Patented Solutions for Innovative, Comprehensive Security

Protegrity is the leading innovator of proven data security to protect databases, applications and file environments. This technology leadership position has been established through significant investments in research and development since the mid 1990s. Today, Protegrity holds over a dozen important United States patents in the data protection and has additional patent applications pending.The following Protegrity products are protected by patents in the USA and/or elsewhere. This website is provided to satisfy the virtual patent marking provisions of various jurisdictions including Section 16 of The America Invents Act and 35 U.S.C.  §287(A). Additional patents may be pending or granted in the USA and/or elsewhere.

Protegrity® File Protector™
US Patent #(s): 9,230,128; 9,219,716; 9,152,579; 8,745,094; 8,661,263; 7,418,098; 10,211,978; 10,212,155

Protegrity® Database Protector™
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 9,087,209; 8,935,802; 8,745,094; 8,661,263; 6,321,201; 7,418,098; 7,490,248; 8,402,281; 10,211,978; 10,212,155; 10,284,531
AUS Patent #: AU 1997032823
CAN Patent #: CA 724388
CHN Patent #: CN 1222272
DEU Patent #: EP 0891661 B1
ISR Patent #: WO 97/49211
JPN Patent #: JP 4167300 B
SWE Patent #(s): SE 506853 C2; EP 0891661 B1
GBR Patent #: EP 0891661 B1

Protegrity® Application Protector™
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 9,087,209; 8,935,802; 8,893,250; 8,745,094; 8,661,263; 7,418,098, 10,127,375; 10,211,978; 10,212,155; 10,284,531

Protegrity® Database Protector for Teradata™
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 9,087,209; 8,935,802, 8,745,094; 8,661,263; 6,321,201; 7,418,098; 7,490,248; 8,402,281; 8,510,335; 10,211,978; 10,212,155; 10,284,531
AUS Patent #: AU 1997032823
CAN Patent #: CA 724388
CHN Patent #: CN 1222272
DEU Patent #: EP 0891661 B1
ISR Patent #: WO 97/49211
JPN Patent #: JP 4167300 B
SWE Patent #(s): SE 506853 C2; EP 0891661 B1
GBR Patent #: EP 0891661 B1

Protegrity® Protection Server
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 8,935,802; 8,893,250; 8,745,094; 8,661,263; 7,418,098; 10,211,978; 10,212,155; 10,284,531

Protegrity® Big Data Protector™
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 9,087,209; 8,935,802; 8,745,094; 8,661,263; 6,321,201; 7,418,098; 7,490,248; 8,402,281; 8,510,335; 10,211,978; 10,212,155; 10,284,531
AUS Patent #: AU 1997032823
CAN Patent #: CA 724388
CHN Patent #: CN 1222272
DEU Patent #: EP 0891661 B1
ISR Patent #: WO 97/49211
JPN Patent #: JP 4167300 B
SWE Patent #(s): SE 506853 C2; EP 0891661 B1
GBR Patent #: EP 0891661 B1

Protegrity® Avatar™
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 9,087,209; 8,935,802; 8,745,094; 8,661,263; 6,321,201; 7,418,098; 7,490,248; 8,402,281; 8,510,335; 10,211,978; 10,212,155; 10,284,531
AUS Patent #: AU 1997032823
CAN Patent #: CA 724388
CHN Patent #: CN 1222272
DEU Patent #: EP 0891661 B1
ISR Patent #: WO 97/49211
JPN Patent #: JP 4167300 B
SWE Patent #(s): SE 506853 C2; EP 0891661 B1
GBR Patent #: EP 0891661 B1

Protegrity® Cloud Gateway
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 8,935,802; 8,745,094; 8,661,263; 7,418,098; 10,211,978; 10,212,155; 10,284,531

Protegrity® File Protector Gateway™
US Patent #(s): 9,219,716; 9,152,579; 9,148,476; 8,935,802; 8,745,094; 8,661,263; 7,418,098; 10,211,978; 10,212,155; 10,284,531

Protegrity® File Protector for Mainframe
US Patent #(s): 9,219,716; 7,418,098; 8,745,094; 10,211,978; 10,212,155; 10,284,531

PROTEGRITY PATENTS INCLUDE:

UNITED STATES PATENT 5,606,610,ISSUED 2/25/1997

‍Apparatus and method for storing data

Summary: The invention defines a method and device for protecting personally identifiable information, like a social security number, and other personal information in a database.

UNITED STATES PATENT 6,321,201, ISSUED 11/20/2001

‍A policy driven encryption method for databases

Summary: The invention describes a method of applying data sensitivity driven encryption levels for specific categories of data in a database based on data element types (commonly arranged in columns) combined with user group restrictions and limitations.

UNITED STATES PATENT 6,963,980, ISSUED 11/8/2005

‍Combined hardware and software based encryption of databases

Summary: The invention describes a combined system of hardware and software implemented encryption for encryption of data of different security levels, whereby tamper-proof hardware implemented encryption is used for the data of higher security level and software implemented encryption is used for data of lower security level.

UNITED STATES PATENT 7,120,933, ISSUED 10/10/2006

‍Method for intrusion detection in a database system

Summary: The invention defines a method for detecting and preventing intrusion in a database based on analyzing data access behavior particularly by determining if the user exceeds the number of records or type of operations that are defined in the respective user’s security profile.

UNITED STATES PATENT 7,305,707, ISSUED 12/4/2007

‍Method for intrusion detection in a database system

Summary: The invention defines a method for detecting and preventing intrusion in a database based on analyzing data access behavior and determining if the results of the query violates the intrusion detection policy.

UNITED STATES PATENT 7,313,822, ISSUED 12/25/2007

‍Application-layer security method and system

Summary: The underlying invention is a Web Application Firewall software solution where all incoming application operation requests are screened using of a set of security filters (or “pipes”) to protect the application against requests received from an unknown or distrusted environment.

UNITED STATES PATENT 7,325,129, ISSUED 1/29/2008

‍Method for altering encryption status in a relational database in a continuous process

Summary: The invention describes a method for altering encryption status in a database without need to take the database off-line while the changes are made for example in substituting existing encryption keys, adding, removing or changing any encryption requirement, and re-encrypting the data.

UNITED STATES PATENT 7,418,098, ISSUED 8/26/2008

‍Data type preserving encryption

Summary: The invention defines a method and a system for preserving the original data type and length when encrypting data in a relational database. This helps to minimize the need for changes to applications and databases.

UNITED STATES PATENT 7,490,248, ISSUED 2/10/2009

‍Method for re-encryption of a database

Summary: The invention describes an automatic method of re-encryption of a database based on key-expiration deadlines.

UNITED STATES PATENT 7,539,857, ISSUED 5/26/2009

‍Cooperative processing and escalation in a multi-node application-layer security system and method

Summary: The invention defines a method and system for application-layer security with default operational protection modes that can be escalated to provide a higher level of protection. This can allow a Web Application Firewall to switch between monitoring mode and blocking mode when the threats are changing.

UNITED STATES PATENT 7,594,266, ISSUED 9/22/2009

‍Data security and intrusion detection

Summary: The invention defines a method for detecting and preventing intrusion in file systems and web servers based on access patterns. It enables the security administrator to set rules on data volumes and access to the file system.

UNITED STATES PATENT 7,614,085, ISSUED 11/3/2009

‍Method for the automatic setting and updating of a security policy

Summary: The invention defines a method for maintaining a security policy for web applications. The method can identify security flaws in web applications and help configure Web Application Firewalls.

UNITED STATES PATENT 7,882,555, ISSUED 2/1/2011

‍Application-layer security method and system

Summary: The underlying invention is a Web Application Firewall software solution where the protective layer enables use of a specific path for each operation request and each path involving one or more security filters (or “pipes”). This method enables a more granular protection of an application than the method described in the U.S. patent 7,313,822.

UNITED STATES PATENT 7,984,025, ISSUED 7/19/2011

‍Method for re-encryption of a database

Summary: The invention describes an automatic method of assuring that every row and item is encrypted with a valid key.

UNITED STATES PATENT 8,225,106, ISSUED 7/17/2012

‍Differential encryption utilizing trust modes

Summary: The invention defines methods for adjusting data protection levels based to the level of trust that a system currently is operating under. The trust level will adjust based on how the system was (re)started and if it maintains a dialog with an external security system.

UNITED STATES PATENT 8,402,281, ISSUED 3/19/2013

‍Data security system for a database

Summary: The invention describes a method of granting access to a data portion in a database after validating that the data processing rules, maintained in a separate data protection table, are satisfied.

UNITED STATES PATENT 8,510,335, ISSUED 8/13/2013

‍Database and method for controlling access to a database

Summary: The invention describes a method of for controlling access to a database, providing both a high security level, separation of duties and great operational performance.

UNITED STATES PATENT 8,661,263, ISSUED 2/25/2014

‍Meta-complete data storage

Summary: The invention described herein generally relates to systems and methods of securely storing data so that the data contains information about the data and/or the encryption of the data, systems and methods of providing secure access to real world data through data transformations, and systems and methods of managing security parameters for data.

UNITED STATES PATENT 8,701,191, ISSUED 4/15/2014

‍Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

Summary: A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.

UNITED STATES PATENT 8,745,094, ISSUED 6/3/2014

‍Distributed tokenization using several substitution steps

Summary: The invention relates to distributed tokenization of sensitive data by using static token lookup tables and involving one or more tokenization steps.

UNITED STATES PATENT 8,769,272, ISSUED 7/1/2014

‍Differential encryption utilizing trust modes

Summary: The invention defines methods for adjusting data protection levels based to the level of trust that a system currently is operating under. The trust level will adjust based on how the system was (re)started and if it maintains a dialog with an external security system.

UNITED STATES PATENT 8,826,449, ISSUED 9/2/2014

‍Data security in a disconnected environment

Summary: The invention relates to systems and methods for detection and prevention of intrusions in data at rest systems such as file systems and web servers.

UNITED STATES PATENT 8,893,250, ISSUED 11/18/2014

‍Tokenization in mobile environments

Summary: A mobile device can tokenize communication data based on device information and session information.

UNITED STATES PATENT 8,935,787, ISSUED 1/13/2015

‍Multi-Layer System for Privacy Enforcement and Monitoring of Suspicious Data Access Behavior

Summary: A method and system for introducing a privacy policy with enforcement points that span multiple system layers that is coupled with link intrusion prevention analysis between the multiple system layers.

UNITED STATES PATENT 8,935,802, ISSUED 1/13/2015

‍Verifiable Tokenization

Summary: To distinguish between tokenized data and un-tokenized data, the tokenization system may be configured to generate tokenized data that intentionally fails a validation test.

UNITED STATES PATENT 8,978,152, ISSUED 3/10/2015

‍Decentralized token table generation

Summary: Tokenization tables are derived at intervals in order to increase the security of tokenized data.

UNITED STATES PATENT 9,087,209, ISSUED 7/21/2015

‍Database access control

Summary: The invention describes a method of for controlling access to a database, providing both a high security level, separation of duties and great operational performance.

UNITED STATES PATENT 9,092,614, ISSUED 7/28/2015

‍Preventing impersonation of a computer system user

Summary: A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided.

UNITED STATES PATENT 9,111,116, ISSUED 8/18/2015

‍Collision avoidance in a distributed tokenization environment

Summary: A central token management system to determine if the candidate token collides with a token generated by or stored at another client.

UNITED STATES PATENT 9,148,476, ISSUED 9/29/2015

‍Verifiable tokenization

Summary: To distinguish between tokenized data and un-tokenized data, the tokenization system may be configured to generate tokenized data that intentionally fails a validation test.

UNITED STATES PATENT 9,152,579, ISSUED 10/6/2015

‍Meta-complete data storage

Summary: The invention describes securely storing data so that the data contains information about the data and/or the encryption of the data.

UNITED STATES PATENT 9,202,086,ISSUED 12/1/2015

‍Tokenization in a Centralized Tokenization Environment

Summary: Data can be protected by tokenization using a token certificate associated with the token.

UNITED STATES PATENT 9,219,716, ISSUED12/22/2015

‍Distributed Tokenization Using Several Substitution Steps

Summary: The invention relates to general tokenization of sensitive data by using static token lookup tables and involving one or more tokenization steps.

UNITEDSTATESPATENT9,229,987,ISSUED1/5/2015

‍Mapping Between Tokenization Domains

Summary: A tokenization based on a single-use tokenization system and a multi-use tokenization system.

UNITED STATES PATENT 9,230,128, ISSUED 1/5/2015

‍Assignment of Security Contexts to Define Access Permissions for File System Objects

Summary: A method for restricting operations in a file system based on security contexts based on roles and access permissions.

UNITED STATES PATENT 9,230,136, ISSUED 1/5/2015

‍Tokenization Column Replacement

Summary: A tokenization system using a vector table that modifies the sensitive data.

UNITED STATES PATENT 9,237,006, ISSUED 1/12/2015Meta-complete data storage

Summary: A tokenization system using an initialization vector (IV) based a portion of the sensitive data.

UNITED STATES PATENT 9,514,330, ISSUED 8/23/2016

‍Verifiable tokenization

Summary: Use rules are included within tokenized data either before or after tokenization.

UNITED STATES PATENT 9,431,767 ISSUED 8/30/2016

‍Tokenization in mobile environments

Summary: Data cab in protected in mobile and payment environments through various tokenization operations.

UNITED STATES PATENT 9,443,104, ISSUED 9/13/2016

‍Tokenization of Structured Data

Summary: Structured data, such as email addresses, social security numbers, and the like is accessed for encoding.

UNITED STATES PATENT 9,514,319, ISSUED 12/6/2016

‍Database and method for controlling access to a database

Summary: A method for controlling access to a database is disclosed, as well as a corresponding database system.

UNITED STATES PATENT 9,516,031, ISSUED 12/6/2016

‍Assignment of security contexts to define access permissions for file system objects

Summary: A system and method are provided for restricting various operations in a file system based on security contexts.

UNITED STATES PATENT 9,514,457, ISSUED 12/6/2016

‍Tokenizatiion in mobile environments

Summary: Data can be protected in mobile and payment environments through various tokenization operations.

UNITED STATES PATENT 9,514,330, ISSUED 12/6/2016

‍Meta-complete data storage

Summary: The invention of methods and systems to securely store data so that the data contains information about the data and/or the encryption of the data, systems and methods of providing secure access to real world data through data transformations, and systems and methods of managing security parameters for data.

UNITED STATES PATENT 9,514,169 ISSUED 12/6/2016

‍Columnar table data protection

Summary: Shuffling data stored in columnar tables improves data storage security, particularly when used in conjunction with other security operations, such as tokenization and cryptography.

UNITED STATES PATENT 9,563,788, ISSUED 2/7/2016

‍Tokenization in a centralized tokenization environment

Summary: Data can be protected in a centralized tokenization environment.

UNITED STATES PATENT 9,639,716 ISSUED 5/2/2017

‍Distributed tokenization using several substitution steps

Summary: A method for distributed tokenization of sensitive strings of characters, such as social security numbers, credit card numbers and the like, in a local server is disclosed.

UNITED STATES PATENT 9,639,569, ISSUED 5/2/2017

‍Mapping between tokenization domains

Summary: A tokenization environment includes a first tokenization system in a first token domain and a second tokenization system in a second token domain.

UNITED STATES PATENT 9,641,519 ISSUED 5/2/2017

‍Table-connected tokenization

Summary: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data.

UNITED STATES PATENT 9,705,670 ISSUED 6/6/2017

‍Collision Avoidance in a Distributed Tokenization Environment

Summary: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data.

UNITED STATES PATENT 9,684,800 ISSUED 6/20/2017

‍Tokenization in a Centralized Tokenization Environment

Summary: Data can be protected in a centralized tokenization environment. A request to tokenize sensitive data is received by an endpoint. A token certificate store is queried for a token certificate associated with the identified token.

UNITED STATES PATENT 9,697,518 ISSUED 7/4/2017

‍Tokenization in Mobile Environments

Summary: Data can be protected in mobile and payment environments through various tokenization operations.

UNITED STATES PATENT 9,699,149 ISSUED 7/4/2017

‍Collision Avoidance in a Distributed Tokenization Environment

Summary: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data.

UNITED STATES PATENT 9,705,670 ISSUED 7/11/2017

‍Data Security in a Disconnected Environment

Summary: Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers.

UNITED STATES PATENT 9,720,943 ISSUED 8/1/2017

‍Columnar Table Data Protection

Summary: Shuffling data storied in columnar tables improves data storage security, particularly when used in conjunction with other security operations, such as tokenization and cryptography.

UNITED STATES PATENT 9,721,249 ISSUED 8/1/2017

‍Tokenization in Mobile Environments

Summary: Data can be protected in mobile and payment environments through various tokenization operations.

UNITED STATES PATENT 9,773,125 ISSUED 9/26/2017

‍Tokenization Column Replacement

Summary: A tokenization system includes a vector table and one or more token tables. The tokenization system accesses sensitive data and a vector from a vector table column, and modifies the sensitive data based on the accessed vector.

UNITED STATES PATENT 9,785,797 ISSUED 10/10/2017

‍Decentralized Token Table Generation

Summary: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints.

UNITED STATES PATENT 9,785,841 ISSUED 10/10/2017

‍Tokenization in Mobile Environments

Summary: Data can be protected in mobile and payment environments through various tokenization operations.

UNITED STATES PATENT 9,785,786 ISSUED 10/10/2017

‍Privacy Preserving Data Search

Summary: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights.

UNITED STATES PATENT 9,906,523 ISSUED 2/27/2018

‍Table-Connected Tokenization

Summary: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data.

UNITED STATES PATENT 9,904,923 ISSUED 2/27/2018

‍Tokenization in Mobile Envirobments

Summary: Data can be protected in mobile and payment environments through various tokenization operations.

UNITED STATES PATENT 9,973,475 ISSUED 5/15/2018

‍Data Computation in a Mult-Domain Cloud Environment

Summary: The gateway device is coupled between a client device and a server device, and is configured to receive encoded data and a set of operations from the server device in response to a request for cloud services from the client device.

UNITED STATES PATENT 9,971,96 ISSUED 5/15/2018

‍Apparatus and Method for Continuous Data Protection in a Distributed Computing Network

Summary: A system for secure data storage and transmission is provided. The system comprises a first security module for protecting data in a first data at rest system and a second security module for protecting data in second data at rest system.

UNITED STATES PATENT 10,019,596 ISSUED 7/10/2018Collision Avoidance in a Distributed Tokenization Environment

Summary: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

UNITED STATES PATENT 10,063,525 ISSUED 8/28/2018

‍Collision Avoidance in a Distributed Tokenization Environment

Summary: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of value assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision.

UNITED STATES PATENT 10,069,804 ISSUED 9/4/2018

‍Tokenization of Structured Data

Summary: Structured data, such as email addresses, social security numbers, and the like is accessed for encoding. A set of encoding rules including one or more encoding actions and/or encoding components corresponding to each of one or more structured data components is accessed. The set of encoding rules can include one or more encoding actions and/or one or more encoding components corresponding to each of one or more structured data components.

UNITED STATES PATENT 10,068,106 ISSUED 9/4/2018

‍Tokenization Column Replacement

Summary: A tokenization system includes a vector table and one or more token tables. The tokenization system accesses sensitive data and a vector from a vector table column, and modifies the sensitive data based on the accessed vector. The tokenization system the queries the one or more token tables using a portion of the modified data to identify a token mapped to the portion of the modified data.

UNITED STATES PATENT 10,068,106 ISSUED 10/2/2018

‍Decentralized Token Table Generation

Summary: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is, transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the genration process to be performed locally at the two endpoints independently of an external tokenization table provider.

UNITED STATES PATENT 10,127,375 ISSUED 11/13/2018

‍Enforcing Trusted Application Settings for Shared Code Libraries

Summary:
Access to a shared library API is restricted for a customer application by a security system. A profile for each of a plurality of trusted applications is generated and stored in a security database. When a customer application attempts to access the shared library API, the customer application is verified by extracting a customer application profile for the customer application, comparing the customer application profile with each stored trusted application profile, and verifying that the customer application can access the shared library API based on the comparison.

UNITED STATES PATENT 10,211,978 ISSUED 2/19/2019

‍Data Security in a Disconnected Environment

Summary: Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network.

UNITED STATES PATENT 10,212,155 ISSUED 2/19/2019

Table-Connected Tokenization

Summary: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data.

UNITED STATES PATENT 10,242,216 ISSUED 3/26/2019

‍Privacy Preserving Data Search

Summary: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights.

UNITED STATES PATENT 10,284,531, ISSUED 05/07/2019

‍Collision avoidance in a distributed tokenization environment

Summary:  A central token management system manages tokens generated by clients in a distributed tokenization environment to avoid collisions between tokens generated by different clients.