| CPC G06F 21/6218 (2013.01) [G06F 21/335 (2013.01); H04L 9/3213 (2013.01); G06F 2221/2107 (2013.01); H04L 2209/16 (2013.01)] | 20 Claims |
|
1. A computer-implemented method, comprising, at a first service of a computing resource service provider:
obtaining, from a first application running on the first service, a structured data payload comprising a plurality of data fields;
determining, according to a first policy associated with a data field of the plurality of data fields, a manner in which to obfuscate the data field;
obfuscating the data field according to the determined manner, thereby obtaining an obfuscated data field;
generating a sealed data payload by at least replacing the data field with the obfuscated data field;
transmitting the sealed data payload; and
at a second service of the computing resource service provider:
obtaining the sealed data payload;
generating an output data payload by at least de-obfuscating the obfuscated data field according to a second policy associated with the second service; and
making the output data payload available to a second application running on the second service,
wherein one or more of the data fields of the plurality of structured data fields of the structured data payload were de-obfuscated according to a third policy applicable to the one or more of the data fields of the plurality of structured data fields of the structured data payload.
|