-
公开(公告)号:US20160034442A1
公开(公告)日:2016-02-04
申请号:US14814311
申请日:2015-07-30
发明人: Vichai Levy , Yigal Rozenberg , Rajnish Jain , Ulf Mattsson
CPC分类号: H04L67/42 , G06F21/6263 , H04L63/04 , H04L63/0421 , H04L67/02 , H04L67/10 , H04L67/2823
摘要: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.
摘要翻译: 本文描述了用于实现数据安全性的网关设备。 网关设备耦合在客户端设备和服务器设备之间,并且生成从客户端设备接收的数据的部分和客户端设备的接口字段或数据元素之间的映射。 在从客户端设备接收到后续数据时,网关设备可以访问生成的映射,以使用映射来识别对应于客户端设备的特定接口字段或数据元素的后续数据的部分,并且可以对后续数据的标识部分进行编码 ,例如基于由安全策略定义的数据保护技术。 然后,编码数据可以由网关设备输出到服务器设备。
-
公开(公告)号:US20150312246A1
公开(公告)日:2015-10-29
申请号:US14738830
申请日:2015-06-13
发明人: Ulf Mattsson , Yigal Rozenberg
CPC分类号: G06F21/6254 , G06F17/277 , G06F17/30312 , G06F17/30477 , G06F17/30914 , G06F19/00 , G06F21/6245 , G16H10/60 , H04L63/0823
摘要: Data can be protected in a centralized tokenization environment. A request to tokenize sensitive data is received by an endpoint. A token for use in tokenizing the sensitive data is identified. A token certificate store is queried for a token certificate associated with the identified token. The token certificate can include a token status and use rules describing a permitted use of the token. Responsive to the token certificate store storing the queried token certificate, the endpoint tokenizes the sensitive data using the identified token if the token status indicates the token is available, and subject to the use rules included in the token certificate being satisfied. The token certificate is updated based on the tokenization of the sensitive data with the identified token and stored at the token certificate store.
摘要翻译: 数据可以在集中的标记化环境中进行保护。 端点接收到对敏感数据进行标记化的请求。 识别用于标记敏感数据的令牌。 查询与所标识的令牌相关联的令牌证书的令牌证书存储。 令牌证书可以包括令牌状态和描述允许使用令牌的使用规则。 响应于存储查询令牌证书的令牌证书存储库,如果令牌状态指示令牌可用,则该端点使用所识别的令牌对敏感数据进行标记,并且满足包含在令牌证书中的使用规则。 令牌证书是根据敏感数据的标识符与已识别的令牌进行更新的,并存储在令牌证书存储中。
-
公开(公告)号:US20150089574A1
公开(公告)日:2015-03-26
申请号:US14479816
申请日:2014-09-08
发明人: Ulf Mattsson , Yigal Rozenberg , Raul Ortega
CPC分类号: G06F17/30315 , G06F17/30336 , G06F17/30339 , G06F21/602 , G06F21/6227 , G06F21/6245 , G06F21/6254
摘要: Shuffling data stored in columnar tables improves data storage security, particularly when used in conjunction with other security operations, such as tokenization and cryptography. A data table is accessed, and pointer values of at least one column of the accessed table are shuffled, generating a protected table. An index table mapping index values to the shuffled pointer values is generated, allowing a user with access to both the protected table and the index table to generate the original table. Without both tables, users are only able to see either the shuffled data or the index values. Example shuffling methods include, but are not limited to, random shuffling, grouped shuffling, sorting by column value, and sorting by index value.
摘要翻译: 存储在列表中的混洗数据可提高数据存储的安全性,特别是与其他安全操作(如标记化和加密)结合使用时。 访问数据表,并且访问的表的至少一列的指针值被混洗,生成受保护的表。 生成索引表将索引值映射到混洗指针值,允许具有对受保护表和索引表的访问权限的用户生成原始表。 没有这两个表,用户只能看到混洗数据或索引值。 示例洗牌方法包括但不限于随机洗牌,分组洗牌,按列值排序,并按索引值进行排序。
-
公开(公告)号:US20130212007A1
公开(公告)日:2013-08-15
申请号:US13761009
申请日:2013-02-06
发明人: Ulf Mattsson , Yigal Rozenberg
IPC分类号: G06Q20/38
CPC分类号: G06Q20/405 , G06F21/606 , G06F21/6245 , G06Q20/20 , G06Q20/32 , G06Q20/322 , G06Q20/3223 , G06Q20/34 , G06Q20/367 , G06Q20/382 , G06Q20/3821 , G06Q20/3823 , G06Q20/3829 , G06Q20/385 , G06Q20/4014 , G06Q2220/00 , H04L63/0428 , H04L2209/56 , H04W12/02
摘要: Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.
摘要翻译: 可以通过各种令牌化操作在移动和支付环境中保护数据。 移动设备可以基于与移动设备相关联的设备信息和会话信息对通信数据进行标记。 支付终端可以基于与交易相关联的交易信息,在交易期间标记在支付终端处接收到的支付信息。 首先令牌化的第一组令牌表,并且根据第一支付实体的第一组令牌化参数,可以利用第二组令牌表并根据第二组令牌化参数进行重新标记化或重新标记。 可以基于一个或多个所选择的使用规则将支付信息标记化并作为令牌卡发送到移动设备,并且用户可以基于令牌卡请求交易。 如果事务满足所选择的使用规则,则可以授权事务。
-
公开(公告)号:US11750681B2
公开(公告)日:2023-09-05
申请号:US17492589
申请日:2021-10-02
发明人: Vichai Levy , Yigal Rozenberg , Rajnish Jain , Ulf Mattsson
CPC分类号: H04L67/01 , G06F21/6263 , H04L63/04 , H04L63/0421 , H04L67/02 , H04L67/10 , H04L67/565
摘要: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.
-
公开(公告)号:US11727135B2
公开(公告)日:2023-08-15
申请号:US17667761
申请日:2022-02-09
发明人: Yigal Rozenberg , Ulf Mattsson
IPC分类号: G06F21/62
CPC分类号: G06F21/6218 , G06F21/6227 , G06F2221/2113
摘要: Database entries can be protected by indexing the entries using a plurality of indexes, each associated with a level of access rights. A level of access rights can be determined from a search query, and an index can be selected based on the determined level of access rights. A search key can be generated based on the received query, and the selected index can be searched using the search query. Database entries mapped to the values of the selected index returned in response to the search can be outputted. Each index is associated with a different granularity defining the number and/or ambiguity of search results returned in response to searching an index.
-
公开(公告)号:US11669637B2
公开(公告)日:2023-06-06
申请号:US17492590
申请日:2021-10-02
发明人: Yigal Rozenberg , Ulf Mattsson
IPC分类号: G06F21/62 , G06F16/245 , G06F16/22
CPC分类号: G06F21/6254 , G06F16/2282 , G06F16/245
摘要: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the generation process to be performed locally at the two endpoints independently of an external tokenization table provider. New tokenization tables can periodically be distributed to the endpoints as a new starting point for derivation.
-
公开(公告)号:US11586832B2
公开(公告)日:2023-02-21
申请号:US17177676
申请日:2021-02-17
发明人: Ulf Mattsson , David Clyde Williamson , Yigal Rozenberg , Vichai Levy , Raul Ortega , Denis Scherbakov , Fredrik Mörtberg
摘要: Unicode data can be protected in a distributed tokenization environment. Data to be tokenized can be accessed or received by a security server, which instantiates a number of tokenization pipelines for parallel tokenization of the data. Unicode token tables are accessed by the security server, and each tokenization pipeline uses the accessed token tables to tokenization a portion of the data. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The outputs of the tokenization pipelines are combined, producing tokenized data, which can be provided to a remote computing system for storage or processing.
-
公开(公告)号:US20230013306A1
公开(公告)日:2023-01-19
申请号:US17945998
申请日:2022-09-15
摘要: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.
-
公开(公告)号:US11537704B2
公开(公告)日:2022-12-27
申请号:US17070930
申请日:2020-10-15
发明人: Yigal Rozenberg , Pierre Burlin , Jan Boberg
摘要: Access to a shared library API is restricted for a customer application by a security system. A profile for each of a plurality of trusted applications is generated and stored in a security database. When a customer application attempts to access the shared library API, the customer application is verified by extracting a customer application profile for the customer application, comparing the customer application profile with each stored trusted application profile, and verifying that the customer application can access the shared library API based on the comparison. Based on the verification, the customer application may be allowed to or access to the shared library API or may be prevented from accessing the shared library API.
-
-
-
-
-
-
-
-
-
搜索结果
116 条记录 (耗时 0.016 秒)
