| 发明名称 |
Selective Encryption Configuration |
| 摘要 |
Encoding a partially encrypted data stream may include receiving, at an edge encryption proxy, an unencrypted data stream, evaluating the unencrypted data stream using communication encryption rules including rule conditions and content mappings, determining whether the rule conditions match on the unencrypted data stream, and on a condition that the rule condition matches on the unencrypted data stream, and identifying a portion of the unencrypted data stream corresponding to the content mapping as a candidate sensitive portion. On a condition that the data encryption configuration information indicates that a data storage container corresponding to a matching content mapping is configured for storing sensitive information, generating an encrypted portion by encrypting the candidate sensitive portion, generating a partially encrypted data stream, including the encrypted portion, and unencrypted insensitive portions of the unencrypted data stream, and omitting the candidate sensitive portion, and transmitting or storing the partially encrypted data stream. |
| 申请公布号 |
US2017126638(A1) |
申请公布日期 |
2017.05.04 |
| 申请号 |
US201615190613 |
申请日期 |
2016.06.23 |
| 申请人 |
ServiceNow, Inc. |
发明人 |
Ye Antonio;Barron-Kraus Kyle |
| 分类号 |
H04L29/06;G06F21/62;G06F21/60 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for encoding a partially encrypted data stream, the method comprising:
receiving, at an edge encryption proxy, an unencrypted data stream; evaluating the unencrypted data stream using communication encryption rules, wherein each communication encryption rule from the communication encryption rules includes a rule condition and a content mapping, and wherein evaluating the unencrypted data stream using the communication encryption rules includes:
determining whether the rule condition matches on the unencrypted data stream, andon a condition that the rule condition matches on the unencrypted data stream:
identifying a portion of the unencrypted data stream corresponding to the content mapping as a candidate sensitive portion;identifying a data storage container based on the content mapping;identifying data encryption configuration information corresponding to the data storage container;on a condition that the data encryption configuration information indicates that the data storage container is configured for storing sensitive information:
identifying the candidate sensitive portion as a sensitive portion,generating an encrypted portion by encrypting the sensitive portion,including a preceding portion of the unencrypted data stream in a partially encrypted data stream, the preceding portion preceding the sensitive portion in the unencrypted data stream,including the encrypted portion in the partially encrypted data stream subsequent to the preceding portion, andincluding a subsequent portion of the unencrypted data stream in the partially encrypted data stream subsequent to the encrypted portion, the subsequent portion subsequent to the sensitive portion in the unencrypted data stream; and transmitting or storing the partially encrypted data stream. |
| 地址 |
Santa Clara CA US |
