Voltage Security
contact | support VSN Login
products  |  partners  |  customers  |  technology  |  store  |  blog  |  company
TECHNOLOGY

> Overview
> Identity-Based Encryption (IBE)
> Format-Preserving
   Encryption (FPE)
> Key Management
> Evolution of Cryptography
> Academic & Research Links

Voltage Security Format-Preserving Encryption (FPE)

Preserving Critical Business Functions by Maintaining Data Format

Format-Preserving Encryption (FPE) is a fundamentally new approach to encrypting structured data, such as credit card or Social Security numbers, that makes it possible to integrate data-level encryption into legacy business application frameworks that were previously difficult or impossible to address.  It uses a published encryption method with an existing, proven encryption algorithm to encrypt data in a way that does not alter the data format.  The result is a strong encryption scheme that allows for encryption with minimal modifications to the way that existing applications work.

Traditional algorithms turn small, structured data elements, such as 16-digit credit card numbers, into larger, binary fields.  As a result, implementing these algorithms typically required massive re- engineering of databases and applications in order to accommodate the modified data sizes and formats.

Format-Preserving Encryption

Where older encryption technologies radically alter the structure of data, Voltage Format Preserving Encryption (FPE) maintains data format integrity, significantly minimizing changes to existing applications.

With FPE, encrypted data will retain its original format, on a character-by-character basis, so that encrypted data “fits” in existing fields, eliminating the need for database schema changes.
For example, a 16-digit credit card number can be encrypted, with the output guaranteed to also have 16 digits; the credit card checksum can even be maintained. FPE also preserves referential integrity, which enables encryption of foreign and indexed keys and ensures consistency across data stores.

FPE can also be used for cryptographic masking or de-identification of data.  By preserving data formats, sizes, and referential integrity, FPE provides an efficient method for "sanitizing" data without the need for massive masking or lookup tables.  Additionally, because it is a two-way encryption algorithm, FPE enables both reversible and non- reversible data masking.

Properties and benefits of FPE:

  • Supports data of any format, including numeric and alphanumeric
  • Eliminates changes to database or application schemas —data “fits” in existing fields
  • Guarantees referential integrity
  • Enables encryption of primary and foreign keys
  • Provides reversible and non-reversible data masking

Try Voltage

Schedule a 30 day evaluation

White Papers

Download white papers

Customers in Action

Get to know Voltage Customers

Contact a security specialist

Get your questions answered

Voltage's Format-Preserving Encryption capability reduces the complexity and cost of retrofitting cryptographic protection of private and sensitive data in existing applications. By preserving the type of underlying data there is no need to introduce expensive modifications of existing database schemas.

– Dr. Howard Robkoff
Chief Security Architect
MphasiS, a division of EDS
home | terms of use | privacy policy | contact us | careers | site map
Sign-up to receive email updates, click here
To learn more, call +1 (650) 543-1280 or contact sales online