Format-preserving cryptographic systems

US 9,208,491 B2
Filed: 12/02/2013
Issued: 12/08/2015
Est. Priority Date: 01/16/2007
Status: Active Grant

First Claim

Patent Images

1. A method for cryptographically processing credit card numbers, the method comprising:

obtaining, by a first application running on first computing equipment, a credit card number from another application;

sending, by the first application, over a communication network, to a key server a request for a key, wherein the request comprises a first identifier and a validity period;

receiving, by the first application, a key corresponding to the request from the key server;

by the first application, generating an index value corresponding to the validity period, encrypting the credit card number using the key, and generating a ciphertext using the encrypted credit card number and the index value;

transmitting, by the first application, the ciphertext to a second application on second computing equipment;

by the second application, extracting the encrypted credit card number and the index value from the ciphertext and retrieving the validity period using the extracted index value;

transmitting, by the second application, a second identifier and the validity period to the key server over the communication network, wherein the second identifier is equivalent to the first identifier;

receiving, by the second application, the key corresponding to the second identifier and the validity period; and

decrypting, by the second application, the encrypted credit card number using the received key.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.

Citations

7 Claims

1. A method for cryptographically processing credit card numbers, the method comprising:
- obtaining, by a first application running on first computing equipment, a credit card number from another application;
  
  sending, by the first application, over a communication network, to a key server a request for a key, wherein the request comprises a first identifier and a validity period;
  
  receiving, by the first application, a key corresponding to the request from the key server;
  
  by the first application, generating an index value corresponding to the validity period, encrypting the credit card number using the key, and generating a ciphertext using the encrypted credit card number and the index value;
  
  transmitting, by the first application, the ciphertext to a second application on second computing equipment;
  
  by the second application, extracting the encrypted credit card number and the index value from the ciphertext and retrieving the validity period using the extracted index value;
  
  transmitting, by the second application, a second identifier and the validity period to the key server over the communication network, wherein the second identifier is equivalent to the first identifier;
  
  receiving, by the second application, the key corresponding to the second identifier and the validity period; and
  
  decrypting, by the second application, the encrypted credit card number using the received key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method defined in claim 1, further comprising:
    - by the first application, removing a checksum digit from the credit card number;
      
      using an encryption engine implemented on the first computing equipment, encrypting the credit card number from which the checksum digit was removed;
      
      by the first application, computing a new valid checksum for the encrypted version; and
      
      by the first application, embedding a key selector into a checksum digit by combining the new valid checksum and the key selector.
  - 3. The method defined in claim 2, wherein embedding the key selector into the checksum digit comprises adding the index value to the new valid checksum.
  - 4. The method defined in claim 2, wherein encrypting the credit card number from which the checksum digit was removed comprises:
    - encrypting each digit of the credit card number from which the checksum digit was removed.
  - 5. The method defined in claim 4, wherein encrypting each digit of the credit card number from which the checksum digit was removed comprises:
    - encrypting fifteen digits of the credit card number.
  - 6. The method defined in claim 1, wherein encrypting the credit card number comprises encrypting the credit card number using a format-preserving encryption algorithm.
  - 7. The method defined in claim 1, wherein obtaining the credit card number from the another application comprises obtaining the credit card number from a database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
entIT Software LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Spies, Terence, Pauker, Matthew J.
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Castilho, Eduardo

Application Number

US14/094,354
Publication Number

US 20140089203A1
Time in Patent Office

736 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/083   involving central third par...

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3234   involving additional secure...

Format-preserving cryptographic systems

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Format-preserving cryptographic systems

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links