Format-preserving cryptographic systems

    公开(公告)号:US11488134B2

    公开(公告)日:2022-11-01

    申请号:US13517513

    申请日:2012-06-13

    摘要: Format-preserving encryption and decryption processes are provided. The encryption and decryption processes may use a block cipher. A string that is to be encrypted or decrypted may be converted to a unique binary value. The block cipher may operate on the binary value. If the output of the block cipher that is produced is not representative of a string that is in the same format as the original string, the block cipher may be applied again. The block cipher may be repeatedly applied in this way during format-preserving encryption operations and during format-preserving decryption operations until a format-compliant output is produced. Selective access may be provided to portions of a string that have been encrypted using format-preserving encryption.

    Secure messaging systems
    2.
    发明授权
    Secure messaging systems 有权
    安全通讯系统

    公开(公告)号:US08301889B1

    公开(公告)日:2012-10-30

    申请号:US13040050

    申请日:2011-03-03

    IPC分类号: H04L9/32

    摘要: A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.

    摘要翻译: 提供了一种使用加密技术来支持发件人和收件人之间的安全通讯的系统。 发件人可以使用收件人的公开密钥对收件人的邮件进行加密。 发送者可以将加密的消息发送到给定接收者的消息地址。 可以使用服务器对接收者的加密消息进行解密,使得接收者不需要在接收者的设备上安装解密引擎。

    Identity-based-encryption messaging system
    3.
    发明授权
    Identity-based-encryption messaging system 有权
    基于身份的加密消息系统

    公开(公告)号:US08086857B2

    公开(公告)日:2011-12-27

    申请号:US12511811

    申请日:2009-07-29

    IPC分类号: H04L9/32

    摘要: A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.

    摘要翻译: 提供了一种使用基于身份的加密来支持发送者和通过通信网络的接收者之间的安全通信的系统。 私钥生成器用于提供公共参数信息。 发件人使用基于收件人身份的公开密钥对收件人加密邮件,并使用公共参数信息作为基于身份的加密算法的输入。 收件人使用私钥来解密消息。 系统中可能有多个私钥生成器,给定的收件人可能有多个私钥。 发件人可以在发送给收件人的邮件中包含私钥识别信息。 私钥识别信息可以由接收者使用以确定在解密消息时要使用哪个私钥。 收件人可以获得正确的私钥以用于从本地私钥数据库或从适当的私钥服务器解密消息。

    PURCHASE TRANSACTION SYSTEM WITH ENCRYPTED PAYMENT CARD DATA
    4.
    发明申请
    PURCHASE TRANSACTION SYSTEM WITH ENCRYPTED PAYMENT CARD DATA 有权
    采购交易系统具有加密付款卡数据

    公开(公告)号:US20110137802A1

    公开(公告)日:2011-06-09

    申请号:US12791593

    申请日:2010-06-01

    IPC分类号: G06Q20/00

    摘要: Systems and methods are provided for securing payment card information. A user may present a payment card such as a credit card to point-of-sale equipment. The point-of-sale equipment may encrypt the payment card information. An encryption algorithm may be used that takes as inputs a first part of the payment card information, a tweak formed by a second part of the payment card information, and an encryption key. The encrypted payment card information may be conveyed to a gateway over a communications network. The gateway may identify which encryption algorithm was used in encrypting the payment card information and may re-encrypt the payment card information using a format preserving encryption algorithm. A network-based service may be used to remotely perform functions for the gateway.

    摘要翻译: 提供系统和方法来保护支付卡信息。 用户可以向销售点设备提供诸如信用卡的支付卡。 销售点设备可以加密支付卡信息。 可以使用加密算法,其将支付卡信息的第一部分,由支付卡信息的第二部分形成的调整和加密密钥用作输入。 加密的支付卡信息可以通过通信网络传送到网关。 网关可以识别在加密支付卡信息中使用哪种加密算法,并且可以使用格式保留加密算法来重新加密支付卡信息。 可以使用基于网络的服务来远程执行网关的功能。

    Data processing systems with format-preserving encryption and decryption engines
    5.
    发明授权
    Data processing systems with format-preserving encryption and decryption engines 有权
    具有格式保存加密和解密引擎的数据处理系统

    公开(公告)号:US07864952B2

    公开(公告)日:2011-01-04

    申请号:US11635756

    申请日:2006-12-06

    IPC分类号: H04K1/00 H04L9/00 H04L9/28

    摘要: A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format.

    摘要翻译: 提供了包括格式保存加密和解密引擎的数据处理系统。 包含字符的字符串具有指定的格式。 该格式为字符串中的每个字符位置定义一组合法的字符值。 在使用加密引擎的加密操作期间,处理字符串以除去无关的字符并使用索引对字符串进行编码。 处理的字符串使用格式保留块密码进行加密。 对块密码的输出进行后处理,以产生与原始未加密字符串相同的指定格式的加密字符串。 在解密操作期间,解密引擎使用相反的格式保留块密码将加密的字符串转换成具有相同格式的解密字符串。

    PURCHASE TRANSACTION SYSTEM WITH ENCRYPTED TRANSACTION INFORMATION
    6.
    发明申请
    PURCHASE TRANSACTION SYSTEM WITH ENCRYPTED TRANSACTION INFORMATION 有权
    采购交易信息采购交易系统

    公开(公告)号:US20100293099A1

    公开(公告)日:2010-11-18

    申请号:US12467188

    申请日:2009-05-15

    摘要: Systems and methods are provided for securing payment card information. A user may present a payment card such as a credit card to point-of-sale equipment. The point-of-sale equipment may use a symmetric key to encrypt payment card information associated with the payment card. The symmetric key may be encrypted at the point-of-sale equipment using the identity-based-encryption (IBE) public key of a purchase transaction processor to produce a key transfer block. The key transfer block and the encrypted payment card information may be conveyed from the point-of-sale equipment to the purchase transaction processor over a communications network. At the purchase transaction processor, an IBE private key may be used to recover the symmetric key from the key transfer block. The symmetric key can be used to decrypt the encrypted payment card information for processing and re-encryption using a key associated with the purchase transaction processor.

    摘要翻译: 提供系统和方法来保护支付卡信息。 用户可以向销售点设备提供诸如信用卡的支付卡。 销售点设备可以使用对称密钥来加密与支付卡相关联的支付卡信息。 可以使用购买交易处理器的基于身份的加密(IBE)公钥在销售点设备处对对称密钥进行加密以产生密钥传送块。 密钥传送块和加密的支付卡信息可以通过通信网络从销售点设备传送到购买交易处理器。 在购买交易处理器处,IBE私钥可用于从密钥传送块中恢复对称密钥。 对称密钥可以用于使用与购买交易处理器相关联的密钥来解密加密的支付卡信息以进行处理和重新加密。

    Identity-based-encryption messaging system with public parameter host servers
    7.
    发明授权
    Identity-based-encryption messaging system with public parameter host servers 有权
    具有公共参数主机服务器的基于身份的加密消息传递系统

    公开(公告)号:US07765582B2

    公开(公告)日:2010-07-27

    申请号:US11313992

    申请日:2005-12-20

    CPC分类号: H04L9/3073 H04L63/0442

    摘要: A system is provided that uses identity-based encryption (IBE) to support secure communications. Messages from a sender may be encrypted using an IBE public key and IBE public parameter information associated with a recipient. The recipient may decrypt IBE-encrypted messages from the sender using an IBE private key. A host having a service name may be used to store the IBE public parameter information. The sender may use a service name generation rule to generate the service name based on the IBE public key of the recipient. The sender may use the service name to obtain the IBE public parameter information from the host.

    摘要翻译: 提供了一种使用基于身份的加密(IBE)来支持安全通信的系统。 可以使用IBE公开密钥和与接收者相关联的IBE公共参数信息来加密来自发送者的消息。 收件人可以使用IBE私钥从发件人解密IBE加密的消息。 具有服务名称的主机可以用于存储IBE公共参数信息。 发件人可以使用服务名称生成规则来根据收件人的IBE公钥来生成服务名称。 发件人可以使用服务名称从主机获取IBE公共参数信息。

    Server-based universal resource locator verification service
    8.
    发明授权
    Server-based universal resource locator verification service 有权
    基于服务器的通用资源定位器验证服务

    公开(公告)号:US07698442B1

    公开(公告)日:2010-04-13

    申请号:US11072069

    申请日:2005-03-03

    摘要: A URL verification service is provided that is used to evaluate the trustworthiness of universal resource locators (URLs). As a user browses the world wide web, a URL verification client captures a URL associated with a web page of unknown authenticity. The URL verification client transmits the captured URL to a URL verification server. The URL verification server compares the URL to actively maintained whitelist and blacklist information. The server also uses the URL and a user-supplied or automatically-extracted brand to query a search engine. The URL verification server processes the response of the search engine to the search engine queries and the results of cache and whitelist and blacklist comparisons to determine whether the captured URL is legitimately associated with the brand. The results of the URL evaluation process are transmitted from the URL verification server to the URL verification client, which notifies user.

    摘要翻译: 提供了URL验证服务,用于评估通用资源定位符(URL)的可信赖性。 当用户浏览万维网时,URL验证客户端会捕获与未知真实性的网页相关联的网址。 URL验证客户端将捕获的URL发送到URL验证服务器。 URL验证服务器将URL与主动维护的白名单和黑名单信息进行比较。 服务器还使用URL和用户提供或自动提取的品牌来查询搜索引擎。 URL验证服务器处理搜索引擎对搜索引擎查询的响应以及缓存和白名单和黑名单比较的结果,以确定捕获的URL是否与品牌合法关联。 URL评估过程的结果从URL验证服务器发送到通知用户的URL验证客户端。

    IDENTITY-BASED-ENCRYPTION MESSAGING SYSTEM
    9.
    发明申请
    IDENTITY-BASED-ENCRYPTION MESSAGING SYSTEM 有权
    基于身份的加密消息传递系统

    公开(公告)号:US20090307497A1

    公开(公告)日:2009-12-10

    申请号:US12511811

    申请日:2009-07-29

    IPC分类号: H04L9/00 H04L9/32

    摘要: A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.

    摘要翻译: 提供了一种使用基于身份的加密来支持发送者和通过通信网络的接收者之间的安全通信的系统。 私钥生成器用于提供公共参数信息。 发件人使用基于收件人身份的公开密钥对收件人加密邮件,并使用公共参数信息作为基于身份的加密算法的输入。 收件人使用私钥来解密消息。 系统中可能有多个私钥生成器,给定的收件人可能有多个私钥。 发件人可以在发送给收件人的邮件中包含私钥识别信息。 私钥识别信息可以由接收者使用以确定在解密消息时要使用哪个私钥。 收件人可以获得正确的私钥以用于从本地私钥数据库或从适当的私钥服务器解密消息。