The assignee for this patent, patent number 8751788, is
Reporters obtained the following quote from the background information supplied by the inventors: "Visa's PCI-DSS gives very specific guidelines about how card data is to be handled if it is to be stored in an 'at-rest' state. PCI-DSS compliance in an enterprise computing landscape can be difficult due to the requirements around encryption. The XiSecure product was created to address these difficulties, and it does so by creating a centralized location where data can be stored in a way that complies with PCI-DSS. XiSecure also potentially removes PCI-DSS requirements from some systems since sensitive data is replaced with a token that can be passed between the various enterprise systems.
"New integration methodologies such as the 'Enterprise Service Bus' or ESB are a new challenge to overcoming the PCI-DSS requirements on systems. Using an ESB, messages are exchanged between services by using a database to persist messages on the 'bus'. This generally means that messages incoming from external sources, such as a web-based e-commerce system, are persisted directly to disk upon entering the service bus. This persisted data often contains sensitive information such as credit card numbers; sensitive data such as card numbers should never be persisted to disk unless they are first encrypted according to the PCI-DSS.
"The merits of interpreting this 'no persistence unless encrypted' literally can be debated. While it does seem obvious that persisting unencrypted data to the database should be avoided, the ESB uses the database more as an inter-process communication conduit rather than a place to store and retrieve organized data. Certainly, if interpreted literally, modern operating systems that implement virtual memory (where a running program's memory can be written to disk by the operating system without the program's knowledge) would be impossible to comply with the PCI-DSS. Regardless of lack of technical specifics that is typical of the PCI-DSS, the interpretation tends to be strict when involving the ESB due to the involvement of writing data into a database.
"Therefore, there is a need for a Secure Web Encryption Accelerator (XWEA) that is designed with this strict interpretation of the storage of sensitive data in the database."
In addition to obtaining background information on this patent, VerticalNews editors also obtained the inventor's summary information for this patent: "Embodiments of the invention may provide a new XWEA that is configured to allow data to be encrypted from the web browser before sensitive data is received by a back-end system. An exemplary embodiment of the invention encompasses a computer-readable medium containing instructions which, when executed, by a processor cause a computer to perform a method, the method including receiving data at a session management system from a web application, wherein the session management system is communicably coupled to a database. The method may also include generating a token that represents the data in encrypted form at a tokenizing system communicably coupled to the session management system, and associating the token with the data. Further, the method may include storing the token and the data in the database, and providing the token to the web application for use in representing the data.
"In another embodiment, the invention encompasses a system for encrypting web session data which may include a session management module adapted to receive data from a web application module and provide a token that represents the data in encrypted form to the web application, wherein the web application is adapted to use the token to represent the data. The system may also include a tokenizer module communicably coupled to the session management module, wherein the tokenizer module is adapted to receive the data and generate the token. Further, the system may include a database communicably coupled to the session management module, wherein the database is adapted to receive the token and the data, associate the token with the data, and store the token and the data."
For more information, see this patent: Leach,
Keywords for this news article include:
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Rackspace Ends Talks About Possible Acquisition
- Mercedes Rolls Out S550 Plug-in Hybrid
- Missouri GM Plant Adding 750 jobs
- Poverty Rate Drops for First Time Since 2006
- Aaron Hernandez: I Felt Helpless to Refuse Police
- Cedeno Named USHCC Businessman of the Year
- Parameters Being Drawn for IS Action
- Anheuser-Busch, Visa Voice NFL Disapproval
- Can Kobach Keep Taylor's Name on Ballot?
- Two-thirds of Hispanics Doubt Media Accuracy