FORMAT-PRESERVING CRYPTOGRAPHIC SYSTEMS
First Claim
1. A method for performing encryption at computing equipment, comprising:
- obtaining an encoded binary value representing an unencrypted string in a given format;
applying a block cipher to the encoded binary value to produce a block cipher output;
after each application of the block cipher, determining whether the block cipher output is representative of a string in the given format; and
whenever it is determined that the block cipher output is not representative of a string in the given format, applying the block cipher an additional time to update the block cipher output.
12 Assignments
0 Petitions
Accused Products
Abstract
Format-preserving encryption and decryption processes are provided. The encryption and decryption processes may use a block cipher. A string that is to be encrypted or decrypted may be converted to a unique binary value. The block cipher may operate on the binary value. If the output of the block cipher that is produced is not representative of a string that is in the same format as the original string, the block cipher may be applied again. The block cipher may be repeatedly applied in this way during format-preserving encryption operations and during format-preserving decryption operations until a format-compliant output is produced. Selective access may be provided to portions of a string that have been encrypted using format-preserving encryption.
-
Citations
21 Claims
-
1. A method for performing encryption at computing equipment, comprising:
-
obtaining an encoded binary value representing an unencrypted string in a given format; applying a block cipher to the encoded binary value to produce a block cipher output; after each application of the block cipher, determining whether the block cipher output is representative of a string in the given format; and whenever it is determined that the block cipher output is not representative of a string in the given format, applying the block cipher an additional time to update the block cipher output. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for performing decryption at computing equipment, comprising:
-
obtaining an encoded binary value representing an encrypted string in a given format; applying a block cipher to the encoded binary value to produce a block cipher output; after each application of the block cipher, determining whether the block cipher output is representative of a string in the given format; and whenever it is determined that the block cipher output is not representative of a string in the given format, applying the block cipher an additional time to update the block cipher output. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for using at least first and second cryptographic keys to provide at least first and second users with selective access to the contents of a string, comprising:
-
with format-preserving encryption, encrypting a first plaintext part of the string using the first cryptographic key to produce first ciphertext that is in the same format as the first plaintext part while leaving a second plaintext part of the string unencrypted; and with format-preserving encryption following encryption of the first plaintext part of the string, encrypting both the second plaintext part of the string and the first ciphertext to produce second ciphertext, wherein the second ciphertext is in the same format as the string. - View Dependent Claims (18, 19, 20, 21)
-
Specification