Format preserving encryption methods for data strings with constraints
First Claim
1. A method for performing cryptographic operations using computing equipment, comprising:
- with the computing equipment, obtaining a plaintext version of a string of characters that have a given format, wherein the plaintext version of the string includes a first checksum value computed using a given checksum algorithm;
with the computing equipment, applying a format preserving encryption algorithm to the string to produce an encrypted version of the string that complies with the given format, wherein the encrypted version of the string includes a second checksum value;
with the computing equipment, applying the given checksum algorithm to the encrypted version of the string, not including the second checksum value, to produce a third checksum value;
with the computing equipment, determining that the second checksum value is a valid checksum value for the encrypted version of the string by determining that the second checksum value matches the third checksum value;
when the second checksum value is a valid checksum value for the encrypted version of the string, halting further application of the format preserving encryption algorithm with the computing equipment and using the encrypted string as ciphertext corresponding to the plaintext version of the string; and
when the second checksum value is not a valid checksum value for the encrypted version of the string, applying the format preserving encryption algorithm to the encrypted version of the string with the computing equipment at least one additional time to alter the encrypted version of the string until the second checksum value is a valid checksum value for the encrypted version of the string and the encrypted version of the string serves as ciphertext corresponding to the plaintext version of the string.
14 Assignments
0 Petitions
Accused Products
Abstract
Format preserving encryption (FPE) cryptographic engines are provided for performing encryption and decryption on strings. A plaintext string may be converted to ciphertext by repeated application of a format preserving encryption cryptographic algorithm. Following each application of the format preserving cryptographic algorithm, the resulting version of the string may be analyzed to determine whether desired string constraints have been satisfied. If the string constraints have not been satisfied, further applications of the format preserving cryptographic algorithm may be performed. If the string constraints have been satisfied, the current version of the string may be used as an output for the cryptographic engine.
-
Citations
4 Claims
-
1. A method for performing cryptographic operations using computing equipment, comprising:
-
with the computing equipment, obtaining a plaintext version of a string of characters that have a given format, wherein the plaintext version of the string includes a first checksum value computed using a given checksum algorithm; with the computing equipment, applying a format preserving encryption algorithm to the string to produce an encrypted version of the string that complies with the given format, wherein the encrypted version of the string includes a second checksum value; with the computing equipment, applying the given checksum algorithm to the encrypted version of the string, not including the second checksum value, to produce a third checksum value; with the computing equipment, determining that the second checksum value is a valid checksum value for the encrypted version of the string by determining that the second checksum value matches the third checksum value; when the second checksum value is a valid checksum value for the encrypted version of the string, halting further application of the format preserving encryption algorithm with the computing equipment and using the encrypted string as ciphertext corresponding to the plaintext version of the string; and when the second checksum value is not a valid checksum value for the encrypted version of the string, applying the format preserving encryption algorithm to the encrypted version of the string with the computing equipment at least one additional time to alter the encrypted version of the string until the second checksum value is a valid checksum value for the encrypted version of the string and the encrypted version of the string serves as ciphertext corresponding to the plaintext version of the string. - View Dependent Claims (2)
-
-
3. A method for performing cryptographic operations using computing equipment, comprising:
-
with the computing equipment, obtaining a plaintext version of a string of characters that have a given format, wherein the plaintext version of the string includes a first checksum value computed using a given checksum algorithm; with the computing equipment, applying a format preserving encryption algorithm to the string to produce an encrypted version of the string that complies with the given format, wherein the encrypted version of the string includes a second checksum value; with the computing equipment, applying the given checksum algorithm to the encrypted version of the string, not including the second checksum value, to produce a third checksum value; with the computing equipment, determining that the second checksum value is a valid checksum value for the encrypted version of the string by determining that the second checksum value matches the third checksum value; when the second checksum value is an invalid checksum value for the encrypted version of the string, halting further application of the format preserving encryption algorithm with the computing equipment and using the encrypted string as ciphertext corresponding to the plaintext version of the string; and when the second checksum value is a valid checksum value for the encrypted version of the string, applying the format preserving encryption algorithm to the encrypted version of the string with the computing equipment at least one additional time to alter the encrypted version of the string until the second checksum value is an invalid checksum value for the encrypted version of the string and the encrypted version of the string serves as ciphertext corresponding to the plaintext version of the string. - View Dependent Claims (4)
-
Specification