HP Format-Preserving Encryption

Preserving Critical Business Functions by Maintaining Data Format

HP Format-Preserving Encryption

HP Format-Preserving Encryption (FPE) is a fundamentally new approach to encrypting structured data, such as credit card or Social Security numbers. HP FPE makes it possible to integrate data-level encryption into legacy business application frameworks that were previously difficult or impossible to address. It uses a published encryption method with an existing, proven algorithm to encrypt data in a way that does not alter the data format. The result is a strong encryption scheme that allows for encryption with minimal modifications to the way that existing applications work. HP FPE is a mode of AES, recognized by NIST.

HP FPE’s underlying cryptographic construction was first proposed in 2006 by Terence Spies, CTO of HP Security Voltage, and since then, HP Security Voltage has been the leader in the development of FPE and related technologies. HP Security Voltage holds US Patent 7,864,952 describing the core cryptography behind FPE, and has continued to develop intellectual property surrounding the implementation and use of the technology.

HP FPE from HP Security Voltage

With HP Format-Preserving Encryption encrypted data will retain its original format, on a character-by-character basis, so that encrypted data “fits” in existing fields, eliminating the need for database and application schema changes.

Key Features and Capabilities:

  • Datatype agnostic – Supports data of any format, including numeric, alphanumeric, and even date fields
  • Referential integrity – Preserves referential integrity, ensuring consistency across applications and data stores
  • Data masking – Can be used to efficiently obfuscate data for development, test, and analytics environments
  • Published security proofs – Offers a formal proof of security, recognized by NIST

HP FPE Deciphered


Traditional algorithms turn small, structured data elements, such as 16-digit credit card numbers, into larger, binary fields. As a result, implementing these algorithms typically required massive
re-engineering of databases and applications in order to accommodate the modified data sizes and formats. HP FPE eliminates
this requirement.

“HP Format-Preserving Encryption capability reduces the complexity and cost of retrofitting cryptographic protection of private and sensitive data in existing applications. By preserving the type of underlying data, there is no need to introduce expensive modifications of existing database schemas.”

Dr. Howard Robkoff

Chief Security Architect

MphasIS, a division of EDS

More Information

Independent Technical Assessment of HP Format-Preserving Encryption

Read White Paper

Data De-Identification

Read Use Case

Data-Centric Security vs. Database-Level Security

Read Technical Brief

Major Provider of Insurance, Banking and Travel Products and Services

Read Case Study

A Deep Dive into HP FPE

The advent of the PCI Data Security Standards has driven many organizations to look at methods for encrypting CCNs and other sensitive data
in internal databases.

View Now

Related HP Security Voltage Technologies