Method and system for handling sensitive data in a content delivery network
First Claim
Patent Images
1. Apparatus, comprising:
- a hardware processor;
computer memory holding computer program instructions that when executed by the hardware processor perform a set of operations under the control of configuration data that includes one or more keys, each key in the configuration data being a public key of a cryptographic key pair associated with one of a set of issuing entities, the public key having an associated secret key that is available at a computing entity distinct and remote from the apparatus, the set of operations comprising;
receiving a message body that includes sensitive data, the message body being a component of a message directed to a third party domain;
determining an identity of an issuing entity associated with the sensitive data;
parsing the message body to extract at least a portion of the sensitive data;
applying to the portion of the sensitive data extracted the public key of the issuing entity whose identity was determined to generate a value V;
discarding the portion of the sensitive data extracted;
determining whether the value V is associated with an identifier W associated with a third party domain;
in response to determining that the value V is associated with an identifier W associated with the third party domain, retrieving a token T that associates (V,W) and forwarding the message including the token onward to the third party domain;
in response to determining that the value V is not associated with an identifier W associated with the third party domain, generating a new token that associates (V,W) and forwarding the message including the new token onward to the third party domain;
receiving a response from the third party domain that includes the token or the new token previously forwarded with the message;
in response to receiving the response from the third party domain, retrieving the value V and issuing a new request to the computing entity at which the secret key is available, the new request including the value V; and
receiving a response from the computing entity indicating that a transaction associated with the sensitive data is authorized to proceed, the computing entity having applied the secret key to the value V to identify the sensitive data.
1 Assignment
0 Petitions
Accused Products
Abstract
Using cryptographic techniques, sensitive data is protected against disclosure in the event of a compromise of a content delivery network (CDN) edge infrastructure. These techniques obviate storage and/or transfer of such sensitive data, even with respect to payment transactions that are being authorized or otherwise enabled from CDN edge servers.
-
Citations
11 Claims
-
1. Apparatus, comprising:
-
a hardware processor; computer memory holding computer program instructions that when executed by the hardware processor perform a set of operations under the control of configuration data that includes one or more keys, each key in the configuration data being a public key of a cryptographic key pair associated with one of a set of issuing entities, the public key having an associated secret key that is available at a computing entity distinct and remote from the apparatus, the set of operations comprising; receiving a message body that includes sensitive data, the message body being a component of a message directed to a third party domain; determining an identity of an issuing entity associated with the sensitive data; parsing the message body to extract at least a portion of the sensitive data; applying to the portion of the sensitive data extracted the public key of the issuing entity whose identity was determined to generate a value V; discarding the portion of the sensitive data extracted; determining whether the value V is associated with an identifier W associated with a third party domain; in response to determining that the value V is associated with an identifier W associated with the third party domain, retrieving a token T that associates (V,W) and forwarding the message including the token onward to the third party domain; in response to determining that the value V is not associated with an identifier W associated with the third party domain, generating a new token that associates (V,W) and forwarding the message including the new token onward to the third party domain; receiving a response from the third party domain that includes the token or the new token previously forwarded with the message; in response to receiving the response from the third party domain, retrieving the value V and issuing a new request to the computing entity at which the secret key is available, the new request including the value V; and receiving a response from the computing entity indicating that a transaction associated with the sensitive data is authorized to proceed, the computing entity having applied the secret key to the value V to identify the sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, are operable to:
-
receive a message body that includes sensitive data, the message body being a component of a message directed to a third party domain; determine an identity of an issuing entity associated with the sensitive data; parsing the message body to extract at least a portion of the sensitive data; apply to the portion of the sensitive data extracted a public key of the issuing entity whose identity was determined to generate a value V, the public key having an associated secret key that is available at a remote computing entity; discard the portion of the sensitive data extracted; determine whether the value V is associated with an identifier W associated with a third party domain; in response to a determination that the value V is associated with an identifier W associated with the third party domain, retrieve a token T that associates (V,W) and forward the message including the token onward to the third party domain; in response to a determination that the value V is not associated with an identifier W associated with the third party domain, generate a new token that associates (V,W) and forward the message including the new token onward to the third party domain; receive a response from the third party domain that includes the token or the new token previously forwarded with the message; in response to receiving the response from the third party domain, retrieve the value V and issue a new request to the remote computing entity at which the secret key is available, the new request including the value V; and receive a response from the remote computing entity indicating that a transaction associated with the sensitive data is authorized to proceed, the computing entity having applied the secret key to the value V to identify the sensitive data.
-
Specification