • calculating the modulus of the first offset value from the substitution table by dividing the first offset value by the size of the offset table; • calculate the index in the substitution table by searching for a row by the obtained zPAN value; • calculating the second value of the shift in the replacement table based on the calculated index, the modulus of the first value and the dimension of the table; - calculate mPAN using the inverse crypto-transformation from the obtained second shift value; - form the PAN value based on the received mPAN, as well as the BIN and MASK values. 4. The method according to claim 3, wherein the crypto-transformation algorithm is a crypto-transformation algorithm with preservation of the original data format (FF3). 5. The method according to claim 3, wherein if the second offset value is negative, then the step of calculating it is iteratively repeated by incrementing the modulus of the first offset value by one. 6. A system for tokenizing a bank card number (PAN), containing at least one processor, and at least one data storage device containing machine-readable instructions, which, when executed by the processor, implement the method according to any one of claims. 12. 7. System for determining the detokenized bank card number (DPAN) obtained using the method according to any one of paragraphs. 1, 2, containing at least one processor, and at least one data storage device containing machine-readable instructions, which, when executed by the processor, implement the method according to any one of claims. 3-5.

Images