SYSTEM AND METHOD OF DATA INTERCEPTION AND CONVERSION IN A PROXY
First Claim
1. A method of obfuscating data in a data object, comprising:
- receiving, by an intercepting proxy server computer, the data object from a client device;
at the intercepting proxy server computer, generating a modified data object for transmission to a server computer in a cloud, comprising;
(i) identifying a real data element in the data object;
(ii) creating a token having a token value by encrypting the real data element;
(iii) concatenating a predetermined prefix and the token value to generate a replacement value; and
(iv) replacing the real data element with the replacement value, thus generating the modified data object.
10 Assignments
0 Petitions
Accused Products
Abstract
An intercepting proxy server processes traffic between an enterprise user and a cloud application which provides Software as a Service (SaaS). The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating information by encrypting individual real data elements without disturbing the validity of the application protocol. To the processing cloud application real data are only visible as encrypted tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding sensitive real data. In this way, the enterprise is able to enjoy the benefits of the cloud application, while protecting the privacy of real data.
36 Citations
26 Claims
-
1. A method of obfuscating data in a data object, comprising:
-
receiving, by an intercepting proxy server computer, the data object from a client device; at the intercepting proxy server computer, generating a modified data object for transmission to a server computer in a cloud, comprising; (i) identifying a real data element in the data object; (ii) creating a token having a token value by encrypting the real data element; (iii) concatenating a predetermined prefix and the token value to generate a replacement value; and (iv) replacing the real data element with the replacement value, thus generating the modified data object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An intercepting proxy server computer, comprising:
-
a processor; a memory having computer readable instructions stored thereon for execution by the processor, causing the processor to obfuscate data in a data object, comprising; receiving a data object from a client device; generating a modified data object for transmission to a server computer in a cloud, comprising; (i) identifying a real data element in the data object; (ii) creating a token having a token value by encrypting the real data element; (iii) concatenating a predetermined prefix and the token value to generate a replacement value; and (v) replacing the real data element with the replacement value, thus generating the modified data object. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An intercepting proxy server computer, comprising:
-
a processor including a network input/output (TO) system configured to receive a data object from a client device; a memory having computer readable instructions stored thereon for execution by the processor, causing the processor to obfuscate data in a data object and generate a modified data object for transmission to a server computer in a cloud, the computer readable instructions forming; a tooling module for identifying a real data element in the data object; a token generator module for creating a token having a token value by encrypting the real data element; a token packaging module for concatenating a predetermined prefix and the token value to generate a replacement value, and replacing the real data element with the replacement value, thus generating the modified data object. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
Specification