Variable-length cipher system and method

US 9,361,617 B2
Filed: 06/09/2009
Issued: 06/07/2016
Est. Priority Date: 06/17/2008
Status: Active Grant

First Claim

Patent Images

1. A method for deterministically encrypting a plaintext symbol set having a variable block size, the method comprising the steps of:

dividing the plaintext symbol set into first and second portions;

using a tweak to modify at least a portion of the plaintext symbol set to arrive at a data string;

applying a first encryption key to encrypt the data string and generate a second encryption key based upon the data string encrypted by the first encryption key;

computing a determined number of encryption rounds using the second encryption key to create an enciphered symbol set, wherein the encryption rounds comprise successive encryption and modulo combination of alternating portions of the symbol set utilizing a symbol set-associated modulo base by applying a tweakable, variable input length block cipher using the tweak, the tweak being based at least in part upon account information associated with a token; and

providing the enciphered symbol set, the form of the enciphered symbol set corresponding to the plaintext symbol set in accordance with the symbol set-associated modulo base.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for enciphering data are provided. In one embodiment, information is enciphered using a variable block length cipher that returns the encrypted symbol set in the same format as the plaintext symbol set. The cipher can be based on DES, AES or other block ciphers. In one example implementation a method for enciphering token information the invention provides for enciphering token information by constructing a tweak of a defined length using token information; converting the tweak to a bit string of a defined size to form a first parameter; converting a number of digits of plaintext to a byte string of a defined size to form a second parameter, wherein the number of digits converted varies; defining a data encryption standard key; applying the data encryption standard key to the first and second parameters; computing a specified number of encryption rounds; and receiving enciphered token information.

188 Citations

23 Claims

1. A method for deterministically encrypting a plaintext symbol set having a variable block size, the method comprising the steps of:
- dividing the plaintext symbol set into first and second portions;
  
  using a tweak to modify at least a portion of the plaintext symbol set to arrive at a data string;
  
  applying a first encryption key to encrypt the data string and generate a second encryption key based upon the data string encrypted by the first encryption key;
  
  computing a determined number of encryption rounds using the second encryption key to create an enciphered symbol set, wherein the encryption rounds comprise successive encryption and modulo combination of alternating portions of the symbol set utilizing a symbol set-associated modulo base by applying a tweakable, variable input length block cipher using the tweak, the tweak being based at least in part upon account information associated with a token; and
  
  providing the enciphered symbol set, the form of the enciphered symbol set corresponding to the plaintext symbol set in accordance with the symbol set-associated modulo base.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein computing a determined number of encryption rounds using the second encryption key comprises:
    - in a first encryption round encrypting the first portion of the symbol set using the second key and combining the encrypted first portion with the second portion of the symbol set using a modulo operation utilizing the symbol set-associated modulo base;
      
      in a second encryption round, encrypting the second portion of the symbol set using the second key and combining the encrypted second portion with the output of the first round using a modulo operation utilizing the symbol set-associated modulo base; and
      
      in a subsequent encryption round, encrypting the output of the previous round set using the second key and combining the encrypted output of the previous round with the output of a round prior to the previous round using a modulo operation utilizing the symbol set-associated modulo base; and
      
      providing the enciphered symbol set, the form of the enciphered symbol set corresponding to the plaintext symbol set in accordance with the symbol set-associated modulo base.
  - 3. The method of claim 1, wherein the step of applying the first key comprises:
    - defining first and second parameters based on the tweak; and
      
      encrypting a combination of the first and second parameters using the first key to generate the second key.
  - 4. The method of claim 3, wherein encrypting comprises encrypting a first parameter with the first key to obtain an encrypted first parameter, combining the encrypted first parameter with the second parameter and encrypting the combination of the encrypted first parameter and second parameter using the first encryption key.
  - 5. The method of claim 3, wherein encrypting comprises concatenating the first and second parameters and encrypting them with the first key.
  - 6. The method of claim 1, wherein the step of applying the first key comprises creating a first parameter using the tweak, and encrypting the first parameter with the first key using an AES encryption cipher.
  - 7. The method of claim 1, wherein the plaintext symbol set comprises token information.
  - 8. The method of claim 1, wherein the plaintext symbol set comprises bankcard track data in a standard bankcard track data format, and wherein the enciphered symbol set is provided in the same format as the plaintext bankcard track data.
  - 9. The method of claim 1, wherein the plaintext symbol set comprises bankcard track data comprised of symbols selected from the group consisting of decimal digits zero through nine, the modulo combination comprises modulo 10 addition or subtraction and the enciphered symbol set is comprised of symbols selected from the group consisting of decimal digits zero through nine.
  - 10. The method of claim 1, wherein the modulo combination comprises modulo 62 addition or subtraction to encipher a plaintext symbol set comprised of symbols selected from the group consisting of alphanumeric upper and lower case characters and decimal digits zero through nine and to output.
  - 11. The method of claim 1, wherein the tweak is at least one of variable length and concatenated.

12. A computer program product for deterministically encrypting a plaintext symbol set having a variable block size the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied in said medium, the computer-readable program code comprising instructions configured to cause the a processing device to perform the steps of:
- dividing the plaintext symbol set into first and second portions;
  
  using a tweak to modify at least a portion of the plaintext symbol set to arrive at a data string;
  
  applying a first encryption key to encrypt the data string and generate a second encryption key based upon the data string encrypted by the first encryption key;
  
  computing a determined number of encryption rounds using the second encryption key to create an enciphered symbol set, wherein the encryption rounds comprise successive encryption and modulo combination of alternating portions of the symbol set utilizing a symbol set-associated modulo base by applying a tweakable, variable input length block cipher using the tweak, the tweak being based at least in part upon account information associated with a token; and
  
  providing the enciphered symbol set, the form of the enciphered symbol set corresponding to the plaintext symbol set in accordance with the symbol set-associated modulo base.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer program product of claim 12, wherein computing a determined number of encryption rounds using the second encryption key comprises:
    - in a first encryption round encrypting the first portion of the symbol set using the second key and combining the encrypted first portion with the second portion of the symbol set using a modulo operation utilizing the symbol set-associated modulo base;
      
      in a second encryption round, encrypting the second portion of the symbol set using the second key and combining the encrypted second portion with the output of the first round using a modulo operation utilizing the symbol set-associated modulo base; and
      
      in a subsequent encryption round, encrypting the output of the previous round set using the second key and combining the encrypted output of the previous round with the output of a round prior to the previous round using a modulo operation utilizing the symbol set-associated modulo base; and
      
      providing enciphered symbol set, the form of the enciphered symbol set corresponding to the plaintext symbol set in accordance with the symbol set-associated modulo base.
  - 14. The computer program product of claim 12, wherein applying the first key comprises:
    - defining first and second parameters based on the tweak; and
      
      encrypting a combination of the first and second parameters using the first key to generate the second key.
  - 15. The computer program product of claim 14, wherein encrypting comprises encrypting a first parameter with the first key to obtain an encrypted first parameter, combining the encrypted first parameter with the second parameter and encrypting the combination of the encrypted first parameter and second parameter using the first encryption key.
  - 16. The computer program product of claim 14, wherein encrypting comprises concatenating the first and second parameters and encrypting them with the first key.
  - 17. The computer program product of claim 12, wherein applying the first key comprises creating a first parameter using the tweak, and encrypting the first parameter with the first key using an AES encryption cipher.
  - 18. The computer program product of claim 12, wherein the plaintext symbol set comprises token information.
  - 19. The computer program product of claim 12, wherein the plaintext symbol set comprises bankcard track data in a standard bankcard track data format, and wherein the enciphered symbol set is provided in the same format as the plaintext bankcard track data.
  - 20. The computer program product of claim 12, wherein the plaintext symbol set comprises bankcard track data comprised of symbols selected from the group consisting of decimal digits zero through nine, the modulo combination comprises modulo 10 addition or subtraction and the enciphered symbol set is comprised of symbols selected from the group consisting of decimal digits zero through nine.
  - 21. The computer program product of claim 12, wherein the modulo combination comprises modulo 62 addition or subtraction to encipher a plaintext symbol set comprised of symbols selected from the group consisting of alphanumeric upper and lower case characters and decimal digits zero through nine and to output.
  - 22. The computer program product of claim 12, wherein the tweak is at least one of variable length and concatenated.

23. A magnetic stripe reader, comprising:
- a magnetic read head proximate a card slot and configured to sense data magnetically encoded on the magnetic stripe of a bankcard and convert the data into an electronic signal;
  
  a signal detector configured to receive the electronic signal from the read head and to convert the electronic signal into a symbol set representing track data for the magnetic stripe reader; and
  
  an encryption module coupled to the signal detector and configured to deterministically encrypt the plaintext symbol set, wherein the encryption method comprises the steps of;
  
  dividing the plaintext symbol set into first and second portions;
  
  using a tweak to modify at least a portion of the plaintext symbol set to arrive at a data string;
  
  applying a first encryption key to encrypt the data string and generate a second encryption key based upon the data string encrypted by the first encryption key;
  
  computing a determined number of encryption rounds using the second encryption key to create an enciphered symbol set, wherein the encryption rounds comprise successive encryption and modulo combination of alternating portions of the symbol set utilizing a symbol set-associated modulo base by applying a tweakable, variable input length block cipher using the tweak, the tweak being based at least in part upon account information associated with a token; and
  
  providing the enciphered symbol set, the form of the enciphered symbol set corresponding to the plaintext symbol set in accordance with the symbol set-associated modulo base.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verifone, Inc. (Verifone Systems, Inc.)
Original Assignee
Verifone, Inc. (Verifone Systems, Inc.)
Inventors
von Mueller, Clay, Bellare, Mihir
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
NAJEE-ULLAH, TARIQ S

Application Number

US12/481,504
Publication Number

US 20090310778A1
Time in Patent Office

2,555 Days
Field of Search

380/28, 380/44
US Class Current

1/1
CPC Class Codes

G06Q 20/3823   combining multiple encrypti...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/12   Details relating to cryptog...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0625   with splitting of the data ...

Variable-length cipher system and method

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

188 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Variable-length cipher system and method

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

188 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links