SECURE FORMAT-PRESERVING ENCRYPTION OF DATA FIELDS
First Claim
1. A computer-implemented method, comprising:
- extracting first key derivation data from a first row of data to be stored in a database, wherein the database comprises two or more rows of data;
generating, by a computer processor, a first encryption subkey by combining the first key derivation data with a static key, wherein one or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and wherein the first encryption subkey is unique to the first row among the two or more rows of the database;
encrypting the one or more sensitive fields in the first row of data with format-preserving encryption using the first encryption subkey; and
storing the first row of data, comprising the encrypted one or more sensitive fields, in the database.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.
17 Citations
6 Claims
-
1. A computer-implemented method, comprising:
-
extracting first key derivation data from a first row of data to be stored in a database, wherein the database comprises two or more rows of data; generating, by a computer processor, a first encryption subkey by combining the first key derivation data with a static key, wherein one or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and wherein the first encryption subkey is unique to the first row among the two or more rows of the database; encrypting the one or more sensitive fields in the first row of data with format-preserving encryption using the first encryption subkey; and storing the first row of data, comprising the encrypted one or more sensitive fields, in the database. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsArnold, Todd W., Dayka, John C., Hart, Steven R., Jackson, Geoffrey G., Powers, Eysha S., Sweeny, James W.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06F 16/22 Indexing; Data structures t...G06F 21/6227 where protection concerns t...G06F 21/6245 Protecting personal data, e...
