Search

US-20260129034-A1 - SYSTEM, METHOD AND ARCHITECTURE FOR SECURE SHARING OF CUSTOMER INTELLIGENCE

US20260129034A1US 20260129034 A1US20260129034 A1US 20260129034A1US-20260129034-A1

Abstract

A key master service capable of operating on a service provider in a network enables is disclosed. The key master enables authorized parties to securely exchange client information without compromising client security. One feature of the key master service is the generation of a unique key for each client. All parties in an authorized universe access, exchange and modify client information by referencing the universal key, rather than using known client identifiers. Client information is further secured by advantageously applying an obfuscation function to the data. Obfuscated client information is stored together with the universal key as keyed client data at the client and/or server, where it may be directly accessed by the service provider or third parties. Because client information is stored and exchanged without the ability to discern either the client identity or the nature of the information, such information is secured against malicious third-party interception.

Inventors

  • Jeremy Yoches
  • Christopher Vito Covalucci
  • Scott Johnson

Assignees

  • CAPITAL ONE SERVICES, LLC

Dates

Publication Date
20260507
Application Date
20251103

Claims (20)

  1. 1 . A computer-implemented method, comprising: authorizing, using at least one processor, at least one party for access to a client intelligence data, the client intelligence data being indicative of at least one internet activity by a client and being associated with at least one client identifier; receiving, using the at least one processor, a request, from the at least one authorized party, to access the client intelligence data, the request including at least one key, the at least one key is generated for providing access to the client intelligence data and provided to the at least one authorized party; generating, using the at least one processor, a decoding associated with the client intelligence data, and transmitting the decoding to the at least one authorized party; and providing, using the at least one processor, access to the client intelligence data to the at least one authorized party based on the decoding, wherein the provided client intelligence data has the at least one client identifier removed.
  2. 2 . The method according to claim 1 , wherein the at least one key is a deidentified key having the at least one client identifier removed from the at least one key.
  3. 3 . The method according to claim 1 , wherein the at least one key is generated using at least one of the following: random number generator, a hash function, and any combination thereof.
  4. 4 . The method according to claim 1 , wherein the client intelligence data is uninterpretable to one or more parties not authorized for access to the client intelligence data.
  5. 5 . The method according to claim 4 , wherein the at least one authorized party, based on the authorizing, is configured to interpret, using the decoding, the client intelligence data.
  6. 6 . The method according to claim 1 , wherein the at least one key, the client intelligence data and a mapping between the least one key and the client intelligence data are stored in at least one key table.
  7. 7 . The method according to claim 1 , wherein the at least one internet activity includes at least one website visited by the client.
  8. 8 . The method according to claim 1 , wherein the providing including pushing the provided client intelligence data to the at least one authorized party.
  9. 9 . The method according to claim 1 , wherein the at least one key is generated by transforming, using the at least one processor, the at least one client identifier.
  10. 10 . The method according to claim 9 , wherein the provided client intelligence data includes an obfuscated client intelligence data having at least one obfuscated portion.
  11. 11 . The method according to claim 10 , wherein the obfuscated client intelligence data is combined with the at least one key and provided to the at least one authorized party.
  12. 12 . The method according to claim 11 , wherein the providing includes generating, using the at least one processor, a cookie including a combination of the at least one key and the obfuscated client intelligence data; and providing, using the at least one processor, the cookie to the at least one authorized party.
  13. 13 . A system, comprising: at least one processor; and at least one non-transitory storage media storing instructions, that when executed by the at least one processor, cause the at least one processor to perform operations including authorizing at least one party for access to a client intelligence data, the client intelligence data being indicative of at least one internet activity by a client and being associated with at least one client identifier; receiving a request, from the at least one authorized party, to access the client intelligence data, the request including at least one key, the at least one key is generated by transforming the at least one client identifier and generated for providing access to the client intelligence data and provided to the at least one authorized party; generating a decoding associated with the client intelligence data, and transmitting the decoding to the at least one authorized party; and pushing the client intelligence data to the at least one authorized party, wherein the at least one authorized party is configured to use the decoding to access the pushed client intelligence data, wherein the pushed client intelligence data has the at least one client identifier removed.
  14. 14 . The system according to claim 13 , wherein the at least one key is a deidentified key having the at least one client identifier removed from the at least one key; the at least one key is generated using at least one of the following: random number generator, a hash function, and any combination thereof.
  15. 15 . The system according to claim 13 , wherein the client intelligence data is uninterpretable to one or more parties not authorized for access to the client intelligence data.
  16. 16 . The system according to claim 13 , wherein the at least one authorized party, based on the authorizing, is configured to interpret, using the decoding, the client intelligence data.
  17. 17 . The system according to claim 13 , wherein the at least one key, the client intelligence data and a mapping between the least one key and the client intelligence data are stored in at least one key table.
  18. 18 . The system according to claim 13 , wherein the at least one internet activity includes at least one website visited by the client.
  19. 19 . The system according to claim 13 , wherein the pushed client intelligence data includes an obfuscated client intelligence data having at least one obfuscated portion, the obfuscated client intelligence data is combined with the at least one key and pushed to the at least one authorized party.
  20. 20 . A computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising: authorizing at least one party for access to a client intelligence data, the client intelligence data being indicative of at least one internet activity by a client and being associated with at least one client identifier; receiving a request, from the at least one authorized party, to access the client intelligence data, the request including at least one key, the at least one key is generated for providing access to the client intelligence data and provided to the at least one authorized party; generating a decoding associated with the client intelligence data, and transmitting the decoding to the at least one authorized party; and providing access to the client intelligence data to the at least one authorized party based on the decoding, wherein the provided client intelligence data has the at least one client identifier removed, wherein the providing includes generating a cookie including a combination of the at least one key and an obfuscated client intelligence data and providing the cookie to the at least one authorized party.

Description

RELATED APPLICATIONS This application is a Continuation of U.S. patent application Ser. No. 17/980,781, filed Nov. 4, 2022, which is a Continuation of U.S. patent application Ser. No. 16/291,161, filed Mar. 4, 2019, now U.S. Pat. No. 11,522,844, which is a Continuation of U.S. patent application Ser. No. 16/153,808, filed Oct. 7, 2018, now U.S. Pat. No. 10,263,970 entitled “SYSTEM, METHOD AND ARCHITECTURE FOR SECURE SHARING OF CUSTOMER INTELLIGENCE”. The contents of the above-identified applications are hereby incorporated by reference in their entireties. BACKGROUND Many service providers use “cookies” to personalize a client's website experience. A cookie is a small file that stores client information. This information may include personal information, such as the client's address and password, and behavioral information, such as a client's browsing history. There are two types of cookies; “session” cookies which are deleted at the end of each web browsing session and “persistent” cookies, which are saved between sessions. During a client's initial access of a service provider website, the service provider populates and downloads the cookie file to the client's browser. If the cookie is a persistent cookie, on subsequent visits by the client to the service provider website the cookie is retrieved, and data related to the client can be extracted to increase efficiencies and personalize the client's website experience. In addition to improving processing efficiencies, cookies can further be used to tailor advertising and to analyze marketing campaigns by storing client intelligence. Client intelligence may include, for example, a client's browsing history, purchase history and other internet behavior. In some cases, service providers make the client intelligence available to authorized third parties, who may also store cookies at the client. Although there are significant benefits from the use of cookies, the fact that cookies store personal client information makes them vulnerable to malicious interception. Clients can protect the distribution of their information by restricting a service provider's ability to use persistent cookies. Browsers generally provide the user the ability to control the creation and storage of cookies by service providers and third parties, and users may block the creation of cookies altogether. However, blocking all cookies would ultimately serve only to frustrate the client and to remove the business advantages associated with client intelligence. It would be desirable to leverage the efficiencies gained through the use of cookies while protecting against inadvertent or unauthorized disclosure of client information. SUMMARY According to one aspect of the invention, a method of securing client-related data by a service provider includes the steps of receiving a request from a client for content provided by the service provider and obtaining a key for the client. The method further includes the steps of collecting client-related data and transforming a portion of the client-related data to produce obfuscated client-related data. Keyed client data comprising the key and the obfuscated client-related data is generated and stored. The keyed client data is retrieved and returned in response to third-party requests seeking access to client data. With such an arrangement, client data is protected against malicious interception because only keyed, obfuscated data is made available in communications between the server, client and third-parties. According to another aspect of the invention, a system to secure client-related data collected by a service provider website includes a key master for transforming a client identifier into a key, a first storage unit for storing the key, a transform unit for transforming at least a portion of client-related data to produce obfuscated client-related data, and secure cookie builder for combining the key and the obfuscated client-related data into keyed client data. A second storage device stores the keyed client data and is accessed by an interface which returns keyed client data in response to third-party requests for the respective client-related data, thereby protecting the client-related data against unauthorized exposure. According to a further aspect of the invention, a method of securing client-associated data collected by a service provider includes forwarding a request for content to a service provider's website, the request for content including an identifier of a client issuing the request. Responsive to the request keyed client data is received from the service provider where the keyed client data includes a key associated with the identifier and obfuscated data of the client. The keyed client data is stored and forwarded to a third-party in response to a third-party request for client-associated data, where the third-party request comprises the key. With such an arrangement authorized third parties can directly access client cookie infor