公开(公告)号：US08739265B2

公开(公告)日：2014-05-27

申请号：US13450809

申请日：2012-04-19

申请人： George Weilun Ang ,  John Harold Woelfel ,  Terrence Peter Woloszyn

发明人： George Weilun Ang ,  John Harold Woelfel ,  Terrence Peter Woloszyn

IPC分类号： H04L29/06 ,  G06F21/10

CPC分类号： H04L63/0281 ,  G06F21/10 ,  G06F21/602 ,  G09C1/00 ,  H04L61/2596 ,  H04L61/301 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/28

摘要： An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. In order for the sort order of the tokens to correspond to the sort order of the corresponding real data elements, a sort order preserving data compression is performed on parts of the real data elements, and the compressed values concatenated with the obfuscated tokens, thus producing sortable tokens which, even though they are obfuscated, appear in the correct sort order in the cloud application.

摘要翻译： 拦截代理服务器处理企业用户和云应用之间的流量。 拦截代理服务器提供从企业到云的通信中截取真实数据元素，并用模糊令牌替换它们。 由云中返回的结果中包含的令牌由拦截代理服务器拦截，并替换为相应的实际数据元素。 为了使令牌的分类顺序与对应的真实数据元素的分类顺序相对应，对实数据元素的一部分执行保留数据压缩的排序顺序，并将压缩值与混淆的令牌连接，从而产生 尽管它们被模糊化，但可以在云应用程序中以正确的排序顺序显示可排序的令牌。

公开(公告)号：US20120278897A1

公开(公告)日：2012-11-01

申请号：US13450809

申请日：2012-04-19

申请人： George Weilun ANG ,  John Harold Woelfel ,  Terrence Peter Woloszyn

发明人： George Weilun ANG ,  John Harold Woelfel ,  Terrence Peter Woloszyn

IPC分类号： G06F21/00

CPC分类号： H04L63/0281 ,  G06F21/10 ,  G06F21/602 ,  G09C1/00 ,  H04L61/2596 ,  H04L61/301 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/28

摘要： An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. In order for the sort order of the tokens to correspond to the sort order of the corresponding real data elements, a sort order preserving data compression is performed on parts of the real data elements, and the compressed values concatenated with the obfuscated tokens, thus producing sortable tokens which, even though they are obfuscated, appear in the correct sort order in the cloud application.

摘要翻译： 拦截代理服务器处理企业用户和云应用之间的流量。 拦截代理服务器提供从企业到云的通信中截取真实数据元素，并用模糊令牌替换它们。 由云中返回的结果中包含的令牌由拦截代理服务器拦截，并替换为相应的实际数据元素。 为了使令牌的分类顺序与对应的真实数据元素的分类顺序相对应，对实数据元素的一部分执行保留数据压缩的排序顺序，并将压缩值与混淆的令牌连接，从而产生 尽管它们被模糊化，但可以在云应用程序中以正确的排序顺序显示可排序的令牌。

公开(公告)号：US20120278504A1

公开(公告)日：2012-11-01

申请号：US13450879

申请日：2012-04-19

申请人： George Weilun ANG ,  Derek Jon Townsend ,  John Harold Woelful ,  Terrence Peter Woloszyn

发明人： George Weilun ANG ,  Derek Jon Townsend ,  John Harold Woelful ,  Terrence Peter Woloszyn

IPC分类号： G06F15/16

CPC分类号： H04L63/0281 ,  G06F21/10 ,  G06F21/602 ,  G09C1/00 ,  H04L61/2596 ,  H04L61/301 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/28

摘要： An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens which are randomly generated. To the cloud application real data are only visible as tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. The obfuscating tokens are not computationally related to the original sensitive value. Each intercepted real data element is stored in a local persistent storage layer, and indexed by the corresponding obfuscating token, allowing the real data element to be retrieved when the token is returned from the cloud, for delivery to the user.

摘要翻译： 拦截代理服务器处理企业用户和云应用之间的流量。 拦截代理服务器提供从企业到云端的通信中截取真实数据元素，并用随机生成的模糊令牌替换它们。 对于云应用，实际数据只能作为标记显示。 由云中返回的结果中包含的令牌由拦截代理服务器拦截，并替换为相应的实际数据元素。 混淆令牌在计算上与原始敏感值无关。 每个截取的真实数据元素存储在本地持久存储层中，并由相应的模糊令牌索引，从而允许在从云返回令牌时检索真实数据元素，以便传递给用户。

公开(公告)号：US09647989B2

公开(公告)日：2017-05-09

申请号：US13450829

申请日：2012-04-19

申请人： Terrence Peter Woloszyn

发明人： Terrence Peter Woloszyn

IPC分类号： G06F7/04 ,  H04L29/06 ,  G09C1/00 ,  H04L29/12 ,  G06F21/10 ,  G06F21/60 ,  H04L29/08

CPC分类号： H04L63/0281 ,  G06F21/10 ,  G06F21/602 ,  G09C1/00 ,  H04L61/2596 ,  H04L61/301 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/28

摘要： An intercepting proxy server processes traffic between an enterprise user and a cloud application which provides Software as a Service (SaaS). The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating information by encrypting individual real data elements without disturbing the validity of the application protocol. To the processing cloud application real data are only visible as encrypted tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding sensitive real data. In this way, the enterprise is able to enjoy the benefits of the cloud application, while protecting the privacy of real data.

公开(公告)号：US09021135B2

公开(公告)日：2015-04-28

申请号：US13450879

申请日：2012-04-19

申请人： George Weilun Ang ,  Derek Jon Townsend ,  John Harold Woelfel ,  Terrence Peter Woloszyn

发明人： George Weilun Ang ,  Derek Jon Townsend ,  John Harold Woelfel ,  Terrence Peter Woloszyn

IPC分类号： G06F15/16 ,  H04L29/06 ,  H04L29/12 ,  G06F21/10 ,  G06F21/60 ,  G09C1/00 ,  H04L29/08

CPC分类号： H04L63/0281 ,  G06F21/10 ,  G06F21/602 ,  G09C1/00 ,  H04L61/2596 ,  H04L61/301 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/28

摘要： An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens which are randomly generated. To the cloud application real data are only visible as tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. The obfuscating tokens are not computationally related to the original sensitive value. Each intercepted real data element is stored in a local persistent storage layer, and indexed by the corresponding obfuscating token, allowing the real data element to be retrieved when the token is returned from the cloud, for delivery to the user.

摘要翻译： 拦截代理服务器处理企业用户和云应用之间的流量。 拦截代理服务器提供从企业到云端的通信中的真实数据元素的截取，并用随机生成的模糊令牌替换它们。 对于云应用，实际数据只能作为标记显示。 由云中返回的结果中包含的令牌由拦截代理服务器拦截，并替换为相应的实际数据元素。 混淆令牌在计算上与原始敏感值无关。 每个截取的真实数据元素存储在本地持久存储层中，并被相应的模糊令牌索引，从而允许在从云返回令牌时检索真实数据元素，以便传递给用户。

公开(公告)号：US20120278872A1

公开(公告)日：2012-11-01

申请号：US13450781

申请日：2012-04-19

申请人： John Harold WOELFEL ,  Terrence Peter Woloszyn

发明人： John Harold WOELFEL ,  Terrence Peter Woloszyn

IPC分类号： G06F21/00 ,  G06F7/04

CPC分类号： H04L63/0281 ,  G06F21/10 ,  G06F21/602 ,  G09C1/00 ,  H04L61/2596 ,  H04L61/301 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/28

摘要： A Security Assertion Markup Language (SAML) conversation is intercepted in an enhanced Reverse Proxy server computer located in the path between a user and a server computer that provide cloud application services to the user. During authentication, the SAML assertion signature is modified in the enhanced Reverse Proxy such that the enhanced Reverse Proxy and the user can share an encryption key. The modified assertion signature permits a common session key to be shared by the enhanced Reverse Proxy and a targeted application in the server, thus enabling the user to be authenticated, and subsequently to communicate via the enhanced Reverse Proxy in a secure session with an application in the server.

摘要翻译： 安全断言标记语言（SAML）会话在位于用户和服务器计算机之间的路径中的增强型反向代理服务器计算机中被拦截，向用户提供云应用服务。 在认证期间，SAML断言签名在增强的反向代理中被修改，使得增强的反向代理和用户可以共享加密密钥。 修改的断言签名允许公共会话密钥由增强的反向代理和服务器中的目标应用共享，从而使得用户能够被认证，并随后通过安全会话中的增强型反向代理与应用程序进行通信 服务器。