| CPC H04L 9/088 (2013.01) | 20 Claims |
|
1. A system for providing data protection, the system comprising:
one or more processors; and
a non-transitory, computer-readable storage medium storing instructions, which, when executed by the one or more processors cause the one or more processors to:
receive data at a first device located in a first datacenter in a first jurisdiction from a second device located in a second datacenter in a second jurisdiction, wherein the data comprises a plurality of data fields, and wherein the plurality of data fields comprises a first set of fields encrypted into a corresponding token representing corresponding field data and a second set of fields not encrypted into the corresponding token, and wherein the first set of fields comprises sensitive data to be controlled by the second device in the second jurisdiction;
store the data at the first device;
receive, at the first device from a third device, a data request wherein the data request comprises a request for one or more data fields from the first set of fields encrypted into the corresponding token;
in response to receiving the data request from the third device, request, from the second device by the first device, based on each data field of the one or more data fields from the first set of fields, a decrypting cryptographic function and a cryptographic key for decrypting the one or more data fields from the first set of fields;
receive, at the first device, the decrypting cryptographic function and the cryptographic key from the second device;
upon receiving the decrypting cryptographic function and the cryptographic key, decrypt by the first device, field data within the one or more data fields using the decrypting cryptographic function and the cryptographic key to obtain one or more decrypted data fields;
transmit, by the first device, a response to the data request comprising the one or more decrypted data fields;
based on a rule change within the second jurisdiction, receive, by the first device from the second device, an instruction to encrypt a field of the second set of fields into the corresponding token, wherein the field that has not been designated sensitive previously and has now been designated as sensitive;
encrypt, by the first device, value data within the field of the second set of fields into one or more new tokens, wherein the one or more new tokens are decrypted using a different cryptographic function and a different cryptographic key; and
replace, by the first device, the value data within the field with the one or more new tokens.
|