SECURE FORMAT-PRESERVING ENCRYPTION OF DATA FIELDS
First Claim
1. A computer-implemented method, comprising:
- extracting first key derivation data from a first row of data to be stored in a database, wherein the database comprises two or more rows of data;
generating, by a computer processor, a first encryption subkey by combining the first key derivation data with a static key, wherein one or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and wherein the first encryption subkey is unique to the first row among the two or more rows of the database;
encrypting the one or more sensitive fields in the first row of data with format-preserving encryption using the first encryption subkey; and
storing the first row of data, comprising the encrypted one or more sensitive fields, in the database.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.
17 Citations
6 Claims
-
1. A computer-implemented method, comprising:
-
extracting first key derivation data from a first row of data to be stored in a database, wherein the database comprises two or more rows of data; generating, by a computer processor, a first encryption subkey by combining the first key derivation data with a static key, wherein one or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and wherein the first encryption subkey is unique to the first row among the two or more rows of the database; encrypting the one or more sensitive fields in the first row of data with format-preserving encryption using the first encryption subkey; and storing the first row of data, comprising the encrypted one or more sensitive fields, in the database. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification