Systems for structured encryption using embedded information in data strings
First Claim
1. A method for encrypting data entries in a data file using an encryption engine in a data processing system, comprising:
- with processing circuitry in the data processing system, encrypting a first data entry in the data file using an encryption key; and
with the processing circuitry, embedding information associated with the encryption key that was used to encrypt the first data entry in a second data entry in the data file, wherein embedding the information associated with the encryption key comprises;
compressing the second data entry;
combining the information associated with the encryption key that was used to encrypt the first data entry and the compressed second data entry to form an augmented data entry that includes the information associated with the encryption key and the compressed second data entry;
encrypting the augmented data entry using an additional encryption key; and
combining additional information associated with the additional encryption key with the encrypted augmented data entry.
12 Assignments
0 Petitions
Accused Products
Abstract
A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Encryption and decryption engines may include embedded-format-preserving encryption and decryption engines. Embedded-format-preserving encryption engines may be used to encrypt data strings and embed information in data strings. Information corresponding to a format-preserving encryption operation of a data string may be embedded in an associated data string. The associated data string may be encrypted before or after embedding the information in the associated data string. The embedded information may include key management data that corresponds to a managed encryption key that was used to encrypt the data string.
-
Citations
23 Claims
-
1. A method for encrypting data entries in a data file using an encryption engine in a data processing system, comprising:
-
with processing circuitry in the data processing system, encrypting a first data entry in the data file using an encryption key; and with the processing circuitry, embedding information associated with the encryption key that was used to encrypt the first data entry in a second data entry in the data file, wherein embedding the information associated with the encryption key comprises; compressing the second data entry; combining the information associated with the encryption key that was used to encrypt the first data entry and the compressed second data entry to form an augmented data entry that includes the information associated with the encryption key and the compressed second data entry; encrypting the augmented data entry using an additional encryption key; and combining additional information associated with the additional encryption key with the encrypted augmented data entry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for decrypting encrypted data entries in a data file using a decryption engine in a data processing system having processing circuitry, the method comprising:
-
with the processing circuitry, obtaining a data entry that includes information associated with an encryption key and an encrypted data entry; with the processing circuitry, extracting the information associated with the encryption key and the encrypted data entry from the data entry, wherein the encrypted data entry has been encrypted using the encryption key; with the processing circuitry, decrypting the extracted encrypted data entry using the extracted information associated with the encryption key to generate an augmented data entry that includes additional information associated with an additional encryption key and an unencrypted data entry; with the processing circuitry, extracting the additional information associated with the additional encryption key and the unencrypted data entry from the augmented data entry; with the processing circuitry, obtaining an additional encrypted data entry; and with the processing circuitry, decrypting the additional encrypted data entry using the extracted additional information associated with the additional encryption key. - View Dependent Claims (15, 16, 17, 18, 23)
-
-
19. A method for securely storing a data string in a database implemented using computing equipment comprising:
-
encrypting the data string using a format-preserving encryption engine and an encryption key; embedding key management data associated with the encryption key in an additional data string; and storing the encrypted data string and the additional data string that includes the embedded key management data in associated fields of the database, wherein embedding the key management data associated with the encryption key in the additional data string comprises; combining the key management data associated with the encryption key that was used to encrypt the data string and the additional data string to form an augmented data string that includes the key management data associated with the encryption key and the additional data string; encrypting the augmented data string using an additional encryption key; and combining additional key management data associated with the additional encryption key with the encrypted augmented data entry. - View Dependent Claims (20, 21, 22)
-
Specification