Data processing systems with format-preserving encryption and decryption engines

US 8,855,296 B2
Filed: 12/13/2010
Issued: 10/07/2014
Est. Priority Date: 06/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting a data string to produce a corresponding encrypted data string using a format-preserving block cipher on a data processing system, comprising:

wherein the data string contains characters and has a format specifying a legal set of character values for each of the characters of the data string, wherein the data string contains a first string of characters that has a first format specifying a legal set of character values for each of the characters of the first string and contains a second string of characters that has a second format specifying a legal set of character values of each of the characters of the second string;

with a format-preserving combining operation, combining a first subkey with the first string of characters while preserving the first format of the first string of characters; and

with the format-preserving combining operation, combining a second subkey with the second string of characters while preserving the second format of the second string of characters.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format.

Citations

12 Claims

1. A method for encrypting a data string to produce a corresponding encrypted data string using a format-preserving block cipher on a data processing system, comprising:
- wherein the data string contains characters and has a format specifying a legal set of character values for each of the characters of the data string, wherein the data string contains a first string of characters that has a first format specifying a legal set of character values for each of the characters of the first string and contains a second string of characters that has a second format specifying a legal set of character values of each of the characters of the second string;
  
  with a format-preserving combining operation, combining a first subkey with the first string of characters while preserving the first format of the first string of characters; and
  
  with the format-preserving combining operation, combining a second subkey with the second string of characters while preserving the second format of the second string of characters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method defined in claim 1, further comprising:
    - before combining the first subkey with the first string of characters, encoding the data string using at least one index of sequential index values each of which corresponds to a respective one of the character values in the legal set of character values for the characters of the data string.
  - 3. The method defined in claim 2, further comprising:
    - using the index, decoding the encrypted data string to produce a decoded encrypted data string with characters having character values in the legal set of character values.
  - 4. The method defined in claim 3 further comprising:
    - generating the first and second subkeys using a subkey generation algorithm; and
      
      receiving a key as an input with the subkey generation algorithm.
  - 5. The method defined in claim 4 wherein generating the first and second subkeys using the subkey generation algorithm comprises using a cryptographic hash function to generate the first and second subkeys.
  - 6. The method defined in claim 4 wherein generating the first and second subkeys using the subkey generation algorithm comprises using a cryptographic message authentication code function to generate the first and second subkeys.
  - 7. The method defined in claim 1 further comprising decrypting the encrypted string using a subkey generation algorithm that generates the first and second subkeys and using addition mod x, where x is an integer.
  - 8. The method defined in claim 1 wherein at least one of the legal sets of character values of the data string comprises letters.
  - 9. The method defined in claim 1 wherein, for at least one of the characters in the data string, the legal set of character values for that character comprises ten character values.
  - 10. The method defined in claim 1 wherein the format-preserving combining operation comprises addition mod x, where x is an integer.
  - 11. The method defined in claim 1, wherein combining the first subkey with the first string of characters while preserving the first format of the first string of characters produces a corresponding third string of encrypted characters in the first format, the method further comprising:
    - using the format-preserving combining operation to combine a third subkey with the third string of encrypted characters while preserving the first format of the third string of encrypted characters.
  - 12. The method defined in claim 11, wherein combining the second subkey with the second string of characters while preserving the second format of the second string of characters produces a corresponding fourth string of characters in the second format, the method further comprising:
    - using the format-preserving combining operation to combine a fourth subkey with the fourth string of characters while preserving the second format of the fourth string of characters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Pauker, Matthew J., Spies, Terence, Martin, Luther W.
Primary Examiner(s)
Mehedi, Morshed

Application Number

US12/967,008
Publication Number

US 20140108813A1
Time in Patent Office

1,394 Days
Field of Search

380 28- 29, 380/44
US Class Current

380/28
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 2209/08   Randomization, e.g. dummy o...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0618   Block ciphers, i.e. encrypt...

Data processing systems with format-preserving encryption and decryption engines

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems with format-preserving encryption and decryption engines

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links