Data processing systems with format-preserving encryption and decryption engines
First Claim
1. A method for encrypting a data string using an encryption engine in a data processing system, comprising:
- obtaining a data string containing characters, wherein the data string has a format specifying a legal set of character values for each of its characters;
processing the data string to remove any extraneous characters from the data string that are present;
encoding the processed data string using at least one index of sequential index values each of which corresponds to a respective one of the character values in the legal set of character values;
encrypting the encoded data string using a format-preserving block cipher; and
using the index, decoding the encrypted encoded data string to produce a decoded encrypted data string with characters in the legal set of characters.
14 Assignments
0 Petitions
Accused Products
Abstract
A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format.
-
Citations
22 Claims
-
1. A method for encrypting a data string using an encryption engine in a data processing system, comprising:
-
obtaining a data string containing characters, wherein the data string has a format specifying a legal set of character values for each of its characters; processing the data string to remove any extraneous characters from the data string that are present; encoding the processed data string using at least one index of sequential index values each of which corresponds to a respective one of the character values in the legal set of character values; encrypting the encoded data string using a format-preserving block cipher; and using the index, decoding the encrypted encoded data string to produce a decoded encrypted data string with characters in the legal set of characters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for processing a data string using a computer-implemented system, comprising:
-
obtaining a data string containing characters; with an encryption engine, encoding the data string using at least one index of sequential index values; and with the encryption engine, encrypting the encoded string using a format-preserving block cipher to produce an encrypted string. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A method for encrypting a data string using an encryption engine in a data processing system, comprising:
-
obtaining a data string containing characters, wherein the data string has a format specifying a legal set of character values for each of its characters, at least two of the legal sets of character values being different from each other; processing the data string to remove any extraneous characters from the data string that are present; encoding the processed data string using at least two different index mappings, wherein each index mapping defines a mapping between the legal set of character values for a given character position in the data string and a corresponding index of sequential index values; encrypting the encoded data string using a format-preserving block cipher; and using the at least two different index mappings, decoding the encrypted encoded data string to produce a decoded encrypted data string with characters in the legal sets of characters.
-
Specification