SYSTEMS FOR STRUCTURED ENCRYPTION USING EMBEDDED INFORMATION IN DATA STRINGS

US 20130198525A1
Filed: 01/30/2012
Published: 08/01/2013
Est. Priority Date: 01/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting data entries in a data file using an encryption engine in a data processing system, comprising:

encrypting a first data entry in the data file using an encryption key; and

embedding information associated with the encryption key that was used to encrypt the first data entry in a second data entry in the data file.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Encryption and decryption engines may include embedded-format-preserving encryption and decryption engines. Embedded-format-preserving encryption engines may be used to encrypt data strings and embed information in data strings. Information corresponding to a format-preserving encryption operation of a data string may be embedded in an associated data string. The associated data string may be encrypted before or after embedding the information in the associated data string. The embedded information may include key management data that corresponds to a managed encryption key that was used to encrypt the data string.

Citations

24 Claims

1. A method for encrypting data entries in a data file using an encryption engine in a data processing system, comprising:
- encrypting a first data entry in the data file using an encryption key; and
  
  embedding information associated with the encryption key that was used to encrypt the first data entry in a second data entry in the data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method defined in claim 1 wherein the data file comprises a plurality of portions, wherein each portion includes a plurality of associated fields, and wherein the first data entry and second data entry are located in respective fields of a common one of the portions.
  - 3. The method defined in claim 2 wherein encrypting the first data entry using the encryption key comprises encrypting the first data entry using the encryption key by performing a format-preserving encryption operation using the encryption key.
  - 4. The method defined in claim 2, further comprising:
    - encrypting the second data entry, wherein embedding the information associated with the encryption key that was used to encrypt the first data entry in the second data entry comprises encoding a portion of the encrypted second data entry to include the information associated with the encryption key that was used to encrypt the first data entry and the portion of the encrypted second data entry.
  - 5. The method defined in claim 2 wherein embedding the information associated with the encryption key that was used to encrypt the first data entry in the second data entry comprises:
    - compressing the second data entry;
      
      encrypting the compressed second data entry; and
      
      combining the information associated with the encryption key that was used to encrypt the first data entry and the encrypted compressed second data entry.
  - 6. The method defined in claim 2 wherein embedding the information associated with the encryption key that was used to encrypt the first data entry in the second data entry comprises:
    - compressing the second data entry;
      
      combining the information associated with the encryption key that was used to encrypt the first data entry and the compressed second data entry to form an augmented data entry that includes the information associated with the encryption key and the compressed second data entry;
      
      encrypting the augmented data entry using an additional encryption key; and
      
      combining additional information associated with the additional encryption key with the encrypted augmented data entry.
  - 7. The method defined in claim 2 wherein the information associated with the encryption key includes a key version number for the encryption key.
  - 8. The method defined in claim 7 wherein the key version number corresponds to a time.
  - 9. The method defined in claim 7 wherein the key version number corresponds to a given encryption operation.
  - 10. The method defined in claim 2 wherein the first data entry includes a credit card number.
  - 11. The method defined in claim 10 wherein the second data entry comprises a customer name associated with the credit card number.
  - 12. The method defined in claim 2 wherein the first data entry includes a Social Security Number.
  - 13. The method defined in claim 2 wherein each of the portions comprises a row of a table and wherein the respective fields of the common one of the portions are located in a common one of the rows.
  - 14. The method defined in claim 2 wherein each of the portions comprises a logical element in an encoded document and wherein the respective fields of the common one of the portions are sub-elements of a common one of the logical elements.
  - 15. The method defined in claim 2 wherein each of the portions comprises a delimited object in a scripted document and wherein the respective fields of the common one of the portions are key-value pairs of a common one of the delimited objects.

16. A method for decrypting encrypted data entries in a data file using a decryption engine in a data processing system, comprising:
- obtaining a data entry that includes information associated with an encryption key and additional information;
  
  extracting the information associated with the encryption key from the data entry;
  
  obtaining an encrypted data entry associated with the additional information, wherein the encrypted data entry has been encrypted using the encryption key; and
  
  decrypting the encrypted data entry using the extracted information associated with the encryption key.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method defined in claim 16 wherein the data file comprises a plurality of portions, wherein each portion includes a plurality of associated fields and wherein the first data entry and second data entry are located in respective fields of a common one of the portions.
  - 18. The method defined in claim 17 wherein the information associated with the encryption key comprises a key version number for the encryption key and wherein decrypting the encrypted data entry using the extracted information associated with the encryption key comprises:
    - obtaining the encryption key using the key version number; and
      
      decrypting the encrypted data entry using the encryption key.
  - 19. The method defined in claim 17 wherein extracting the information associated with the encryption key comprises decoding a portion of the data entry that encodes both the information associated with the encryption key and a portion of the additional information.
  - 20. The method defined in claim 17 wherein the data entry comprises an encrypted portion and an unencrypted portion and wherein extracting the information associated with the encryption key comprises selecting the unencrypted portion of the data entry.
  - 21. The method defined in claim 17 wherein the additional information comprises an encrypted portion of the data entry and wherein extracting the information associated with the managed encryption key comprises:
    - selecting an unencrypted portion of the data entry;
      
      decrypting the encrypted portion of the data entry using the selected unencrypted portion of the data entry; and
      
      extracting the information associated with the encryption key from the decrypted portion of the data entry.
  - 22. The method defined in claim 17 wherein the additional information comprises an encrypted portion of the data entry, the method further comprising:
    - decrypting the encrypted portion of the data entry.

23. A method for securely storing a data string in a database implemented using computing equipment, comprising:
- encrypting the data string using a format-preserving encryption engine and an encryption key;
  
  embedding key management data associated with the encryption key in an additional data string; and
  
  storing the encrypted data string and the additional data string that includes the embedded key management data in associated fields of the database.
- View Dependent Claims (24)
- - 24. The method of claim 23, further comprising encrypting at least a portion of the additional data string.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Iii, Philip Hillyer Smith
Inventors
Spies, Terence, Smith, Philip Hillyer III

Granted Patent

US 8,949,625 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/6227 where protection concerns t...

SYSTEMS FOR STRUCTURED ENCRYPTION USING EMBEDDED INFORMATION IN DATA STRINGS

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS FOR STRUCTURED ENCRYPTION USING EMBEDDED INFORMATION IN DATA STRINGS

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links