User-specific watermark for maintaining security of data files
US-12153654-B2 · Nov 26, 2024 · US
Format-preserving cryptographic systems
US11488134B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11488134-B2 |
| Application number | US-201213517513-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 13, 2012 |
| Priority date | May 2, 2008 |
| Publication date | Nov 1, 2022 |
| Grant date | Nov 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Format-preserving encryption and decryption processes are provided. The encryption and decryption processes may use a block cipher. A string that is to be encrypted or decrypted may be converted to a unique binary value. The block cipher may operate on the binary value. If the output of the block cipher that is produced is not representative of a string that is in the same format as the original string, the block cipher may be applied again. The block cipher may be repeatedly applied in this way during format-preserving encryption operations and during format-preserving decryption operations until a format-compliant output is produced. Selective access may be provided to portions of a string that have been encrypted using format-preserving encryption.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for performing payment card string encryption at computing equipment, the method comprising: obtaining, by an encryption engine on the computing equipment, an unencrypted payment card string in a payment card string format, the Payment card string format comprising a total number of digs that can be included in valid unencrypted payment card strings; encoding, by the encryption engine, the unencrypted payment card string using an index mapping to generate an encoded value; applying, by the encryption engine, a block cipher to the encoded value to generate a first block cipher output, wherein the first block cipher output is a first encrypted version of the encoded value; determining, by the encryption engine, that the first block cipher output does not match the payment card string format of the unencrypted payment card string; and in response to determining that the first block cipher output does not match the payment card string format of the unencrypted payment card string, applying, by the encryption engine, the block cipher to the first block cipher output to generate a second block cipher output, wherein the second block cipher output is a second encrypted version of the encoded value. 2. The method defined in claim 1 , wherein the payment card string format comprises a payment card number format and wherein obtaining the unencrypted payment card string comprises obtaining an unencrypted payment card number. 3. The method defined in claim 1 further comprising: determining the second block cipher output matches the payment card string format of the unencrypted payment card string; and in response to determining the second block cipher output matches the payment card string format of the unencrypted payment card string, processing the second block cipher output to generate an encrypted version of the unencrypted payment card string. 4. The method defined in claim 3 , wherein processing the second block cipher output comprises using the index mapping to generate the encrypted version of the unencrypted payment card string. 5. The method defined in claim 3 , wherein the encrypted version of the unencrypted payment card string has the payment card string format of the unencrypted payment card string. 6. The method defined in claim 3 , wherein processing the second block cipher output comprises restoring removed string elements to the encrypted version of the unencrypted payment card string. 7. The method defined in claim 3 , further comprising: transmitting, using the computing equipment, the encrypted version of the unencrypted payment card string to external equipment over a communications network while preventing unauthorized access to the unencrypted payment card string over the communications network, wherein applications at the external equipment process data of the payment card string format. 8. The method defined in claim 1 , wherein the payment card string format comprises a credit card number format and wherein obtaining the unencrypted payment card string comprises obtaining an unencrypted credit card number. 9. The method defined in claim 1 , wherein the payment card string format comprises a bank account number format and wherein obtaining the unencrypted payment card string comprises obtaining an unencrypted bank account number. 10. A method for performing payment card string decryption at computing equipment, the method comprising: obtaining, by a decryption engine on computing equipment, an encrypted payment card string in a payment card string format, the payment card string format comprising a total number of digits that can be included in valid unencrypted payment card strings; encoding, using the decryption engine on the computing equipment, the encrypted payment card string to generate an encoded value; applying, by the decryption engine, a block cipher to the encoded value to generate a first block cipher output, wherein the first block cipher output is a first decrypted version of the encoded value; determining, by an encryption engine, that the first block cipher output does not match the payment card string format of the encrypted payment card string; and in response to determining that the first block cipher output does not match the payment card string format of the encrypted payment card string, applying, by the decryption engine, the block cipher to the first block cipher output to generate a second block cipher output, wherein the second block cipher output is a second decrypted version of the encoded value. 11. The method defined in claim 10 , wherein the payment card string format comprises a payment card number format and wherein obtaining the encrypted payment card string comprises obtaining an encrypted payment card number. 12. The method defined in claim 10 , further comprising: determining the second block cipher output matches the payment card string format of the encrypted payment card string; and in response to determining the second block cipher output matches the payment card string format of the encrypted payment card string, processing the second block cipher output to generate a decrypted version of the encrypted payment card string. 13. The method defined in claim 10 wherein encoding the encrypted payment card string comprises converting the encrypted payment card string to numeric values and multiplying the numeric values by coefficients. 14. The method defined in claim 10 , wherein encoding the encrypted payment card string comprises using an index mapping to generate the encoded value. 15. The method defined in claim 14 , further comprising processing the second block cipher output using the index mapping to generate a decrypted version of the encrypted payment card string. 16. A method for performing payment card string encryption operations at computing equipment, the method comprising: obtaining, by an encryption engine on the computing equipment, an unencrypted payment card string in a payment card string format, the payment card string format comprising a total number of digs that can be included in valid unencrypted payment card strings; encoding, by the encryption engine, the unencrypted payment card string to generate an encoded value; applying, by the encryption engine, a block cipher to the encoded value to generate a first block cipher output; determining, by the encryption engine, that the first block cipher output is not compliant with the payment card string format of the unencrypted payment card string; in response to determining that the first block cipher output is not compliant with the payment card string format of the unencrypted payment card string, applying, by the encryption engine, the block cipher to the first block cipher output to generate a second block cipher output; determining, by the encryption engine, that the second block cipher output is compliant with the payment card string format of the unencrypted payment card string; in response to determining that the second block cipher output is compliant with the payment card string format of the unencrypted payment card string, processing, using the encryption engine, the second block cipher output to generate an encrypted version of the unencrypted payment card string; and transmitting, using the computing equipment, the encrypted version of the unencrypted payment card string to external equipment over a communications network. 17. The method defined in claim 16 , wherein encoding the unencrypted payment card string comprises using an index mapping to generate the encoded value, and wherein pro
Assignees
Inventors
Classifications
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
Encoding or coding, e.g. Huffman coding or error correction · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11488134B2 cover?
- Format-preserving encryption and decryption processes are provided. The encryption and decryption processes may use a block cipher. A string that is to be encrypted or decrypted may be converted to a unique binary value. The block cipher may operate on the binary value. If the output of the block cipher that is produced is not representative of a string that is in the same format as the origina…
- Who is the assignee on this patent?
- Pauker Matthew J, Spies Terence, Micro Focus Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6209. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).