主权项 |
1. Apparatus, operative in an overlay network comprising an infrastructure shared by third parties that publish web content, at least one third party publishing to the overlay network an e-commerce web site having a web-based front-end, and an order management back-end, the apparatus comprising:
a processor; computer memory storing computer program instructions executed by the processor to:
render one or more non-secure pages of the e-commerce web site web-based front-end;responsive to receipt from an end user client of a request to check-out from the e-commerce web site, establishing a first secure transport link from the requesting client to a sensitive data handling module, and establishing a second secure transport link from the sensitive data handling module to the order management back-end;the sensitive data handling module operative to:
receive over the first secure transport link a message that includes sensitive data, the message directed to the order management back-end;determine an identity of an issuing entity associated with the sensitive data;parse the message to extract at least a portion of the sensitive data;apply to the portion of the sensitive data extracted a public key of the issuing entity whose identity was determined to generate a value V;determine whether the value V is associated with an identifier W associated with the order management back-end;in response to determining that the value V is associated with an identifier W associated with the order management back-end, retrieve a token T that associates (V,W), and forward the message including the token onward to the order management back-end over the second secure transport link;in response to determining that the value V is not associated with an identifier W associated with the order management back-end, generate a new token that associates (V,W), and forward the message including the new token onward to the order management back-end over the second secure transport link;receive a response from the order management back-end that includes one of: the token and the new token, previously forwarded with the message;in response to receiving the response from the third party domain, retrieve the value V and issue a new request including the value V, the new request issued to a computing entity at which a secret key associated with the public key is available; andreceive a response from the computing entity indicating that a transaction associated with the sensitive data is authorized to proceed, the computing entity having applied the secret key to the value V to identify the sensitive data. |