×

Method and system for handling sensitive data in a content delivery network

  • US 8,799,674 B1
  • Filed: 12/06/2010
  • Issued: 08/05/2014
  • Est. Priority Date: 12/04/2009
  • Status: Active Grant
First Claim
Patent Images

1. Apparatus, comprising:

  • a hardware processor;

    computer memory holding computer program instructions that when executed by the hardware processor perform a set of operations under the control of configuration data that includes one or more keys, each key in the configuration data being a public key of a cryptographic key pair associated with one of a set of issuing entities, the public key having an associated secret key that is available at a computing entity distinct and remote from the apparatus, the set of operations comprising;

    receiving a message body that includes sensitive data, the message body being a component of a message directed to a third party domain;

    determining an identity of an issuing entity associated with the sensitive data;

    parsing the message body to extract at least a portion of the sensitive data;

    applying to the portion of the sensitive data extracted the public key of the issuing entity whose identity was determined to generate a value V;

    discarding the portion of the sensitive data extracted;

    determining whether the value V is associated with an identifier W associated with a third party domain;

    in response to determining that the value V is associated with an identifier W associated with the third party domain, retrieving a token T that associates (V,W) and forwarding the message including the token onward to the third party domain;

    in response to determining that the value V is not associated with an identifier W associated with the third party domain, generating a new token that associates (V,W) and forwarding the message including the new token onward to the third party domain;

    receiving a response from the third party domain that includes the token or the new token previously forwarded with the message;

    in response to receiving the response from the third party domain, retrieving the value V and issuing a new request to the computing entity at which the secret key is available, the new request including the value V; and

    receiving a response from the computing entity indicating that a transaction associated with the sensitive data is authorized to proceed, the computing entity having applied the secret key to the value V to identify the sensitive data.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×