A system and method for extending data protection of data elements of a data packet beyond a TLS tunnel termination point by using encryption keys established when the TLS tunnel was established. The system and method include authenticating a client device to establish a shared secret. The system and method include receiving a data packet comprising a data element and an object identifier associated with the data element, the data element encrypted with a first content-specific key associated with the shared secret, the data packet encrypted with a session key. The system and method include decrypting the data packet using the session key to recover a decrypted data packet. The system and method include determining an existence of an object identifier in the decrypted data packet. The system and method include decrypting the data element of the decrypted data packet using a second content-specific key associated with the object identifier.