Format preserving encryption methods for data strings with constraints
First Claim
1. A method for performing cryptographic operations at computing equipment, comprising:
- with the computing equipment, obtaining a plaintext version of a string of characters that have a given format;
computing a checksum value string for the plaintext version of the string of characters; and
with the computing equipment, repeatedly applying a format preserving encryption algorithm to the string of characters until an encrypted version of the string of characters is produced that complies with the given format and has a checksum value string that matches the checksum value string that was computed for the plaintext version of the string of characters.
6 Assignments
0 Petitions
Accused Products
Abstract
Format preserving encryption (FPE) cryptographic engines are provided for performing encryption and decryption on strings. A plaintext string may be converted to ciphertext by repeated application of a format preserving encryption cryptographic algorithm. Following each application of the format preserving cryptographic algorithm, the resulting version of the string may be analyzed to determine whether desired string constraints have been satisfied. If the string constraints have not been satisfied, further applications of the format preserving cryptographic algorithm may be performed. If the string constraints have been satisfied, the current version of the string may be used as an output for the cryptographic engine.
29 Citations
11 Claims
-
1. A method for performing cryptographic operations at computing equipment, comprising:
-
with the computing equipment, obtaining a plaintext version of a string of characters that have a given format; computing a checksum value string for the plaintext version of the string of characters; and with the computing equipment, repeatedly applying a format preserving encryption algorithm to the string of characters until an encrypted version of the string of characters is produced that complies with the given format and has a checksum value string that matches the checksum value string that was computed for the plaintext version of the string of characters. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for decrypting a string of characters of ciphertext that has a checksum value string computed from the ciphertext and that complies with a given format by containing characters that have values selected from at least one set of valid character values, the method comprising:
-
applying a format preserving encryption (FPE) cryptographic algorithm to the string of characters multiple times with computing equipment to produce plaintext corresponding to the ciphertext, wherein each time the FPE cryptographic algorithm is applied to the string of characters, the string of characters is altered while continuing to comply with the given format; and after each application of the FPE cryptographic algorithm, using a decryption engine implemented on the computing equipment to determine whether the string of characters has a checksum value string that is equal to the checksum value string computed from the ciphertext. - View Dependent Claims (9, 10, 11)
-
Specification
-
- Resources
-
Current AssigneeentIT Software LLC (Open Text Corporation)
-
Original AssigneeVoltage Security Incorporated (HP Inc.)
-
InventorsMartin, Luther W., Spies, Terence, Pauker, Matthew J.
-
Primary Examiner(s)Shepperd, Eric W
-
Application NumberUS14/598,536Publication NumberTime in Patent Office662 DaysField of SearchUS Class Current1/1CPC Class CodesG06F 21/602 Providing cryptographic fac...H03M 13/096 ChecksumsH04L 2209/24 Key scheduling, i.e. genera...H04L 2209/56 Financial cryptography, e.g...H04L 9/0618 Block ciphers, i.e. encrypt...H04L 9/0643 Hash functions, e.g. MD5, S...
