Voltage Format-Preserving Encryption

Preserving Critical Business Functions by Maintaining Data Format

HPE Format-Preserving Encryption

HPE Format-Preserving Encryption (FPE) is a new approach to encrypting structured data, such as credit card or Social Security numbers. HPE FPE makes it possible to integrate data-level encryption into legacy business application frameworks that were previously difficult or impossible to address. It uses the NIST standard encryption method with a proven algorithm to encrypt data in a way that does not alter the data format. The result is a strong encryption scheme that allows for encryption with minimal modifications to the way that existing applications work. HPE SecureData with Hyper FPE is NIST-standard using FF1 AES Encryption to encrypt virtually unlimited data types.

HPE FPE’s underlying cryptographic construction was first proposed in 2006 by Terence Spies, CTO of HPE Security – Data Security, and since then, HPE Security has been the leader in the development of FPE and related technologies. HPE Security holds US Patent 7,864,952 describing the core cryptography behind FPE, and has continued to develop intellectual property surrounding the implementation and use of the technology.

On March 29, 2016, NIST published a new security standard for Format-Preserving Encryption, NIST AES FFX Format-Preserving Encryption (FPE) mode standard. Hewlett Packard Enterprise has been involved as a developer through open cooperation with NIST from initial proposals of Format-Preserving Encryption technologies with formal security proofs to independent peer review of the NIST AES modes. The NIST standard is critical in setting the bar to ensure organizations are maintaining regulatory and audit compliance, as well as using proven methods to protect against a data breach. The NIST standard provides an approved and proven data-centric encryption method for government agencies.

Format-Preserving Encryption is critical in protecting sensitive data at rest, in motion and in use while preserving the data formats.

Key Features and Capabilities

  • Datatype agnostic – Supports data of virtually any format, including numeric, alphanumeric, and even date fields
  • Referential integrity – Preserves referential integrity, ensuring consistency across applications and data stores
  • Data masking – Can be used to efficiently obfuscate data for development, test, and analytics environments
  • NIST Standard – formal proof of security with NIST FF1 AES – SP800-38G

HPE FPE Deciphered

Traditional algorithms turn small, structured data elements, such as 16-digit credit card numbers, into larger, binary fields. As a result, implementing these algorithms typically required massive
re-engineering of databases and applications in order to accommodate the modified data sizes and formats. HPE FPE eliminates
this requirement.

“HPE Format-Preserving Encryption capability reduces the complexity and cost of retrofitting cryptographic protection of private and sensitive data in existing applications. By preserving the type of underlying data, there is no need to introduce expensive modifications of existing database schemas.”

Dr. Howard Robkoff

Chief Security Architect

MphasIS, a division of EDS

More Information

Independent Technical Assessment of HPE Format-Preserving Encryption

Read White Paper

Data De-Identification

Read Use Case

Major Provider of Insurance, Banking and Travel Products and Services

Read Case Study

BAH Data-Centric Protection: Agility While Protecting Data

Read White Paper

Data-Centric Security vs. Database-level Security

Read Technical Brief

HPE SecureData

Read Data Sheet

A Deep Dive into HPE FPE

The advent of the PCI Data Security Standards has driven many organizations to look at methods for encrypting CCNs and other sensitive data
in internal databases.

View Now

Related HPE Security - Data Security Technologies

HPE Identity-Based Encryption

HPE Identity-Based Encryption (IBE) enables sensitive data to be protected without the need for key certificates.

HPE Page-Integrated Encryption

HPE Page-Integrated Encryption (PIE)
is designed to provide users with end-to-end encryption for e-commerce
web transactions.

HPE Secure Stateless Tokenization

HPE Secure Stateless Tokenization (SST) provides advanced data security without token databases.

HPE Stateless Key Management

HPE Stateless Key Management ensures secure, adaptable and extensible enterprise key management.