Selective encryption configuration
First Claim
1. A method for encoding a partially encrypted data stream, the method comprising:
- receiving, at an edge encryption proxy, an unencrypted data stream;
evaluating the unencrypted data stream using communication encryption rules, wherein each communication encryption rule from the communication encryption rules includes a rule condition and a content mapping, and wherein evaluating the unencrypted data stream using the communication encryption rules includes;
determining whether the rule condition is met in the unencrypted data stream, andon a condition that the rule condition is met in the unencrypted data stream;
identifying a portion of the unencrypted data stream corresponding to the content mapping as a candidate sensitive portion;
identifying a data storage container based on the content mapping;
identifying data encryption configuration information corresponding to the data storage container;
on a condition that the data encryption configuration information indicates that the data storage container is configured for storing sensitive information;
identifying the candidate sensitive portion as a sensitive portion,generating an encrypted portion by encrypting the sensitive portion,including a preceding portion of the unencrypted data stream in a partially encrypted data stream, the preceding portion preceding the sensitive portion in the unencrypted data stream,including the encrypted portion in the partially encrypted data stream subsequent to the preceding portion, andincluding a subsequent portion of the unencrypted data stream in the partially encrypted data stream subsequent to the encrypted portion, the subsequent portion subsequent to the sensitive portion in the unencrypted data stream;
transmitting or storing the partially encrypted data stream;
receiving a second partially encrypted data stream, the second partially encrypted data stream indicating a recipient and including an encrypted input portion and unencrypted input portions;
generating a decrypted portion by decrypting the encrypted input portion;
generating a decrypted data stream including the decrypted input portion and the unencrypted input portions; and
transmitting the decrypted data stream to the recipient.
1 Assignment
0 Petitions
Accused Products
Abstract
Encoding a partially encrypted data stream may include receiving, at an edge encryption proxy, an unencrypted data stream, evaluating the unencrypted data stream using communication encryption rules including rule conditions and content mappings, determining whether the rule conditions match on the unencrypted data stream, and on a condition that the rule condition matches on the unencrypted data stream, and identifying a portion of the unencrypted data stream corresponding to the content mapping as a candidate sensitive portion. On a condition that the data encryption configuration information indicates that a data storage container corresponding to a matching content mapping is configured for storing sensitive information, generating an encrypted portion by encrypting the candidate sensitive portion, generating a partially encrypted data stream, including the encrypted portion, and unencrypted insensitive portions of the unencrypted data stream, and omitting the candidate sensitive portion, and transmitting or storing the partially encrypted data stream.
20 Citations
18 Claims
-
1. A method for encoding a partially encrypted data stream, the method comprising:
-
receiving, at an edge encryption proxy, an unencrypted data stream; evaluating the unencrypted data stream using communication encryption rules, wherein each communication encryption rule from the communication encryption rules includes a rule condition and a content mapping, and wherein evaluating the unencrypted data stream using the communication encryption rules includes; determining whether the rule condition is met in the unencrypted data stream, and on a condition that the rule condition is met in the unencrypted data stream; identifying a portion of the unencrypted data stream corresponding to the content mapping as a candidate sensitive portion; identifying a data storage container based on the content mapping; identifying data encryption configuration information corresponding to the data storage container; on a condition that the data encryption configuration information indicates that the data storage container is configured for storing sensitive information; identifying the candidate sensitive portion as a sensitive portion, generating an encrypted portion by encrypting the sensitive portion, including a preceding portion of the unencrypted data stream in a partially encrypted data stream, the preceding portion preceding the sensitive portion in the unencrypted data stream, including the encrypted portion in the partially encrypted data stream subsequent to the preceding portion, and including a subsequent portion of the unencrypted data stream in the partially encrypted data stream subsequent to the encrypted portion, the subsequent portion subsequent to the sensitive portion in the unencrypted data stream; transmitting or storing the partially encrypted data stream; receiving a second partially encrypted data stream, the second partially encrypted data stream indicating a recipient and including an encrypted input portion and unencrypted input portions; generating a decrypted portion by decrypting the encrypted input portion; generating a decrypted data stream including the decrypted input portion and the unencrypted input portions; and transmitting the decrypted data stream to the recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of selective encryption, the method comprising:
-
receiving, at an edge encryption proxy in a first network, an unencrypted data stream, from a client device in the first network, and wherein the unencrypted data stream indicates a recipient, wherein the recipient is an external device in a different network; generating a partially encrypted data stream by selectively encrypting the unencrypted data stream based on communication encryption rules and data encryption configuration information, wherein a sensitive portion of the unencrypted data stream is omitted from the partially encrypted data stream, and wherein an encrypted portion generated by encrypting the sensitive portion is included in the partially encrypted data stream; transmitting the partially encrypted data stream to the recipient such that recipient is prevented from decrypting the encrypted portion and the encrypted portion is stored as encrypted data; receiving a second partially encrypted data stream from the external device, wherein the second partially encrypted data stream indicates an internal recipient in the first network and includes an encrypted input portion and unencrypted input portions; generating a decrypted portion by decrypting the encrypted input portion; generating a decrypted data stream including the decrypted portion and the unencrypted input portions; and transmitting the decrypted data stream to the internal recipient in the first network. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A tangible, non-transitory, and computer-readable storage medium, having stored thereon instructions that, when executed by a processor, facilitate performance of operations, comprising:
-
receiving, at an edge encryption proxy in a first network, an unencrypted data stream, from a client device in the first network, and wherein the unencrypted data stream indicates a recipient, wherein the recipient is an external device in a different network; generating a partially encrypted data stream by selectively encrypting the unencrypted data stream based on communication encryption rules and data encryption configuration information, wherein a sensitive portion of the unencrypted data stream is omitted from the partially encrypted data stream, and wherein an encrypted portion generated by encrypting the sensitive portion is included in the partially encrypted data stream; transmitting the partially encrypted data stream to the recipient such that recipient is prevented from decrypting the encrypted portion and the encrypted portion is stored as encrypted data; receiving a second partially encrypted data stream from the external device, wherein the second partially encrypted data stream indicates an internal recipient in the first network and includes an encrypted input portion and unencrypted input portions; generating a decrypted portion by decrypting the encrypted portion; generating a decrypted data stream including the decrypted portion and the unencrypted input portions; and transmitting the decrypted data stream to the internal recipient in the first network. - View Dependent Claims (18)
-
Specification