System, apparatus and method for encryption and decryption of data transmitted over a network

US 9,002,976 B2
Filed: 12/30/2010
Issued: 04/07/2015
Est. Priority Date: 09/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving input text at an intermediate module from a client device;

processing said input text at the intermediate module to obtain processed text, wherein said processing comprises including a bait in said processed text;

transmitting the processed text to the server, wherein the server is adapted to transform text received from the client device by applying at least one of a plurality of transformations;

upon request, receiving at said intermediate module transformed processed text from the server, said server having applied at least one of said plurality of transformations to said processed text to obtain said transformed processed text; and

determining by said intermediate module at least one of said transformations applied by said server based on a comparison between the bait in the processed text and the bait in the transformed processed text.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securing data transmitted between a client device and a server by obtaining input text at an intermediate module, processing the input text to obtain processed text, and transmitting the processed text to the server. According to one embodiment of the invention, the intermediate module may add excess information (referred to herein as bait) to encrypted user data in known locations. Such bait may be used when processed user data is received at the intermediate module in order to infer the kind of transformation applied to processed user data. Non-limiting examples of transformations for which bait may be used are application of a certain character encoding scheme and HTML tag elimination.

Citations

16 Claims

1. A method comprising:
- receiving input text at an intermediate module from a client device;
  
  processing said input text at the intermediate module to obtain processed text, wherein said processing comprises including a bait in said processed text;
  
  transmitting the processed text to the server, wherein the server is adapted to transform text received from the client device by applying at least one of a plurality of transformations;
  
  upon request, receiving at said intermediate module transformed processed text from the server, said server having applied at least one of said plurality of transformations to said processed text to obtain said transformed processed text; and
  
  determining by said intermediate module at least one of said transformations applied by said server based on a comparison between the bait in the processed text and the bait in the transformed processed text.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - applying a reverse transformation on said processed text to obtain unprocessed input text; and
      
      modifying said unprocessed input text based on said at least one determined transformation.
  - 3. The method of claim 2, further comprising:
    - sending said modified unprocessed input text to said client device.
  - 4. The method of claim 1,wherein at least one transformation of said plurality of transformations comprises replacement of at least one transformable character in said processed text with a matching replacement character or replacement character string, andwherein including bait in said processed text comprises including said at least one transformable character in said processed text.
  - 5. The method of claim 4, further comprising:
    - applying a reverse transformation on said processed text to obtain unprocessed input text; and
      
      modifying said unprocessed input text by replacing said at least one transformable character in said unprocessed input text with said matching replacement character or replacement character string.
  - 6. The method of claim 5, further comprising:
    - sending said modified unprocessed input text to said client device.
  - 7. The method of claim 1,wherein at least one transformation of said plurality of transformations comprises omitting HTML tags in said processed text, andwherein including bait in said processed text comprises including an HTML tag in said processed text.
  - 8. The method of claim 7, further comprising:
    - applying a reverse transformation on said processed text to obtain unprocessed input text;
      
      modifying said unprocessed input text by omitting HTML tags contained therein; and
      
      sending said modified unprocessed input text to said client device.

9. A system for securing data transmitted between a client device and a server, wherein the server is adapted to transform text received from said client device by applying at least one of a plurality of transformations, said system comprising:
- a memory; and
  
  a controller, the controller configured to;
  
  receive input text;
  
  process said input text to obtain processed text by including a bait in said processed text;
  
  transmit the processed text to the server;
  
  upon request, receive transformed processed text from the server, said server having applied at least one of said plurality of transformations to said processed text to obtain said transformed processed text; and
  
  determine at least one of said transformations applied by said server based on a comparison between the bait in the processed text and the bait in the transformed processed text.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein said controller is further configured to:
    - apply a reverse transformation on said processed text to obtain unprocessed input text; and
      
      modify said unprocessed input text based on said at least one determined transformation.
  - 11. The system of claim 10, wherein said controller is further configured to:
    - send said modified unprocessed input text to said client device.
  - 12. The system of claim 9,wherein at least one transformation of said plurality of transformations comprises replacement of at least one transformable character in said processed text with a matching replacement character or replacement character string, andwherein said controller is to process said input text to obtain processed text by including said at least one transformable character in said processed text.
  - 13. The system of claim 12, wherein said controller is further configured to:
    - apply a reverse transformation on said processed text to obtain unprocessed input text; and
      
      modify said unprocessed input text by replacing said at least one transformable character in said unprocessed input text with said matching replacement character or replacement character string.
  - 14. The method of claim 13, wherein said controller is further configured to:
    - send said modified unprocessed input text to said client device.
  - 15. The system of claim 9,wherein at least one transformation of said plurality of transformations comprises omission of HTML tags in said processed text, andwherein said controller is to process said input text to obtain processed text by including an HTML tag in said processed text.
  - 16. The system of claim 15, wherein said controller is further to:
    - apply a reverse transformation on said processed text to obtain unprocessed input text;
      
      modify said unprocessed input text by omitting HTML tags contained therein; and
      
      send said modified unprocessed input text to said client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CyberArk Software Ltd.
Original Assignee
Vaultive Ltd.
Inventors
Matzkel, Ben, Tal, Maayan, Lahav, Aviad
Primary Examiner(s)
Hamza, Faruk
Assistant Examiner(s)
Voltaire, Jean F

Application Number

US12/982,690
Publication Number

US 20110167129A1
Time in Patent Office

1,559 Days
Field of Search

709/206, 709/216, 709/217, 709/219, 713/183
US Class Current

709/217
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/6227   where protection concerns t...

H04L 51/00   User-to-user messaging in p...

H04L 51/066   Format adaptation, e.g. for...

H04L 51/212   using filtering or selectiv...

H04L 51/226   Delivery according to prior...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/126   the source of the received ...

H04L 67/01   Protocols

H04L 67/06   specially adapted for file ...

H04L 67/535   Tracking the activity of th...

H04L 67/568   Storing data temporarily at...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/40   Network security protocols

System, apparatus and method for encryption and decryption of data transmitted over a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System, apparatus and method for encryption and decryption of data transmitted over a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links