Third-party platform for tokenization and detokenization of network packet data

US 10,318,762 B1
Filed: 03/03/2016
Issued: 06/11/2019
Est. Priority Date: 03/06/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for identifying and obfuscating private data in network packet, the method comprising:

receiving, by a computer system, a network packet for analysis;

determining, by the computer system, to examine the network packet for private data;

identifying, by the computer system, private data in payload of the packet;

encrypting the private data;

storing the encrypted private data in a location separate from the payload; and

obfuscating the private data by adding a reference to the location of the encrypted private data in the payload; and

generating a new packet based on the network packet, the new packet including the reference.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for securing data. One of the methods includes receiving, by a computer system, a network packet for analysis. The method includes determining, by the computer system, to examine the network packet for private data. The method includes identifying, by the computer system, private data in payload of the packet. The method includes encrypting the private data. The method includes storing the encrypted private data in a location separate from the payload. The method also includes obfuscating the private data by adding a reference to the location of the encrypted private data in the payload.

Citations

21 Claims

1. A computer implemented method for identifying and obfuscating private data in network packet, the method comprising:
- receiving, by a computer system, a network packet for analysis;
  
  determining, by the computer system, to examine the network packet for private data;
  
  identifying, by the computer system, private data in payload of the packet;
  
  encrypting the private data;
  
  storing the encrypted private data in a location separate from the payload; and
  
  obfuscating the private data by adding a reference to the location of the encrypted private data in the payload; and
  
  generating a new packet based on the network packet, the new packet including the reference.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein identifying the private data comprises:
    - using a regular expression to identify candidate private data;
      
      confirming the candidate private data by performing a secondary validation of the candidate private data.
  - 3. The method of claim 1, further comprising:
    - generating a hash-based message authentication code using the private data.
  - 4. The method of claim 3, wherein adding the reference to the location of the encrypted private data comprises:
    - generating a tag, the tag including an indicator of the type of the private data and the hash-based message authentication code; and
      
      replacing the private data in the received data with the tag.
  - 5. The method of claim 1, wherein determining to examine the network packet for private data comprises:
    - determining to examine the network packet based on at least one of a source address for the network packet and a destination address for the network packet.

6. A computer implemented method for identifying and obfuscating private data in network packet, the method comprising:
- receiving, by a computer system, a network packet for analysis;
  
  determining, by the computer system, to examine the network packet for references to private data;
  
  identifying, by the computer system, at least one reference to private data in payload of the packet;
  
  obtaining encrypted private data based on the at least one reference to private data;
  
  decrypting the private data;
  
  replacing the tag with the private data in the payload.
- View Dependent Claims (7)
- - 7. The method of claim 6, wherein determining to examine the network packet for private data comprises:
    - determining to examine the network packet for references to private data based on at least one of a source address for the network packet and a destination address for the network packet.

8. A non-transitory computer storage medium encoded with computer program instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
- receiving a network packet for analysis;
  
  determining to examine the network packet for private data;
  
  identifying private data in payload of the packet;
  
  encrypting the private data;
  
  storing the encrypted private data in a location separate from the payload; and
  
  obfuscating the private data by adding a reference to the location of the encrypted private data in the payload; and
  
  generating a new packet based on the network packet, the new packet including the reference.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The non-transitory computer storage medium of claim 8, wherein identifying the private data comprises:
    - using a regular expression to identify candidate private data;
      
      confirming the candidate private data by performing a secondary validation of the candidate private data.
  - 10. The non-transitory computer storage medium of claim 8, further comprising:
    - generating a hash-based message authentication code using the private data.
  - 11. The non-transitory computer storage medium of claim 10, wherein adding the reference to the location of the encrypted private data comprises:
    - generating a tag, the tag including an indicator of the type of the private data and the hash-based message authentication code; and
      
      replacing the private data in the received data with the tag.
  - 12. The non-transitory computer storage medium of claim 8, wherein determining to examine the network packet for private data comprises:
    - determining to examine the network packet based on at least one of a source address for the network packet and a destination address for the network packet.

13. A non-transitory computer storage medium for identifying and obfuscating private data in network packet, the non-transitory computer storage medium comprising:
- receiving a network packet for analysis;
  
  determining to examine the network packet for references to private data;
  
  identifying at least one reference to private data in payload of the packet;
  
  obtaining encrypted private data based on the at least one reference to private data;
  
  decrypting the private data;
  
  replacing the tag with the private data in the payload; and
  
  generating a new packet based on the network packet, the new packet including the reference.
- View Dependent Claims (14)
- - 14. The non-transitory computer storage medium of claim 13, wherein determining to examine the network packet for private data comprises:
    - determining to examine the network packet for references to private data based on at least one of a source address for the network packet and a destination address for the network packet.

15. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  receiving a network packet for analysis;
  
  determining to examine the network packet for private data;
  
  identifying private data in payload of the packet;
  
  encrypting the private data;
  
  storing the encrypted private data in a location separate from the payload; and
  
  obfuscating the private data by adding a reference to the location of the encrypted private data in the payload; and
  
  generating a new packet based on the network packet, the new packet including the reference.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein identifying the private data comprises:
    - using a regular expression to identify candidate private data;
      
      confirming the candidate private data by performing a secondary validation of the candidate private data.
  - 17. The system of claim 15, further comprising:
    - generating a hash-based message authentication code using the private data.
  - 18. The system of claim 17, wherein adding the reference to the location of the encrypted private data comprises:
    - generating a tag, the tag including an indicator of the type of the private data and the hash-based message authentication code; and
      
      replacing the private data in the received data with the tag.
  - 19. The system of claim 15, wherein determining to examine the network packet for private data comprises:
    - determining to examine the network packet based on at least one of a source address for the network packet and a destination address for the network packet.

20. A computer implemented system for identifying and obfuscating private data in network packet, the system comprising:
- receiving a network packet for analysis;
  
  determining to examine the network packet for references to private data;
  
  identifying at least one reference to private data in payload of the packet;
  
  obtaining encrypted private data based on the at least one reference to private data;
  
  decrypting the private data;
  
  replacing the tag with the private data in the payload; and
  
  generating a new packet based on the network packet, the new packet including the reference.
- View Dependent Claims (21)
- - 21. The system of claim 20, wherein determining to examine the network packet for private data comprises:
    - determining to examine the network packet for references to private data based on at least one of a source address for the network packet and a destination address for the network packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Buckingham, Thomas Bret, Holloway, III, Donald Nathaniel, Ghavidel, Robert Aaron, Nannery, Jennifer, Newsom, Cory Landon, Lawrence, Robert, Wu, Huihui, Valles, Alejandra
Primary Examiner(s)
Avery, Jeremiah L

Application Number

US15/060,364
Time in Patent Office

1,195 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0421   Anonymous communication, i....

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3242   involving keyed hash functi...

Third-party platform for tokenization and detokenization of network packet data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Third-party platform for tokenization and detokenization of network packet data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links