System and method of sort-order preserving tokenization
First Claim
1. A method of obfuscating data in a data object, comprising:
- receiving, by an intercepting proxy server computer, the data object from a client device;
at the intercepting proxy server computer, generating a modified data object for transmission to a server computer in a cloud, comprising;
(i) identifying a real data element in the data object;
(ii) creating a token having a token value;
(iii) generating a sort-order preserving prefix based on the real data element;
(iv) concatenating the sort-order preserving prefix and the token value to generate a replacement value; and
(v) replacing the real data element with the replacement value, thus generating the modified data object;
further comprising;
receiving a returned data object, comprising a returned data element, from the server computer in the cloud;
identifying the returned data element as a token-to-be-replaced;
replacing the token-to-be-replaced with the real data element, thereby generating a modified returned data object; and
transmitting the modified returned data object to the client device.
10 Assignments
0 Petitions
Accused Products
Abstract
An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. In order for the sort order of the tokens to correspond to the sort order of the corresponding real data elements, a sort order preserving data compression is performed on parts of the real data elements, and the compressed values concatenated with the obfuscated tokens, thus producing sortable tokens which, even though they are obfuscated, appear in the correct sort order in the cloud application.
-
Citations
43 Claims
-
1. A method of obfuscating data in a data object, comprising:
-
receiving, by an intercepting proxy server computer, the data object from a client device; at the intercepting proxy server computer, generating a modified data object for transmission to a server computer in a cloud, comprising; (i) identifying a real data element in the data object; (ii) creating a token having a token value; (iii) generating a sort-order preserving prefix based on the real data element; (iv) concatenating the sort-order preserving prefix and the token value to generate a replacement value; and (v) replacing the real data element with the replacement value, thus generating the modified data object; further comprising; receiving a returned data object, comprising a returned data element, from the server computer in the cloud; identifying the returned data element as a token-to-be-replaced; replacing the token-to-be-replaced with the real data element, thereby generating a modified returned data object; and transmitting the modified returned data object to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An intercepting proxy server computer, comprising:
-
a processor; a memory having computer readable instructions stored thereon for execution by the processor, causing the processor to obfuscate data in a data object, comprising; receiving a data object from a client device; generating a modified data object for transmission to a server computer in a cloud, comprising; (i) identifying a real data element in the data object; (ii) creating a token having a token value; (iii) generating a sort-order preserving prefix based on the real data element; (iv) concatenating the sort-order preserving prefix and the token value to generate a replacement value; and (v) replacing the real data element with the replacement value, thus generating the modified data object; further comprising computer readable instructions stored in the memory for execution by the processor, causing the processor to; receive a returned data object, comprising a returned date element, from the server computer in the cloud; identify the returned data element as a token-to-be-replaced; replace the token-to-be-replaced with the real data element, thereby generating a modified returned data object; and transmit the modified returned data object to the client device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An intercepting proxy server computer, comprising:
-
a processor comprising a network input/output (IO) system configured to receive a data object from a client device; a memory having computer readable instructions stored thereon for execution by the processor, forming; a tooling module configured to identify a real data element in the data object; a token generator module configured to create a token having a token value; a compression module configured to generate a sort-order preserving prefix based on the real data element; and a token packaging module configured to concatenate the sort-order preserving prefix and the token value to generate a replacement value and to replace the real data element with the replacement value, thus generating the modified data object; wherein; the network input/output (IO) system is further configured to receive a returned data object, comprising a returned data element, from the server computer in the cloud; the tooling module is further configured to identify the returned data element as a token-to-be-replaced; the intercepting proxy server computer further comprising a context formatting module configured to replace the token-to-be-replaced with the real data element, thereby generating a modified returned data object; and the network input/output (IO) system is further configured to transmit the modified returned data object to the client device. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method of obfuscating data in a data object to generate a modified data object for use in a cloud application, comprising:
-
(i) identifying a real data element in the data object; (ii) creating a token having a token value; (iii) generating a sort-order preserving prefix based on the real data element; (iv) generating a sort-order preserving prefix from a predetermined portion of the real data element; (v) concatenating the sort-order preserving prefix and the token value to generate a replacement value; (vi) replacing the real data element with the replacement value, thus generating the modified data object; and (vii) storing the real data element in a look up table indexed with the token value; further comprising; obtaining a second modified data object comprising the replacement value; identifying the replacement value as having the token value; retrieving the real data element from the look up table by indexing with the token value; replacing the token-to-be-replaced with the real data element, thereby restoring the real data element in the second modified data object. - View Dependent Claims (43)
-
Specification