Format-preserving cryptographic systems

US 8,958,562 B2
Filed: 01/16/2007
Issued: 02/17/2015
Est. Priority Date: 01/16/2007
Status: Active Grant

First Claim

Patent Images

1. A method for performing decryption at computing equipment in a data processing system that has a key server, the method comprising:

at the computing equipment, obtaining ciphertext;

with the computing equipment, providing, to the key server, a key request that includes an identifier;

at the key server, selecting policy rules to apply to the key request based at least partly on whether the identifier includes a label indicating that the ciphertext is associated with a type of data used for payments;

at the key server, applying the selected policy rules to determine whether to fulfill the key request;

when the selected policy rules are satisfied, generating a key at the key server in fulfillment of the key request using a one-way function that accepts a root secret and the identifier as inputs;

at the key server, transmitting the key;

at the computing equipment, receiving the key; and

with a format-preserving decryption algorithm implemented on the computing equipment, decrypting the ciphertext using the key.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.

Citations

17 Claims

1. A method for performing decryption at computing equipment in a data processing system that has a key server, the method comprising:
- at the computing equipment, obtaining ciphertext;
  
  with the computing equipment, providing, to the key server, a key request that includes an identifier;
  
  at the key server, selecting policy rules to apply to the key request based at least partly on whether the identifier includes a label indicating that the ciphertext is associated with a type of data used for payments;
  
  at the key server, applying the selected policy rules to determine whether to fulfill the key request;
  
  when the selected policy rules are satisfied, generating a key at the key server in fulfillment of the key request using a one-way function that accepts a root secret and the identifier as inputs;
  
  at the key server, transmitting the key;
  
  at the computing equipment, receiving the key; and
  
  with a format-preserving decryption algorithm implemented on the computing equipment, decrypting the ciphertext using the key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method defined in claim 1 wherein generating the key comprises applying a hash function to the root secret and the identifier.
  - 3. The method defined in claim 1 wherein the identifier includes a credit card expiration date and wherein generating the key comprises applying the one-way function to the root secret and the identifier that includes the credit card expiration date.
  - 4. The method defined in claim 1 wherein the identifier includes a cardholder name and wherein generating the key comprises applying the one-way function to the root secret and the identifier that includes the cardholder name.
  - 5. The method defined in claim 1 wherein the identifier includes a policy name and wherein generating the key comprises applying a hash function to the root secret and the identifier that includes the policy name.
  - 6. The method defined in claim 1 wherein the identifier includes a validity period and wherein generating the key comprises applying the one-way function to the root secret and the identifier that includes the validity period.
  - 7. The method defined in claim 1 further comprising:
    - supplying authentication credentials to the key server from the computing equipment;
      
      at the key server, providing the authentication credentials to an authentication server;
      
      at the authentication server, verifying the authentication credentials and providing authentication results to the key server; and
      
      at the key server, generating the key only when the authentication results indicate that the authentication credentials are valid.
  - 8. The method defined in claim 1 further comprising:
    - supplying authentication credentials to an authentication server from the computing equipment;
      
      receiving an assertion from the authentication server at the computing equipment when the authentication credentials have been verified successfully at the authentication server; and
      
      providing the assertion to the key server from the computing equipment as part of the key request, wherein applying the selected policy rules at the key server to determine whether to fulfill the key request comprises verifying whether the assertion is valid and sufficient to satisfy the selected policy rules.
  - 9. The method defined in claim 1 further comprising:
    - at the key server, determining whether to fulfill the key request based at least partly on analyzing shared secret information, wherein the shared secret information is based on secret information that is shared between the key server and the computing equipment.
  - 10. The method defined in claim 1, wherein the type of data used for payments comprises credit card number data and wherein selecting the policy rules to apply to the key request further comprises selecting the policy rules based on whether the label indicates that the ciphertext includes a credit card number.
  - 11. The method defined in claim 10, wherein when the identifier in the key request comprises a card holder name associated with the credit card number, a credit card expiration date associated with the credit card number, and the label indicating that the ciphertext includes a credit card number, the key server selects the policy rules based on the card holder name, the credit card expiration date, and the label that indicates that the ciphertext includes the credit card number.
  - 12. The method defined in claim 11, further comprising:
    - with the computing equipment, generating the identifier in the key request as a data string that combines the credit card number, the credit card expiration date, and the label that indicates that the ciphertext includes the credit card number.
  - 13. The method defined in claim 1, wherein selecting the policy rules to apply to the key request comprises selecting a first policy rule when the identifier includes the label indicating that the ciphertext is associated with the type of data used for payments and selecting a second policy rule that is different from the first policy rule when the identifier does not include the label indicating that the ciphertext is associated with the type of data used for payments.
  - 14. The method defined in claim 1, wherein selecting the policy rules to apply to the key request comprises selecting a rule that requires that a key requester authenticate as part of a payment card industry Lightweight Directory Access Protocol (LDAP) group when the identifier identifies that the ciphertext is associated with a payment card industry.

15. A method for performing decryption at computing equipment in a data processing system that has a key server, the method comprising:
- at the computing equipment, obtaining ciphertext;
  
  with the computing equipment, providing, to the key server, a key request that includes an identifier;
  
  at the key server, selecting a first policy rule to apply to the key request when the identifier includes a label that identifies that the ciphertext includes a credit card number;
  
  at the key server, selecting a second policy rule, which is different from the first policy rule, to apply to the key request when the identifier does not include the label that identifies that the ciphertext includes the credit card number;
  
  at the key server, applying the first selected policy rule to determine whether to fulfill the key request when the identifier includes the label that identifies that the ciphertext includes the credit card number;
  
  at the key server, applying the second selected policy rule to determine whether to fulfill the key request when the identifier includes the label that identifies that the ciphertext includes the credit card number;
  
  when one of the first and second selected policy rules is satisfied, obtaining a key at the key server in fulfillment of the key request;
  
  at the key server, transmitting the key;
  
  at the computing equipment, receiving the key; and
  
  with a format-preserving decryption algorithm implemented on the computing equipment, decrypting the ciphertext using the key.
- View Dependent Claims (16, 17)
- - 16. The method defined in claim 15 wherein the identifier includes a credit card expiration date and wherein obtaining the key comprises retrieving the key from storage using the identifier that includes the credit card expiration date.
  - 17. The method defined in claim 15, wherein selecting the first policy rule comprises selecting a rule that requires that a key requester authenticate as part of a payment card industry Lightweight Directory Access Protocol (LDAP) group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
entIT Software LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Spies, Terence, Pauker, Matthew J.
Primary Examiner(s)
Davis, Zachary A

Application Number

US11/654,054
Publication Number

US 20080170693A1
Time in Patent Office

2,954 Days
Field of Search

709/227, 709/228, 705/39, 705/75, 705/64, 705/76, 705/71, 380/201, 380/28, 380277-279, 380/44, 726/28, 726/3, 726/5, 726/7, 726/1, 713/155, 713/168
US Class Current

380/279
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/083   involving central third par...

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3234   involving additional secure...

Format-preserving cryptographic systems

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Format-preserving cryptographic systems

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links