Search

US-20260127320-A1 - OBFUSCATED STORAGE AND TRANSMISSION OF PERSONAL IDENTIFIABLE INFORMATION

US20260127320A1US 20260127320 A1US20260127320 A1US 20260127320A1US-20260127320-A1

Abstract

A method for obfuscated storage and transmission of Personal Identifiable Information (PII) includes applying a collisionable hash algorithm to data. Applying the collisionable hash algorithm involves selecting a first group of characters from the data proceeding from left to right; selecting a second group of characters from the data proceeding from right to left; concatenating the first group of characters and the second group of characters to generate a sequence of characters; and applying a cipher to the sequence of characters to generate an obfuscated data for the data.

Inventors

  • Andre Ming Bordokan

Assignees

  • MASTERCARD INTERNATIONAL INCORPORATED

Dates

Publication Date
20260507
Application Date
20260106

Claims (19)

  1. 1 . A method comprising: applying a collisionable hash algorithm to data, wherein applying the collisionable hash algorithm comprises: selecting a first group of characters from the data proceeding from left to right; selecting a second group of characters from the data proceeding from right to left; concatenating the first group of characters and the second group of characters to generate a sequence of characters; and applying a cipher to the sequence of characters to generate an obfuscated data for the data; and storing, at a mass storage device, the obfuscated data, wherein the collisionable hash algorithm is applied to each of a set of data with results stored at the mass storage device.
  2. 2 . The method of claim 1 , further comprising: receiving a particular obfuscated data from a second entity, wherein the particular obfuscated data is generated at the second entity by applying the collisionable hash algorithm to particular data; and matching the received particular obfuscated data to a matching obfuscated data stored at the mass storage device.
  3. 3 . The method of claim 2 , wherein the particular obfuscated data is received through an unsecured manner.
  4. 4 . The method of claim 1 , wherein the data is a string data type.
  5. 5 . The method of claim 1 , wherein the data comprises personal identifiable information (PII).
  6. 6 . The method of claim 1 , wherein selecting the first group of characters from the data proceeding from left to right comprises selecting a first number of characters of the data by selecting every other character from left to right.
  7. 7 . The method of claim 6 , wherein a selected first character of the data for the first group of characters is a second-to-left-most character.
  8. 8 . The method of claim 1 , wherein selecting the second group of characters from the data proceeding from right to left comprises selecting a second number of characters of the data by selecting every other character from right to left.
  9. 9 . The method of claim 8 , wherein a selected first character of the data for the second group of characters is a second-to-right-most character.
  10. 10 . The method of claim 1 , wherein a total number of characters in the obfuscated data correlates to a size of the set of data to which the collisionable hash algorithm is applied.
  11. 11 . A computer-readable storage medium having instructions stored thereon that when executed by a computing device direct the computing device to: apply a collisionable hash algorithm to data, wherein instructions to apply the collisionable hash algorithm include directing the computing device to: select a first group of characters from the data proceeding from left to right; select a second group of characters from the data proceeding from right to left; concatenate the first group of characters and the second group of characters to generate a sequence of characters; and apply a cipher to the sequence of characters to generate an obfuscated data for the data; and store, at a mass storage device, the obfuscated data.
  12. 12 . The computer-readable storage medium of claim 11 , wherein the data comprises personal identifiable information (PII).
  13. 13 . The computer-readable storage medium of claim 11 , wherein the data is a string data type.
  14. 14 . The computer-readable storage medium of claim 11 , wherein the collisionable hash algorithm is applied to each of a set of data with results stored at the mass storage device, the instructions further direct the computing device to: receive a particular obfuscated data from a second entity, wherein the particular obfuscated data is generated at the second entity by applying the collisionable hash algorithm to particular data; and match the received particular obfuscated data to a matching obfuscated data stored at the mass storage device.
  15. 15 . The computer-readable storage medium of claim 14 , wherein the particular obfuscated data is received through an unsecured manner.
  16. 16 . The computer-readable storage medium of claim 11 , wherein the instructions to select the first group of characters from the data proceeding from left to right direct the computing device to select a first number of characters by selecting every other character from left to right.
  17. 17 . The computer-readable storage medium of claim 16 , wherein a selected first character for the first group of characters is a second-to-left-most character.
  18. 18 . The computer-readable storage medium of claim 11 , wherein the instructions to select the second group of characters from the data proceeding from right to left direct the computing device to select a second number of characters by selecting every other character from right to left.
  19. 19 . The computer-readable storage medium of claim 18 , wherein a selected first character for the second group of characters is a second-to-right-most character.

Description

BACKGROUND Personal Identifiable Information (PII) is considered sensitive information that companies make effort to avoid leaking or otherwise being abused. There are, however, numerous scenarios where being able to provide cardholder name information to certain entities would be beneficial. For example, currently, the payment networks do not leverage nor send cardholder name information on the payload of the transaction to the issuers and, subsequently, to the merchant when a chargeback happens. A chargeback is a charge that is returned to a payment card after a customer successfully disputes an item on their account statement or transactions report. The payment networks do not send this information to the issuers and merchants because this information is sensitive PII and the payment networks do not want to risk the PII leaking or otherwise abused. Merchants in specific are affected when they receive a chargeback. The payload of a chargeback does not include the cardholder's name; therefore, the merchant cannot run a simple analysis on the claim to decide if they will accept—therefore refunding the transaction—or represent. The usual way merchants deal with this is to wait for the acquirer to send this data, usually several days later. This delay in getting this data can affect the outcome of the decision because the payment networks usually incentivize fast responses for faster resolutions. BRIEF SUMMARY Methods and systems for obfuscated storage and transmission of Personal Identifiable Information (PII) are described. A new hash function is presented that can be used for masking PII data in ways that are useful for fraud analysis. Indeed, the resulting hash can be transferred between parties through an unsecured manner to allow for confirmation of an identification. No decoding or unmasking is necessary. In some aspects, the techniques described herein relate to a method including: applying a collisionable hash algorithm to data, wherein applying the collisionable hash algorithm includes: selecting a first group of characters from the data proceeding from left to right; selecting a second group of characters from the data proceeding from right to left; concatenating the first group of characters and the second group of characters to generate a sequence of characters; and applying a cipher to the sequence of characters to generate an obfuscated data for the data; and storing, at a mass storage device, the obfuscated data, wherein the collisionable hash algorithm is applied to each of a set of data with results stored at the mass storage device. The hash algorithm is considered a collisionable hash algorithm because collisions (i.e., the duplication of output values) are intended. This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 illustrates a process flow for applying a collisionable hash algorithm. FIGS. 2A and 2B illustrate a scenario in which obfuscated storage and transmission of PII is beneficial. FIG. 3 illustrates a method for obfuscated storage and transmission of PII. FIG. 4 is an example implementation of the collisionable hash algorithm. FIG. 5 illustrates a block diagram illustrating components of a computing device used in some embodiments. DETAILED DESCRIPTION Methods and systems for obfuscated storage and transmission of Personal Identifiable Information (PII) are described. A new hash function is presented that can be used for masking PII data in ways that are useful for fraud analysis. Indeed, the resulting hash can be transferred between parties through an unsecured manner to allow for confirmation of an identification. No decoding or unmasking is necessary. Advantageously, it is possible to perform the obstruction algorithm of the new hash function without requiring a computing device with conventional hash algorithm capability. The new hash function is referred to as a collisionable hash algorithm because instead of the conventional approach where hash functions are intended to minimize duplication of output values (i.e., “collision”), the described collisionable hash algorithm intentionally allows for collisions. Indeed, collisions are welcomed as a way to inhibit the reverse-engineering of the output back to the input (i.e., minimize the ability to accurately un-obfuscate the data) since if several inputs result in the same output, reverse-engineering is moot. The described collisionable hash algorithm is fast to run and creates a small output that can be added to the payload of a transaction with minimal overall impact to the payload itself and to the time to generate the output. Although specific examples provided herein are directed to a chargeback scenario whe