Patent attributes
A method and system for handling sensitive data required by an application in a secure computer system. An external computer system that is external to the secure computer system receives a transformed request message that includes one or more data aspects having tokenized data that has replaced transformed sensitive data after sensitive data in the one or more aspects had been transformed from a data format required by a service in the external computer system into a data format required by the application. The external computer system generates a response message from the transformed request message by including, in the response message, annotations with transform instructions for transforming the transformed sensitive data, from the data format required by the service into the data format required by the application, after the tokenized data has been replaced by the transformed sensitive data in the one or more data aspects.