Format Preserving Encryption (FPE)

The Importance of Format Preserving Encryption

Format Preserving Encryption is a technique to protect data in a database (typically, Personally Identifiable Information such as home address and spouse's name) while still enabling workflows that were in place before the Format Preserving Encryption was implemented.

Format Preserving Encryption is similar to Tokenization. However, Tokenization only works with fixed length data, whereas, Format Preserving Encryption works with variable length fields.

Limitations of Format Preserving Encryption

Format Preserving Encryption is a two-way process. Given authorized access, it’s possible to get the original data back from the encrypted data. That is, the secret key that encrypts the original data can decrypt the encrypted data. Therefore, the encryption key must be properly secured.

Format Preserving Encryption usually has to be implemented in an application server or a separate "API" server. This is more difficult than simply turning on transparent database encryption.

Format Preserving Encryption does not fulfill PCI compliance requirements for Credit Card Numbers and Social Security Numbers.

Vidder’s Format Preserving Encryption Recommendations

Vidder recommends using Format Preserving Encryption when short, variable length fields are used in a database because other encryption techniques can greatly expand the field size and create the need to change the database schema.

However, Vidder recommends using Tokinazation instead of Format Preserving Encryption for Credit Card Numbers and Social Security Numbers because Tokinazation meets PCI compliance standards.

Copyright© 2005-2013 Vidder, Inc. All rights reserved.