SYSTEM AND METHOD FOR TOKENIZATION OF DATA FOR STORAGE IN A CLOUD
First Claim
1. A method of obfuscating data in a data object, comprising:
- receiving, by an intercepting proxy server computer, the data object from a client device;
at the intercepting proxy server computer, generating a modified data object for transmission to a server computer in a cloud, comprising;
(i) identifying a real data element in the data object;
(ii) creating a token having a random token value;
(iii) concatenating a predetermined prefix and the random token value to generate a replacement value;
(iv) storing the real data element in a look up table indexed by the random token value; and
(v) replacing the real data element with the replacement value, thus generating the modified data object.
10 Assignments
0 Petitions
Accused Products
Abstract
An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens which are randomly generated. To the cloud application real data are only visible as tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. The obfuscating tokens are not computationally related to the original sensitive value. Each intercepted real data element is stored in a local persistent storage layer, and indexed by the corresponding obfuscating token, allowing the real data element to be retrieved when the token is returned from the cloud, for delivery to the user.
44 Citations
29 Claims
-
1. A method of obfuscating data in a data object, comprising:
-
receiving, by an intercepting proxy server computer, the data object from a client device; at the intercepting proxy server computer, generating a modified data object for transmission to a server computer in a cloud, comprising; (i) identifying a real data element in the data object; (ii) creating a token having a random token value; (iii) concatenating a predetermined prefix and the random token value to generate a replacement value; (iv) storing the real data element in a look up table indexed by the random token value; and (v) replacing the real data element with the replacement value, thus generating the modified data object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An intercepting proxy server computer, comprising:
-
a processor; a memory having computer readable instructions stored thereon for execution by the processor, causing the processor to obfuscate data in a data object, comprising; receiving a data object from a client device; generating a modified data object for transmission to a server computer in a cloud, comprising; (i) identifying a real data element in the data object; (ii) creating a token having a random token value; (iii) concatenating a predetermined prefix and the token value to generate a replacement value; (iv) storing the real data element in a look up table indexed by the random token value; and (v) replacing the real data element with the replacement value, thus generating the modified data object. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 28)
-
-
19. An intercepting proxy server computer, comprising:
-
a processor including a network input/output (TO) system configured to receive a data object from a client device; a memory having computer readable instructions stored thereon for execution by the processor, causing the processor to obfuscate data in a data object and generate a modified data object for transmission to a server computer in a cloud, forming; a tooling module configured to identify a real data element in the data object; a random token generator configured to create a token having a random token value; a look up table for storing the real data element indexed by the random token value; a token packaging module configured to concatenate a predetermined prefix and the random token value to generate a replacement value and to replace the real data element with the replacement value, thus generating the modified data object. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 29)
-
Specification