Method and system for handling sensitive data in a content delivery network

摘要

Using cryptographic techniques, sensitive data is protected against disclosure in the event of a compromise of a content delivery network (CDN) edge infrastructure. These techniques obviate storage and/or transfer of such sensitive data, even with respect to payment transactions that are being authorized or otherwise enabled from CDN edge servers.

主权项

1. Apparatus, operative in an overlay network comprising an infrastructure shared by third parties that publish web content, at least one third party publishing to the overlay network an e-commerce web site having a web-based front-end, and an order management back-end, the apparatus comprising:
a processor; computer memory storing computer program instructions executed by the processor to:
render one or more non-secure pages of the e-commerce web site web-based front-end;responsive to receipt from an end user client of a request to check-out from the e-commerce web site, establishing a first secure transport link from the requesting client to a sensitive data handling module, and establishing a second secure transport link from the sensitive data handling module to the order management back-end;the sensitive data handling module operative to:
receive over the first secure transport link a message that includes sensitive data, the message directed to the order management back-end;determine an identity of an issuing entity associated with the sensitive data;parse the message to extract at least a portion of the sensitive data;apply to the portion of the sensitive data extracted a public key of the issuing entity whose identity was determined to generate a value V;determine whether the value V is associated with an identifier W associated with the order management back-end;in response to determining that the value V is associated with an identifier W associated with the order management back-end, retrieve a token T that associates (V,W), and forward the message including the token onward to the order management back-end over the second secure transport link;in response to determining that the value V is not associated with an identifier W associated with the order management back-end, generate a new token that associates (V,W), and forward the message including the new token onward to the order management back-end over the second secure transport link;receive a response from the order management back-end that includes one of: the token and the new token, previously forwarded with the message;in response to receiving the response from the third party domain, retrieve the value V and issue a new request including the value V, the new request issued to a computing entity at which a secret key associated with the public key is available; andreceive a response from the computing entity indicating that a transaction associated with the sensitive data is authorized to proceed, the computing entity having applied the secret key to the value V to identify the sensitive data.