-
1.发明授权公开(公告)号:US09773243B1
公开(公告)日:2017-09-26
申请号:US13397639
申请日:2012-02-15
申请人: Terence Spies
发明人: Terence Spies
IPC分类号: G06Q20/38
CPC分类号: G06Q20/3823 , G06Q20/027 , G06Q20/204 , G06Q20/3674 , G06Q20/40975 , G07F7/1016
摘要: A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment gateway that processes the track data to authorize purchase transactions. Discretionary data in a discretionary field of the track data may be compressed to create space that may be used to accommodate additional security data. The sensitive information may be moved to the discretionary field. The compressed discretionary data and the sensitive information may be encrypted using a structure preserving encryption algorithm and a managed encryption key. The managed encryption key or other additional security data may be added the discretionary field. Track data that has been modified in this way may be conveyed to the payment gateway for processing. The payment gateway may extract the key management data, decrypt the encrypted data, and reconstruct the original track data by decompressing the discretionary data and replacing the sensitive track data.
-
公开(公告)号:US09355389B2
公开(公告)日:2016-05-31
申请号:US13298708
申请日:2011-11-17
申请人: Matthew J. Pauker , Terence Spies
发明人: Matthew J. Pauker , Terence Spies
IPC分类号: H04L29/06 , H04L9/32 , G06F21/00 , G06Q20/02 , G06Q20/08 , G06Q20/12 , G06Q20/38 , G06F21/62
CPC分类号: G06Q20/02 , G06F21/6263 , G06Q20/085 , G06Q20/0855 , G06Q20/12 , G06Q20/3823 , G06Q20/3829
摘要: Online ordering systems allow a user to submit sensitive information such as payment card information to a merchant in encrypted form. A payment card processor server may be used to provide the user's web browser with code for an encryption function, a cryptographic key, and a key identifier. The web browser may encrypt the payment card information by executing the encryption function and using the key. The encrypted payment card information may be supplied to the merchant over the internet. A key identifier that identifies which cryptographic key was used in encrypting the payment card information may be provided to the merchant without providing the merchant with access to the key. The merchant can forward the encrypted payment card information to the credit card processor server with the key identifier. The processor server can use the key identifier to obtain the key and decrypt the payment card information for authorization.
摘要翻译: 在线订购系统允许用户以加密形式向商家提交诸如支付卡信息的敏感信息。 支付卡处理器服务器可以用于向用户的web浏览器提供用于加密功能,加密密钥和密钥标识符的代码。 网络浏览器可以通过执行加密功能并使用密钥来加密支付卡信息。 加密的支付卡信息可以通过互联网提供给商家。 识别哪个加密密钥用于加密支付卡信息的密钥标识符可以被提供给商家,而不必向商家提供对密钥的访问。 商家可以使用密钥标识符将加密的支付卡信息转发到信用卡处理器服务器。 处理器服务器可以使用密钥标识符来获取密钥并解密支付卡信息以进行授权。
-
公开(公告)号:US08958562B2
公开(公告)日:2015-02-17
申请号:US11654054
申请日:2007-01-16
申请人: Terence Spies , Matthew J. Pauker
发明人: Terence Spies , Matthew J. Pauker
CPC分类号: G06Q20/3823 , G06F21/602 , G06F21/6209 , G06F21/6227 , G06F21/6245 , G06Q20/3829 , G06Q20/401 , G06Q2220/00 , H04L9/0618 , H04L9/083 , H04L9/0866 , H04L9/0869 , H04L9/0891 , H04L9/321 , H04L9/3234
摘要: Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.
摘要翻译: 数据处理系统中的关键请求可以包括诸如用户名,策略名称和应用名称之类的标识符。 标识符还可以包括指示何时对应的密钥有效的有效期信息。 当密钥请求完成时,密钥服务器可以使用来自密钥请求的标识符信息来确定应用哪些密钥访问策略,并且可以在确定是否已经满足适用的策略时使用该标识符。 当密钥请求被授权时,密钥服务器可以通过将单向函数应用于根秘密和标识符来生成密钥。 由解密引擎使用的有效期信息可以嵌入在包括冗余信息的数据项中。 通过使用格式保留加密算法加密的数据填充测试数据库可以促进应用程序测试。 可以基于它们的灵敏度来选择性地加密数据串的部分。
-
公开(公告)号:US20130339252A1
公开(公告)日:2013-12-19
申请号:US13517513
申请日:2012-06-13
申请人: Matthew J. Pauker , Terence Spies
发明人: Matthew J. Pauker , Terence Spies
CPC分类号: G06F21/6209 , H04L9/0625 , H04L9/088 , H04L9/3213 , H04L9/3226 , H04L9/3239 , H04L2209/24 , H04L2209/34 , H04L2209/56
摘要: Format-preserving encryption and decryption processes are provided. The encryption and decryption processes may use a block cipher. A string that is to be encrypted or decrypted may be converted to a unique binary value. The block cipher may operate on the binary value. If the output of the block cipher that is produced is not representative of a string that is in the same format as the original string, the block cipher may be applied again. The block cipher may be repeatedly applied in this way during format-preserving encryption operations and during format-preserving decryption operations until a format-compliant output is produced. Selective access may be provided to portions of a string that have been encrypted using format-preserving encryption.
摘要翻译: 提供格式保存加密和解密过程。 加密和解密过程可以使用分组密码。 要加密或解密的字符串可以转换为唯一的二进制值。 块密码可以对二进制值进行操作。 如果产生的块密码的输出不代表与原始字符串相同格式的字符串,则可以再次应用块密码。 在格式保存加密操作期间和在格式保存解密操作期间,可以以这种方式重复应用块密码,直到产生符合格式的输出。 可以向使用格式保存加密加密的字符串的部分提供选择性访问。
-
公开(公告)号:US08595850B2
公开(公告)日:2013-11-26
申请号:US13364288
申请日:2012-02-01
申请人: Terence Spies , Richard T. Minner
发明人: Terence Spies , Richard T. Minner
CPC分类号: G06Q99/00 , H04L9/0625 , H04L9/0897
摘要: A token generating organization may include distributed tokenization systems for generating tokens corresponding to sensitive information. Sensitive information may include sensitive numbers such as social security numbers, credit card numbers or other private numbers. A tokenization system may include multiple physically distinct hardware platforms each having a tokenization server and a database. A tokenization server may run portions of a sensitive number through a predetermined number of rounds of a Feistel network. Each round of the Feistel network may include tokenizing portions of the sensitive number using a fractional token table stored an associated database and modifying the tokenized portions by reversibly adding portions of the sensitive number to the tokenized portions. The fractional token table may include partial sensitive numbers and corresponding partial tokens. A sensitive-information-recovery request including the token may be directed to the token generating organization from the token requestor to recover sensitive information.
摘要翻译: 令牌生成组织可以包括用于生成对应于敏感信息的令牌的分布式标记化系统。 敏感信息可能包括敏感数字,如社会保险号码,信用卡号码或其他私人号码。 令牌化系统可以包括多个物理上不同的硬件平台,每个具有标记服务器和数据库。 令牌化服务器可以通过Feistel网络的预定数量的轮次运行敏感号码的部分。 Feistel网络的每轮可以使用存储相关联的数据库的分数令牌表来包含敏感数字的令牌化部分,并且通过将敏感数字的部分可逆地添加到标记化部分来修改令牌化部分。 分数令牌表可以包括部分敏感数字和相应的部分令牌。 包括令牌的敏感信息恢复请求可以从令牌请求者被引导到令牌生成组织以恢复敏感信息。
-
公开(公告)号:US20120317036A1
公开(公告)日:2012-12-13
申请号:US13155156
申请日:2011-06-07
申请人: Mark F. Bower , Matthew J. Pauker , Terence Spies
发明人: Mark F. Bower , Matthew J. Pauker , Terence Spies
CPC分类号: G06Q20/02 , G06Q20/20 , G06Q20/385 , G06Q20/40
摘要: A customer may provide a merchant with primary account number information in connection with a purchase transaction. The merchant may send an associated authorization request to a payment card processor. A tokenization server at the payment card processor may generate a token corresponding to the primary account number. To secure the token, the token may be encrypted at the payment card processor using a cryptographic key shared with the merchant. A structure preserving encryption algorithm may be used in encrypting the token. A processor identifier may be embedded in the encrypted version of the token during the structure preserving encryption operation. The merchant can use the shared key to decrypt the token and extract the processor identifier. A settlement request may be directed to the processor from the merchant to settle the transaction using the processor identifier.
摘要翻译: 客户可以向商家提供与购买交易相关的主要帐号信息。 商家可以向支付卡处理器发送相关的授权请求。 支付卡处理器上的标记服务器可以生成与主帐号对应的令牌。 为了保护令牌,令牌可以使用与商家共享的加密密钥在支付卡处理器处加密。 可以使用保存加密算法的结构来加密令牌。 在结构保存加密操作期间,可以将处理器标识符嵌入到令牌的加密版本中。 商家可以使用共享密钥来解密令牌并提取处理器标识符。 结算请求可以从商家被引导到处理器,以使用处理器标识符来结算交易。
-
公开(公告)号:US08145718B1
公开(公告)日:2012-03-27
申请号:US11581056
申请日:2006-10-13
IPC分类号: H04L9/00
CPC分类号: H04L9/0847 , H04L9/3236 , H04L51/08 , H04L63/0428 , H04L63/062 , H04L63/126 , H04L63/1416 , H04L2209/76
摘要: Personalization images are included in email messages to combat phishing attacks in which an attacker attempts to trick a user into divulging sensitive information over the Internet. When a recipient of an email message receives a message, the recipient can visually inspect the personalization image in the message. If the personalization image is missing or if the personalization image is not valid, the email recipient is alerted to the possibility of a phishing attack. Email message content may be encrypted. A gateway associated with an email message sender may be used to perform encryption operations on the message content. The gateway may create an html version of the email by placing the encrypted message content in an html wrapper. An image reference corresponding to the personalization image may be embedded in the html version of the message.
摘要翻译: 个性化图像包含在电子邮件消息中,以防止攻击者试图欺骗用户通过Internet泄露敏感信息的网络钓鱼攻击。 当电子邮件消息的收件人收到消息时,收件人可以直观地检查消息中的个性化图像。 如果个性化图像丢失或个人化图像无效,电子邮件收件人将被警告可能发生网络钓鱼攻击。 电子邮件内容可能被加密。 与电子邮件消息发送者相关联的网关可以用于对消息内容执行加密操作。 网关可以通过将加密的消息内容放置在html包装器中来创建电子邮件的html版本。 对应于个性化图像的图像引用可以嵌入在消息的html版本中。
-
公开(公告)号:US20110246315A1
公开(公告)日:2011-10-06
申请号:US13078822
申请日:2011-04-01
CPC分类号: G06Q20/409 , G06Q20/20 , G06Q20/3823 , G07F7/1016 , G07F7/1091
摘要: A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment card gateway that processes the track data to authorize purchase transactions. The point-of-sale system may remove sensitive data such as a portion of a primary account number from the track data and may compress the removed data. The compressed version of the data may be appended to a discretionary field in the track data. The discretionary field may be encrypted following insertion of the compressed data. Track data that has been modified in this way may be conveyed to the payment gateway for processing.
摘要翻译: 系统可以包括从支付卡收集支付卡跟踪数据的点销售系统和处理跟踪数据以授权购买交易的支付卡网关。 销售点系统可以从轨道数据中删除敏感数据,例如主帐号的一部分,并且可以压缩所移除的数据。 数据的压缩版本可以附加到轨道数据中的任意字段。 插入压缩数据之后,可以对自由字段进行加密。 以这种方式修改的跟踪数据可以传送到支付网关进行处理。
-
9.发明申请公开(公告)号:US20110103579A1
公开(公告)日:2011-05-05
申请号:US12610221
申请日:2009-10-30
CPC分类号: G06F21/602 , H03M13/096 , H04L9/0618 , H04L9/0643 , H04L2209/24 , H04L2209/56
摘要: Format preserving encryption (FPE) cryptographic engines are provided for performing encryption and decryption on strings. A plaintext string may be converted to ciphertext by repeated application of a format preserving encryption cryptographic algorithm. Following each application of the format preserving cryptographic algorithm, the resulting version of the string may be analyzed to determine whether desired string constraints have been satisfied. If the string constraints have not been satisfied, further applications of the format preserving cryptographic algorithm may be performed. If the string constraints have been satisfied, the current version of the string may be used as an output for the cryptographic engine.
摘要翻译: 提供格式保留加密(FPE)加密引擎,用于对字符串执行加密和解密。 可以通过重复应用格式保存加密密码算法将明文字符串转换为密文。 在每次应用格式保留加密算法之后,可以分析所得到的字符串版本,以确定是否满足期望的字符串约束。 如果字符串约束尚未得到满足,则可以执行格式保留加密算法的进一步应用。 如果字符串约束得到满足,则当前版本的字符串可能被用作加密引擎的输出。
-
公开(公告)号:US07921292B1
公开(公告)日:2011-04-05
申请号:US10406938
申请日:2003-04-04
IPC分类号: H04L9/32
CPC分类号: H04L9/083 , H04L9/3073 , H04L9/321 , H04L2209/60
摘要: A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.
摘要翻译: 提供了一种使用加密技术来支持发件人和收件人之间的安全通讯的系统。 发件人可以使用收件人的公开密钥对收件人的邮件进行加密。 发送者可以将加密的消息发送到给定接收者的消息地址。 可以使用服务器对接收者的加密消息进行解密,使得接收者不需要在接收者的设备上安装解密引擎。
-
-
-
-
-
-
-
-
-
搜索结果
71 条记录 (耗时 0.028 秒)
