US2016247150A1PendingUtilityA1

Format-preserving cryptographic systems

Assignee: VOLTAGE SECURITY LLCPriority: Jan 16, 2007Filed: Jan 11, 2016Published: Aug 25, 2016
Est. expiryJan 16, 2027(~0.5 yrs left)· nominal 20-yr term from priority
H04L 9/083H04L 9/0618G06F 21/602H04L 9/0869H04L 9/0625H04L 9/321G06F 21/6245G06F 21/6227G06Q 20/3829H04L 9/0866G06Q 20/3823G06F 21/6209H04L 9/3234G06Q 2220/00H04L 9/0816H04L 9/0891G06F 11/3698G06Q 20/401
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for testing applications that access a test database in a test environment before using the applications to access a production database in a production environment, the method comprising:
 at computing equipment, generating encrypted data by encrypting sensitive data in the production database using a format-preserving encryption algorithm;   with the computing equipment, exporting the encrypted data from the production database to the test database; and   at the computing equipment, testing the applications by using the applications in the test environment to access the encrypted data in the test database, wherein encrypting the sensitive data in the production database comprises encrypting credit card numbers in the production database using the format-preserving encryption algorithm, wherein encrypting the credit card numbers in the production database comprises:
 obtaining an unencrypted credit card number at the production database; and 
 removing only a checksum digit from the unencrypted credit card number. 
   
     
     
         2 . The method defined in  claim 1 , wherein encrypting the credit card numbers in the production database using the format-preserving encryption algorithm further comprises:
 obtaining a cryptographic key; and   with an encryption engine implemented on computing equipment, encrypting the unencrypted credit card number from which the checksum digit was removed using the cryptographic key to produce an encrypted version of the unencrypted credit card number from which the checksum digit was removed.   
     
     
         3 . The method defined in  claim 2 , wherein encrypting the credit card numbers in the production database further comprises:
 computing a new valid checksum for the encrypted version.   
     
     
         4 . The method defined in  claim 3 , wherein encrypting the credit card numbers in the production database further comprises:
 embedding a key selector into a new checksum digit by combining the new valid checksum and the key selector.   
     
     
         5 . The method defined in  claim 4 , wherein encrypting the credit card numbers in the production database further comprises:
 adding the new checksum digit to the encrypted version to produce ciphertext corresponding to the unencrypted credit card number.   
     
     
         6 . The method defined in  claim 1 , wherein the production database includes unsensitive data that is less sensitive than the sensitive data, the method further comprising:
 with the computing equipment, exporting the unsensitive data from the production database to the test database without encrypting the unsensitive data.   
     
     
         7 . The method defined in  claim 6 , wherein encrypting the sensitive data in the production database comprises encrypting credit card numbers in the production database using the format-preserving encryption algorithm. 
     
     
         8 . The method defined in  claim 7 , wherein testing the applications comprises accessing the encrypted data in the test database without decrypting the encrypted data. 
     
     
         9 . The method defined in  claim 1 , wherein testing the applications comprises accessing the encrypted data in the test database without decrypting the encrypted data.

Join the waitlist — get patent alerts

Track US2016247150A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.