FORMAT PRESERVING ENCRYPTION SYSTEMS FOR DATA STRINGS WITH CONSTRAINTS
First Claim
1. A method for performing cryptographic operations at computing equipment, comprising:
- with the computing equipment, obtaining a plaintext version of a string of characters that have a given format;
computing a checksum value for the plaintext version of the string; and
with the computing equipment, repeatedly applying a format preserving encryption algorithm to the string until an encrypted version of the string is produced that complies with the given format and has a checksum value that matches the checksum value that was computed for the plaintext version of the string.
6 Assignments
0 Petitions
Accused Products
Abstract
Format preserving encryption (FPE) cryptographic engines are provided for performing encryption and decryption on strings. A plaintext string may be converted to ciphertext by repeated application of a format preserving encryption cryptographic algorithm. Following each application of the format preserving cryptographic algorithm, the resulting version of the string may be analyzed to determine whether desired string constraints have been satisfied. If the string constraints have not been satisfied, further applications of the format preserving cryptographic algorithm may be performed. If the string constraints have been satisfied, the current version of the string may be used as an output for the cryptographic engine.
20 Citations
19 Claims
-
1. A method for performing cryptographic operations at computing equipment, comprising:
-
with the computing equipment, obtaining a plaintext version of a string of characters that have a given format; computing a checksum value for the plaintext version of the string; and with the computing equipment, repeatedly applying a format preserving encryption algorithm to the string until an encrypted version of the string is produced that complies with the given format and has a checksum value that matches the checksum value that was computed for the plaintext version of the string. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for decrypting a string of ciphertext that complies with a given format by containing characters that have values selected from at least one set of valid character values, the method comprising:
-
applying a format preserving encryption (FPE) cryptographic algorithm to the string multiple times with computing equipment to produce plaintext corresponding to the ciphertext, wherein each time the FPE cryptographic algorithm is applied to the string, the string is altered while continuing to comply with the given format; and after each application of the FPE cryptographic algorithm, using a decryption engine implemented on the computing equipment to determine whether the string satisfies string constraints. - View Dependent Claims (9, 10, 11)
-
-
12. A method for performing cryptographic operations using computing equipment, comprising:
-
with the computing equipment, obtaining a plaintext version of a string of characters that have a given format; with the computing equipment, applying a format preserving encryption algorithm to the string to produce an encrypted version of the string that complies with the given format; with the computing equipment, determining whether the encrypted version of the string to which the format preserving encryption algorithm has been applied satisfies given string constraints; and when the encrypted version of the string is determined to satisfy the given string constraints, halting further application of the format preserving encryption algorithm with the computing equipment and using the encrypted string as ciphertext corresponding to the plaintext version of the string; and when the encrypted version of the string is determined to not satisfy the given string constraints, applying the format preserving encryption algorithm to the encrypted version of the string with the computing equipment at least one additional time to alter the encrypted version of the string until the encrypted version of the string satisfies the given string constraints and serves as ciphertext corresponding to the plaintext version of the string. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification