Secure data redaction and masking in intercepted data interactions
First Claim
1. A computer usable program product for use with a security data processing system and an intercepting data processing system that is a separate structure from the security data processing system, the product comprising:
- a computer readable storage device; and
computer usable code stored in the computer readable storage device;
wherein the computer usable code includes code for;
receiving, by the security data processing system and from an intercepting agent executing in the intercepting data processing system, an intercepted packet;
applying, by the security data processing system, a security policy to the intercepted packet to determine whether data of the intercepted packet is non-compliant with a set of security policy(ies);
receiving, by the security data processing system, an indication of a network condition and a plurality of coding grammars, the indication of the network condition including a network traffic throughput metric, wherein the selected coding grammar comprises a representation of a combination of an operation and a data fragment, the combination being positioned at a position in the intercepted packet;
selecting, by the security data processing system, a selected coding grammar from the plurality of coding grammars based, at least in part, upon the network traffic throughput metric;
responsive to a determination that data of the intercepted packet is non-compliant with a set of security policy(ies), generating, by the security data processing system and according to the selected coding grammar, an instruction designed to cause a modification of the intercepted packet to make a revised packet that is compliant with the set of security policy(ies); and
sending the instruction from the security data processing system to the intercepting agent.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, and computer program product for modifying intercepted data interactions are provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the intercepted packet. In an instruction according to a coding grammar, a modification of the intercepted packet is encoded. The instruction is suited for the encoding under a circumstance of the modifying. The instruction is sent to the intercepting agent. The intercepting agent at the intercepting data processing system performs the modification according to the security policy and independently of the protocol.
10 Citations
7 Claims
-
1. A computer usable program product for use with a security data processing system and an intercepting data processing system that is a separate structure from the security data processing system, the product comprising:
-
a computer readable storage device; and computer usable code stored in the computer readable storage device; wherein the computer usable code includes code for; receiving, by the security data processing system and from an intercepting agent executing in the intercepting data processing system, an intercepted packet; applying, by the security data processing system, a security policy to the intercepted packet to determine whether data of the intercepted packet is non-compliant with a set of security policy(ies); receiving, by the security data processing system, an indication of a network condition and a plurality of coding grammars, the indication of the network condition including a network traffic throughput metric, wherein the selected coding grammar comprises a representation of a combination of an operation and a data fragment, the combination being positioned at a position in the intercepted packet; selecting, by the security data processing system, a selected coding grammar from the plurality of coding grammars based, at least in part, upon the network traffic throughput metric; responsive to a determination that data of the intercepted packet is non-compliant with a set of security policy(ies), generating, by the security data processing system and according to the selected coding grammar, an instruction designed to cause a modification of the intercepted packet to make a revised packet that is compliant with the set of security policy(ies); and sending the instruction from the security data processing system to the intercepting agent. - View Dependent Claims (2, 3, 4)
-
-
5. A computer system comprising:
-
an intercepting data processing sub-system; and a security data processing system; wherein the security data processing sub-system is structured, programmed and connected in data communication to; receive, from an intercepting agent executing in the intercepting data processing sub-system, an intercepted packet, apply a security policy to the intercepted packet to determine whether data of the intercepted packet is non-compliant with a set of security policy(ies), receive an indication of a network condition and a plurality of coding grammars, the indication of the network condition including a network traffic throughput metric, select a selected coding grammar from the plurality of coding grammars based, at least in part, upon the network traffic throughput metric, wherein the selected coding grammar comprises a representation of a combination of an operation and a data fragment, the combination being positioned at a position in the intercepted packet; responsive to a determination that data of the intercepted packet is non-compliant with a set of security policy(ies), generate, according to the selected coding grammar, an instruction designed to cause a modification of the intercepted packet to make a revised packet that is compliant with the set of security policy(ies), and send the instruction to the intercepting agent; and wherein the intercepting data processing sub-system is structured, programmed and connected in data communication to apply, by the intercepting agent, the instruction received from the security data processing sub-system to modify a copy of the intercepted packet according to the instruction whereby the copy of the intercepted packet is compliant with the set of security policy(ies). - View Dependent Claims (6, 7)
-
Specification