公开(公告)号：US09946895B1

公开(公告)日：2018-04-17

申请号：US14969686

申请日：2015-12-15

Applicant: Amazon Technologies, Inc.

Inventor： William Frederick Hingle Kruse ,  Matthew John Campagna ,  Nima Sharifi Mehr ,  Hardik Nagda ,  Radu Berciu ,  Gergory Branchek Roth

IPC: G06F21/62

CPC classification number: G06F21/6245 ,  G06F21/6227 ,  G06F21/6263

Abstract: Sensitive data can be obfuscated before being provided for processing (i.e., aggregating, sorting, grouping, or transforming) using a pair of keys to generate a token that contains the sensitive data. The token can include a synthetic initialization vector, generated using a first key, and a ciphertext portion including the sensitive data encrypted under a second key. This tokenization can be performed by a data service or by an intermediate service that acts as an overlay or proxy for the underlying data service. The tokenized data can be provided for processing, and can remain tokenized until being received by an entity or system having access to at least the second key. A receiving entity with access to the second key can decrypt the ciphertext to obtain the plaintext, and if the first key is available the entity can perform a further integrity check on the tokenized data.