Format-preserving cryptographic systems
First Claim
1. A method for cryptographically processing credit card numbers, the method comprising:
- obtaining, by a first application running on first computing equipment, a credit card number from another application;
sending, by the first application, over a communication network, to a key server a request for a key, wherein the request comprises a first identifier and a validity period;
receiving, by the first application, a key corresponding to the request from the key server;
by the first application, generating an index value corresponding to the validity period, encrypting the credit card number using the key, and generating a ciphertext using the encrypted credit card number and the index value;
transmitting, by the first application, the ciphertext to a second application on second computing equipment;
by the second application, extracting the encrypted credit card number and the index value from the ciphertext and retrieving the validity period using the extracted index value;
transmitting, by the second application, a second identifier and the validity period to the key server over the communication network, wherein the second identifier is equivalent to the first identifier;
receiving, by the second application, the key corresponding to the second identifier and the validity period; and
decrypting, by the second application, the encrypted credit card number using the received key.
6 Assignments
0 Petitions
Accused Products
Abstract
Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.
-
Citations
7 Claims
-
1. A method for cryptographically processing credit card numbers, the method comprising:
-
obtaining, by a first application running on first computing equipment, a credit card number from another application; sending, by the first application, over a communication network, to a key server a request for a key, wherein the request comprises a first identifier and a validity period; receiving, by the first application, a key corresponding to the request from the key server; by the first application, generating an index value corresponding to the validity period, encrypting the credit card number using the key, and generating a ciphertext using the encrypted credit card number and the index value; transmitting, by the first application, the ciphertext to a second application on second computing equipment; by the second application, extracting the encrypted credit card number and the index value from the ciphertext and retrieving the validity period using the extracted index value; transmitting, by the second application, a second identifier and the validity period to the key server over the communication network, wherein the second identifier is equivalent to the first identifier; receiving, by the second application, the key corresponding to the second identifier and the validity period; and decrypting, by the second application, the encrypted credit card number using the received key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification