Data processing systems with format-preserving encryption and decryption engines
First Claim
1. A method for encrypting a data string using an encryption engine in a data processing system, comprising:
- obtaining a data string containing characters, wherein the data string has a format specifying a legal set of character values for each of its characters;
processing the data string to remove any extraneous characters from the data string that are present, wherein the processed data string contains a left-half string of characters that has a left-half format specifying a legal set of character values for each of its characters and contains a right-half string of characters that has a right-half format specifying a legal set of character values of each of its characters;
encoding the processed data string using at least one index of sequential index values each of which corresponds to a respective one of the character values in the legal set of character values for the characters of the data string, wherein the encoded data string includes an encoded version of the left-half string of characters and an encoded version of the right-half string of characters;
encrypting the encoded data string using a format-preserving block cipher, wherein the format-preserving block cipher receives the encoded data string as input and produces a corresponding encrypted encoded data string as output, wherein encrypting the encoded data string using the format-preserving block cipher comprises using a subkey generation algorithm and a format-preserving combining operation to process the encoded data string, wherein the subkey generation algorithm receives a key as an input, wherein the subkey generation algorithm is used in generating at least first and second subkeys, wherein the format-preserving combining operation preserves the left-half format of the left-half string of characters when combining the encoded version of the left-half string of characters with the first subkey, and wherein the format-preserving combining operation preserves the right-half format of the right-half string of characters when combining the encoded version of the right-half string of characters with the second subkey; and
using the index, decoding the encrypted encoded data string to produce a decoded encrypted data string with characters in the legal set of characters.
14 Assignments
0 Petitions
Accused Products
Abstract
A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format.
-
Citations
15 Claims
-
1. A method for encrypting a data string using an encryption engine in a data processing system, comprising:
-
obtaining a data string containing characters, wherein the data string has a format specifying a legal set of character values for each of its characters; processing the data string to remove any extraneous characters from the data string that are present, wherein the processed data string contains a left-half string of characters that has a left-half format specifying a legal set of character values for each of its characters and contains a right-half string of characters that has a right-half format specifying a legal set of character values of each of its characters; encoding the processed data string using at least one index of sequential index values each of which corresponds to a respective one of the character values in the legal set of character values for the characters of the data string, wherein the encoded data string includes an encoded version of the left-half string of characters and an encoded version of the right-half string of characters; encrypting the encoded data string using a format-preserving block cipher, wherein the format-preserving block cipher receives the encoded data string as input and produces a corresponding encrypted encoded data string as output, wherein encrypting the encoded data string using the format-preserving block cipher comprises using a subkey generation algorithm and a format-preserving combining operation to process the encoded data string, wherein the subkey generation algorithm receives a key as an input, wherein the subkey generation algorithm is used in generating at least first and second subkeys, wherein the format-preserving combining operation preserves the left-half format of the left-half string of characters when combining the encoded version of the left-half string of characters with the first subkey, and wherein the format-preserving combining operation preserves the right-half format of the right-half string of characters when combining the encoded version of the right-half string of characters with the second subkey; and using the index, decoding the encrypted encoded data string to produce a decoded encrypted data string with characters in the legal set of characters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for processing a data string using a computer-implemented system, comprising:
-
obtaining a data string containing characters; with an encryption engine, encoding the data string using at least one index of sequential index values to produce an encoded string; and with the encryption engine, encrypting the encoded string using a format-preserving block cipher to produce an encrypted string, wherein the format-preserving block cipher receives the encoded string as input and produces the encrypted string as output, wherein the encoded string includes an encoded version of a left half of the data string containing characters in a left-half format and an encoded version of a right half of the data string containing characters in a right-half format, and wherein encrypting the encoded string comprises using a format-preserving combining operation that preserves the left-half format of the left half of the data string when combining the encoded version of the left half of the data string with a first subkey and that preserves the right-half format of the right half of the data string when combining the encoded version of the right half of the data string with a second subkey, wherein encrypting the encoded string using the format-preserving block cipher comprises encrypting the encoded string using a block cipher having a structure based on a Luby-Rackoff construction and wherein using the format-preserving combining operation comprises using addition mod x, where x is an integer, the method further comprising decrypting the encrypted string using the format-preserving block cipher, wherein decrypting the encrypted string using the format-preserving block cipher comprises decrypting the encrypted string using the block cipher having the structure based on the Luby-Rackoff construction and wherein decrypting the encrypted string using the block cipher comprises decrypting the encrypted string using the subkey generation algorithm and using addition mod x, where x is an integer. - View Dependent Claims (13, 14)
-
-
15. A method for encrypting a data string using an encryption engine in a data processing system, comprising:
-
obtaining a data string containing characters, wherein the data string has a format specifying a legal set of character values for each of its characters, at least two of the legal sets of character values being different from each other; processing the data string to remove any extraneous characters from the data string that are present; encoding the processed data string using at least two different index mappings, wherein each index mapping defines a mapping between the legal set of character values for a given character position in the data string and a corresponding index of sequential index values; encrypting the encoded data string using a format-preserving block cipher, wherein the format-preserving block cipher receives the encoded data string as input and produces a corresponding encrypted encoded data string as output; and using the at least two different index mappings, decoding the encrypted encoded data string to produce a decoded encrypted data string with characters in the legal sets of characters, wherein the encoded data string includes an encoded version of a left half of the data string containing characters in a left-half format and an encoded version of a right half of the data string containing characters in a right-half format, and wherein encrypting the encoded data string comprises using a format-preserving combining operation that preserves the left-half format of the left half of the data string when combining the encoded version of the left half of the data string with a first subkey and that preserves the right-half format of the right half of the data string when combining the encoded version of the right half of the data string with a second subkey.
-
Specification