Methods and systems for proxying data

US 9,900,290 B2
Filed: 10/10/2016
Issued: 02/20/2018
Est. Priority Date: 10/07/2011
Status: Active Grant

First Claim

Patent Images

1. A method of storing data with an application server that preserves privacy of one or more data fields, the method including:

receiving, at a privacy proxy server, data representing a user input with first fields to be stored with an application server and at least one second field determined by the privacy proxy server to be encrypted based upon a rule indicating a type of data to encrypt and then stored by the application server;

forwarding the first fields, the second field encrypted, and a second field mark that indicates encryption of the second field to the application server to store;

the privacy proxy server querying the application server for a report that includes the second field encrypted and at least one of the first fields that has not been encrypted;

receiving from the application server the report comprising the at least one of the first fields in a report format and the second field encrypted with a report format placeholder;

distinguishing the second field in the report as having been stored by the application server based on an encoding authentication protocol established between the privacy proxy server and the application server;

wherein the report is marked with identification information that uniquely identifies the application server as storing at least the second field;

decrypting the second field and replacing the report format placeholder with the second field decrypted; and

causing display of the report with at least the second field decrypted;

and wherein the privacy proxy server determines whether the application server resides outside a jurisdiction of the privacy proxy server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for proxying data between an application server and a client device. One exemplary application system includes an application server to generate a virtual application and a proxy server coupled to the application server over a network to provide the virtual application to a client device. The proxy server receives input data from the client device and provides the input data to the application server, wherein the application server encodes the input data for an action in response to authenticating the proxy server and provides the data encoded for the action to the proxy server. The proxy server performs the action on the data and provides the result to the client device.

208 Citations

17 Claims

1. A method of storing data with an application server that preserves privacy of one or more data fields, the method including:
- receiving, at a privacy proxy server, data representing a user input with first fields to be stored with an application server and at least one second field determined by the privacy proxy server to be encrypted based upon a rule indicating a type of data to encrypt and then stored by the application server;
  
  forwarding the first fields, the second field encrypted, and a second field mark that indicates encryption of the second field to the application server to store;
  
  the privacy proxy server querying the application server for a report that includes the second field encrypted and at least one of the first fields that has not been encrypted;
  
  receiving from the application server the report comprising the at least one of the first fields in a report format and the second field encrypted with a report format placeholder;
  
  distinguishing the second field in the report as having been stored by the application server based on an encoding authentication protocol established between the privacy proxy server and the application server;
  
  wherein the report is marked with identification information that uniquely identifies the application server as storing at least the second field;
  
  decrypting the second field and replacing the report format placeholder with the second field decrypted; and
  
  causing display of the report with at least the second field decrypted;
  
  and wherein the privacy proxy server determines whether the application server resides outside a jurisdiction of the privacy proxy server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein decrypting the second field and replacing the report format placeholder includes the privacy proxy server detecting malicious code and performing a remedial action thereby preventing execution of the malicious code by a client.
  - 3. The method of claim 1, wherein the report format placeholder identifies one or more post-decryption actions bypassed by the application server.
  - 4. The method of claim 3, wherein the privacy proxy server performs the post-decryption actions on the second field decrypted.
  - 5. The method of claim 1, wherein decrypting the second field and replacing the report format placeholder further includes distinguishing a unique identifier associated with the application server and utilizing the unique identifier to identify operators of code generated by the application server from potentially malicious code.
  - 6. The method of claim 1, wherein encrypting the second field with the report format placeholder further includes marking the report format placeholder with a unique identifier associated with the application server.
  - 7. The method of claim 1, wherein decrypting the second field and replacing the report format placeholder further includes distinguishing the second field from the report format placeholder based on the encoding authentication protocol established between the privacy proxy server and the application server.

8. A non-transitory, computer-readable medium storing computer executable instructions configured to cause a processor to perform operations including:
- receiving, at a privacy proxy server, data representing a user input with first fields to be stored with an application server and at least one second field determined by the privacy proxy server to be encrypted based upon a rule indicating a type of data to encrypt and then stored by the application server;
  
  forwarding the first fields, the second field encrypted, and a second field mark that indicates encryption of the second field to the application server to store;
  
  querying the application server for a report that includes the second field encrypted and at least one of the first fields that has not been encrypted;
  
  receiving from the application server the report comprising the at least one of the first fields in a report format and the second field encrypted with a report format placeholder;
  
  distinguishing the second field in the report as having been stored by the application server based on an encoding authentication protocol established between the privacy proxy server and the application server;
  
  wherein the report is marked with identification information that uniquely identifies the application server as storing at least the second field;
  
  decrypting the second field and replacing the report format placeholder with the second field decrypted; and
  
  causing display of the report with at least the second field decrypted;
  
  and wherein the privacy proxy server determines whether the application server resides outside a jurisdiction of the privacy proxy server.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer-readable medium of claim 8, wherein decrypting the second field and replacing the report format placeholder includes the privacy proxy server detecting malicious code and performing a remedial action thereby preventing execution of the malicious code by a client.
  - 10. The computer-readable medium of claim 8, wherein decrypting the second field and replacing the report format placeholder further includes distinguishing a unique identifier associated with the application server and utilizing the unique identifier to identify operators of code generated by the application server from potentially malicious code.
  - 11. The computer-readable medium of claim 8, wherein encrypting the second field with the report format placeholder further includes marking the report format placeholder with a unique identifier associated with the application server.
  - 12. The computer-readable medium of claim 8, wherein decrypting the second field and replacing the report format placeholder further includes distinguishing the second field from the report format placeholder based on the encoding authentication protocol established between the privacy proxy server and the application server.

13. A method of processing data stored with an application server that preserves privacy of one or more data fields, the method including:
- receiving, from a privacy proxy server, data representing a user input with first fields and at least one encrypted second field to be stored at an application server, wherein the data includes a second field mark that indicates, to the application server, encryption of the encrypted second field;
  
  storing, at the application server, the first fields and the at least one encrypted second field by the privacy proxy server based on a rule indicating a type of data to encrypt appropriate to an organization;
  
  receiving, from the privacy proxy server, a query for a report that includes the encrypted second field and at least one of the first fields that has not been encrypted;
  
  retrieving the at least one of the first fields and the encrypted second field responsive to the query;
  
  using the application server to format the at least one of the first fields in a report format and to format the encrypted second field with a report format placeholder and to mark the report with identification information that uniquely identifies the application server as storing at least the encrypted second field; and
  
  forwarding the report for further computer-implemented processing.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the report format placeholder identifies one or more post-decryption actions bypassed by the application server.
  - 15. The method of claim 14, further including using the application server to generate code for a web page of a browser application running on a client device, wherein:
    - the code includes the encrypted second field within the web page; and
      
      the encrypted second field is marked with at least one post-decryption action bypassed by the application server.
  - 16. The method of claim 13, wherein using the application server to format the encrypted second field with the report format placeholder further includes marking the report format placeholder with a unique identifier associated with the application server.
  - 17. The method of claim 13, wherein using the application server to encrypt the encrypted second field with the report format placeholder further includes:
    - hashing the report format placeholder to a hexadecimal representation; and
      
      providing the hexadecimal representation as a parameter to a post-decryption function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gluck, Yoel
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US15/289,889
Publication Number

US 20170034136A1
Time in Patent Office

498 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/9038   Presentation of query results

G06F 16/9535   Search customisation based ...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/0884   by delegation of authentica...

H04L 63/126   the source of the received ...

H04L 63/1416   Event detection, e.g. attac...

H04L 67/56   Provisioning of proxy servi...

Methods and systems for proxying data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

208 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for proxying data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

208 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links