Network data obfuscation
First Claim
1. A system comprising:
- an endpoint device connected to a first network, wherein the endpoint device includes a first obfuscation driver and the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode;
one or more processors connected to the first network, wherein a first obfuscation gateway executes on the one or more processors to;
initialize the first obfuscation driver operating in the active mode while the endpoint device is connected to the obfuscation gateway with a secure connection, wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection;
establish a first obfuscated communication session with the first obfuscation driver operating in the active mode;
receive, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission;
receive, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message;
de-obfuscate the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message;
forward the first de-obfuscated message to an application;
receive, from the application, a first response message including a second message payload;
create second de-obfuscation instructions associated with the first response message;
generate a second obfuscation seed from at least part of the first obfuscation seed;
send the second obfuscation seed to the first obfuscation driver;
receive, from the first obfuscation driver, a third obfuscation seed;
obfuscate the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message;
send, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message;
receive, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission;
receive, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and
de-obfuscate the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message.
3 Assignments
0 Petitions
Accused Products
Abstract
Network data obfuscation is disclosed. For example, an obfuscation driver is initialized in an endpoint device connected to an obfuscation gateway over a secure connection by collaboratively generating a unique machine identifier of the endpoint device. An obfuscated communication session is established between the obfuscation driver and the obfuscation gateway. Obfuscated messages including obfuscation seeds, de-obfuscation instructions and message payloads are exchanged between the obfuscation driver and the obfuscation gateway. Obfuscating and de-obfuscating a given message includes reordering a plurality of message segments of the message based on the de-obfuscation instructions. A de-obfuscated message from the obfuscation driver is forwarded to an application, and a response is obfuscated by the obfuscation gateway before being transmitted to the obfuscation driver. An obfuscation seed exchange occurs between the obfuscation gateway and the obfuscation driver while the application is processing the de-obfuscated message.
-
Citations
49 Claims
-
1. A system comprising:
-
an endpoint device connected to a first network, wherein the endpoint device includes a first obfuscation driver and the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode; one or more processors connected to the first network, wherein a first obfuscation gateway executes on the one or more processors to; initialize the first obfuscation driver operating in the active mode while the endpoint device is connected to the obfuscation gateway with a secure connection, wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection; establish a first obfuscated communication session with the first obfuscation driver operating in the active mode; receive, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission; receive, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message; de-obfuscate the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message; forward the first de-obfuscated message to an application; receive, from the application, a first response message including a second message payload; create second de-obfuscation instructions associated with the first response message; generate a second obfuscation seed from at least part of the first obfuscation seed; send the second obfuscation seed to the first obfuscation driver; receive, from the first obfuscation driver, a third obfuscation seed; obfuscate the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message; send, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message; receive, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission; receive, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and de-obfuscate the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A method comprising:
-
initializing a first obfuscation driver included in an endpoint device connected to a first network, wherein the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode, and wherein the first obfuscation driver is operating in the active mode while the endpoint device is connected to a first obfuscation gateway with a secure connection, and wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection; establishing a first obfuscated communication session between the first obfuscation driver operating in the active mode, and the first obfuscation gateway; receiving, by the first obfuscation gateway, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission; receiving, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message; de-obfuscating the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message; forwarding the first de-obfuscated message to an application; receiving, from the application, a first response message including a second message payload; creating second de-obfuscation instructions associated with the first response message; generating a second obfuscation seed from at least part of the first obfuscation seed; sending the second obfuscation seed to the first obfuscation driver; receiving, from the first obfuscation driver, a third obfuscation seed; obfuscating the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message; sending, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message; receiving, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission; receiving, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and de-obfuscating the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message. - View Dependent Claims (45, 46)
-
-
47. A computer-readable non-transitory storage medium storing executable instructions, which when executed by a computer system, cause the computer system to:
-
initialize a first obfuscation driver included in an endpoint device connected to a first network, wherein the first obfuscation driver is in one of two states, an uninitialized state and an initialized state, and the initialized state has an active mode and a passive mode, and wherein the first obfuscation driver is operating in the active mode while the endpoint device is connected to a first obfuscation gateway with a secure connection, and wherein initializing the first obfuscation driver includes collaboratively generating a first unique machine identifier of the endpoint device by the first obfuscation driver and the first obfuscation gateway over the secure connection; establish a first obfuscated communication session between the first obfuscation driver operating in the active mode, and the first obfuscation gateway; receive, by the first obfuscation gateway, from the first obfuscation driver, a first obfuscated message of the first obfuscated communication session, wherein the first obfuscated message includes a first obfuscation seed and a first message payload, the first obfuscated message is received from the first endpoint device over the first network, and the first obfuscated message is received as a first plurality of message segments, the first plurality of message segments being reordered prior to transmission; receive, from the first obfuscation driver, first de-obfuscation instructions associated with the first obfuscated message; de-obfuscate the first obfuscated message, including reordering the first plurality of message segments based on the first de-obfuscation instructions resulting in a first de-obfuscated message; forward the first de-obfuscated message to an application; receive, from the application, a first response message including a second message payload; create second de-obfuscation instructions associated with the first response message; generate a second obfuscation seed from at least part of the first obfuscation seed; send the second obfuscation seed to the first obfuscation driver; receive, from the first obfuscation driver, a third obfuscation seed; obfuscate the first response message by reordering a second plurality of message segments of the first response message based on the second de-obfuscation instructions resulting in a first obfuscated response message; send, to the first obfuscation driver, the second de-obfuscation instructions and the first obfuscated response message, wherein the third obfuscation seed is included in the first obfuscated response message; receive, from the first obfuscation driver, a second obfuscated message of the first obfuscated communication session, wherein the second obfuscated message includes a fourth obfuscation seed and a third message payload, the second obfuscated message is received from the first endpoint device over the first network, and the second obfuscated message is received as a third plurality of message segments, the third plurality of message segments being reordered prior to transmission; receive, from the first obfuscation driver, third de-obfuscation instructions associated with the second obfuscated message; and de-obfuscate the second obfuscated message, including reordering the third plurality of message segments based on the third de-obfuscation instructions resulting in a second de-obfuscated message. - View Dependent Claims (48, 49)
-
Specification