Format preserving encryption

Edit online

Format preserving encryption (FPE) is a method of encryption where the resulting ciphertext has the same form as the input cleartext. The form of the text can vary according to the usage and the application. The contained information provides background information which is helpful for using the Visa Format Preserving Encryption (VFPE) services provided by CCA. The Visa Format Preserving Encryption is a counter mode stream cipher and uses an alphabet parameter. An alphabet assigns a sequential number set for all potential characters for a given field type that is used in the conversion of payment card data prior to encryption.

Meeting the needs of FPE is not achievable with traditional block encryption algorithms that work on a data block of given size (typically 64 or 128 bits) and treat input and output as binary strings with no alphabet constraint.

FPE was developed to meet these needs and is of particular importance for financial payment systems, data base encryption, and other use cases. The core FPE encryption engines themselves do not discriminate between different alphabets with the same amount of characters and rely on an application level alphabet translation that maps each of the n alphabet characters present in a given alphabet to the numbers {0, 1, ā€¦ , n-1}.

One example for format preserving encryption is a 16 digit credit card number. After using FPE to encrypt a credit card number, the resulting ciphertext is another 16 digit number. In this example of the credit card number, the output ciphertext is limited to numeric digits only.

The CSNBFPEE, CSNBFPED, CSNBFPET, and CSNBPTRE callable services implement the Visa Format Preserving Encryption algorithm, which is a counter mode stream cipher.

The FPE services require some knowledge of the input cleartext character set in order to create the appropriate output ciphertext. The CSNBFPEE, CSNBFPED, CSNBFPET, and CSNBPTRE callable services use the tables in the following subsections to determine valid character sets for the cleartext input parameters.

VFPE applies to these verbs:

  • FPE Decipher (CSNBFPED)
  • FPE Encipher (CSNBFPEE)
  • FPE Translate (CSNBFPET)
  • Encrypted PIN Translate Enhanced (CSNBPTRE)

These CCA verbs use the tables in the following subsections to determine valid character sets for the cleartext input parameters. These services convert payment card data as required to or from VFPE alphabet numbers as determined by rule_array keyword. The alphabet tables below are meant to provide a reference for the valid set of characters for each of the four Visa payment card data formats (namely, PAN, Cardholder Name, Track 1 Discretionary Data, and Track 2 Discretionary Data).

VFPE payment card data can be in any one of these formats:

  • For Track 2, a special modified 5-bit ASCII format, which allows parity checking of the digits, as specified in ISO 7811
  • For Track 1, a special modified 7-bit ASCII format, which allows parity checking of the digits, as specified in ISO 7811-2 and ISO 7813
  • 4-bit Binary Coded Decimal (BCD)
  • 7-bit American Standard Code for Information Interchange (ASCII)
  • 8-bit Extended Binary Coded Decimal Interchange Code (EBCDIC)

The conversion of payment card data to a VFPE alphabet prior to encryption serves to standardize the data. The converted encryption result is presented to the terminal application for constructing payment transaction data. When the converted encryption result is decrypted, the VFPE alphabet data can be converted back to any desired format.

When VFPE is applied to a transaction, it must always be applied to all occurrences of the following fields (when present), and in the following order:

  1. Primary Account Number (PAN)
  2. Cardholder Name
  3. Track 1 Discretionary Data
  4. Track 2 Discretionary Data

Any missing data fields will be skipped.

Each character in the set of characters for a given field type is assigned a unique VFPE alphabet number. VFPE requires translation of each payment card data character to its assigned VFPE alphabet number prior to encryption. Refer to Table 1.
Table 1. VFPE alphabet by field type

Table describing the VFPE alphabet by field type in three columns
Field type VFPE alphabet used Description
Primary Account Number (PAN)
  • For releases starting with 5.0: BASE-10 alphabet.
    Refer to Table 2.
 PAN data must be converted into the VFPE BASE-10 alphabet prior to encryption.

Data is obtained from Track 1, Track 2, chip medium-scale integration (MSI), or chip account number.
Cardholder Name
  • For releases starting with 5.0: Track 1 Cardholder Name alphabet.
    Refer to the third column of Table 3.
 Cardholder Name data must be converted into the VFPE Track 1 Cardholder Name alphabet prior to encryption.

Data is obtained from Track 1 or chip data.
Track 1 Discretionary Data
  • For releases starting with 5.0: Track 1 Discretionary Data alphabet.
    Refer to the second column of Table 3.
Note: This table has all of the same characters as the VFPE Track 1 Cardholder Name alphabet plus two reserved name field characters, namely a period "." and a slash "/".
Track 1 Discretionary Data must be converted into the VFPE Track 1 Discretionary alphabet prior to encryption.

Data is obtained from magnetic stripe or chip data.
Track 2 Discretionary Data
  • For release 5.0: BASE-16 alphabet.
    Refer to Table 4.
  • For release 5.2: BASE-10 alphabet.
    Refer to Table 2.
Track 2 Discretionary Data must be converted into the VFPE BASE-10 alphabet prior to encryption.

Data is obtained from the magnetic stripe or chip data.
Note:
  1. Characters that are not found in the alphabet table should be skipped and not encrypted.
  2. Reserved characters that are not in the table are intentionally missing. Missing reserved characters can be used for hardware control, start sentinel, field separate, or end sentinel.

VFPE BASE-10 alphabet

The VFPE BASE-10 alphabet is used for converting data when the character set only consists of numbers zero through nine (0 - 9). VFPE requires translation (conversion) of the following data to the VFPE alphabet number in Table 2:
  • PAN data obtained from payment card Track 1, Track 2, chip MSI, or chip account number
  • Track 2 Discretionary Data obtained from the magnetic strip or chip data.

Any of the data types shown in the table are supported. After the formatted encrypted data is decrypted, it can be translated to the same or a different data type than the original coding.

Table 2. VFPE BASE-10 alphabet for PAN data and Track 2 Discretionary Data

Table describing the VFPE BASE-10 alphabet for PAN data and Track 2 Discretionary Data in seven columns
Character VFPE alphabet number ISO 7811 modified 5-bit ASCII ISO 7811-2 and ISO 7813 Modified 7-bit ASCII Normal data type encoding
4-bit binary coded decimal (BCD) 7-bit ASCII 8-bit EBCDIC
0 0 10000 0010000 0000 0110000 11110000
1 1 00001 1010001 0001 0110001 11110001
2 2 00010 1010010 0010 0110010 11110010
3 3 10011 0010011 0011 0110011 11110011
4 4 00100 1010100 0100 0110100 11110100
5 5 10101 0010101 0101 0110101 11110101
6 6 10110 0010110 0110 0110110 11110110
7 7 00111 1010111 0111 0110111 11110111
8 8 01000 1011000 1000 0111000 11111000
9 9 11001 0011001 1001 0111001 11111001

VFPE Track 1 Discretionary Data and Cardholder Name alphabets

There are two VFPE alphabets for Track 1 data. One is for VFPE Track 1 Discretionary Data, and the other for VFPE Track 1 Cardholder Name data:

  • The VFPE Track 1 Discretionary Data alphabet is used for converting the Track 1 Discretionary Data obtained from payment card magnetic stripe or chip data. This alphabet includes two reserved name field characters, namely a period "." and a slash "/", that the VFPE Track 1 Cardholder Name alphabet does not have. If a period (".") or a slash ("/") character is encountered in Track 1 Discretionary Data, it should be converted and encrypted.
  • The VFPE Track 1 Cardholder Name alphabet is used for converting the cardholder name data obtained from payment card Track 1 or chip data. If a period (".") or a slash ("/") character is encountered in Cardholder Name data, it should be skipped and not encrypted.
Refer to Table 3. Any of the data types shown in the table are supported. After the formatted and encrypted data is decrypted, it can be translated to the same or a different data type than the original coding.
Table 3. VFPE Track 1 Discretionary Data and Cardholder Name alphabets

Table describing the VFPE Track 1 Discretionary Data and Cardholder Name alphabets in six columns
Character VFPE Track 1 Discretionary Data alphabet number VFPE Track 1 Cardholder Name alphabet number ISO 7811-2 and ISO 7813 Modified 7-bit ASCII data type 7-bit ASCII normal data type encoding 8-bit EBCDIC normal data type encoding
space 0 0 1000000 0100000 01000000
# 1 1 1000011 0100011 01111011
$ 2 2 0000100 0100100 01011011
( 3 3 0001000 0101000 01001101
) 4 4 1001001 0101001 01011101
- 5 5 0001101 0101101 01100000
. 6 Skip 0001110 0101110 01001011
/ 7 Skip 1001111 0101111 01100001
0 8 6 0010000 0110000 11110000
1 9 7 1010001 0110001 11110001
2 10 8 1010010 0110010 11110010
3 11 9 0010011 0110011 11110011
4 12 10 1010100 0110100 11110100
5 13 11 0010101 0110101 11110101
6 14 12 0010110 0110110 11110110
7 15 13 1010111 0110111 11110111
8 16 14 1011000 0111000 11111000
9 17 15 0011001 0111001 11111001
A 18 16 1100001 1000001 11000001
B 19 17 1100010 1000010 11000010
C 20 18 0100011 1000011 11000011
D 21 19 1100100 1000100 11000100
E 22 20 0100101 1000101 11000101
F 23 21 0100110 1000110 11000110
G 24 22 1100111 1000111 11000111
H 25 23 1101000 1001000 11001000
I 26 24 0101001 1001001 11001001
J 27 25 0101010 1001010 11010001
K 28 26 1101011 1001011 11010010
L 29 27 0101100 1001100 11010011
M 30 28 1101101 1001101 11010100
N 31 29 1101110 1001110 11010101
O 32 30 0101111 1001111 11010110
P 33 31 1110000 1010000 11010111
Q 34 32 0110001 1010001 11011000
R 35 33 0110010 1010010 11011001
S 36 34 1110011 1010011 11100010
T 37 35 0110100 1010100 11100011
U 38 36 1110101 1010101 11100100
V 39 37 1110110 1010110 11100101
W 40 38 0110111 1010111 11100110
X 41 39 0111000 1011000 11100111
Y 42 40 1111001 1011001 11101000
Z 43 41 1111010 1011010 11101001
[ 44 42 0111011 1011011 10111010
\ 45 43 1111100 1011100 11100000
] 46 44 0111110 1011101 10111011

Base-16 alphabet

Cards are encoded with the special ISO 7811 modified 5-bit ASCII encoding for track 2. This data type allows parity checking of the digits. Many systems require this encoding to be converted into standard data types for processing. Other data fields may use base-16 encoding and would use this same alphabet when performing VFPE. These data types support values in the ranges 0 - 9 and A - F.

VFPE requires translation of the characters of the VFPE alphabet number prior to encryption. Therefore, any of the data types shown in Table 190 are supported. Decryption may use the same or a different data type than the original encoding. This alphabet requires the following values to be used in the VFPE algorithm:
Number of characters in alphabet(ā€™nā€™): 16
Table 4. Base-16 alphabet

Table describing the Base-16 alphabet in seven columns
VFPE alphabet number ISO 7811 modified 5-bit ASCII encoding Normal data type encoding
Character Binary Character 4-bit binary coded decimal 7-bit ASCII 8-bit EBCDIC
0 0 10000 0 0000 0110000 11110000
1 1 00001 1 0001 0110001 11110001
2 2 00010 2 0010 0110010 11110010
3 3 10011 3 0011 0110011 11110011
4 4 00100 4 0100 0110100 11110100
5 5 10101 5 0101 0110101 11110101
6 6 10110 6 0110 0110110 11110110
7 7 00111 7 0111 0110111 11110111
8 8 01000 8 1000 0111000 11111000
9 9 11001 9 1001 0111001 11111001
10 : 11010 A 1010 1000001 11000001
11 ; 01011 B 1011 1000010 11000010
12 < 11100 C 1100 1000011 11000011
13 = 01101 D 1101 1000100 11000100
14 > 01110 E 1110 1000101 11000101
15 ? 11111 F 1111 1000110 11000110

Usage notes for FPE Encipher (CSNBFPEE) and FPE Decipher (CSNBFPED) services

The CSNBFPEE and CSNBFPED services support two options:

  1. the standard encryption or decryption option which uses the DES CBC mode of operation
  2. the Visa Format Preserving Encryption (VFPE) option.

If the standard encryption or decryption option was selected, the plaintext data was formatted into blocks and then encrypted or decrypted with triple-DES with a static TDES key or a DUKPT double length data encryption or decryption key. For the decryption operation, the data blocks must be decrypted and unblocked to produce the plaintext. If the data was encrypted or decrypted with the VFPE option, it was processed in place without changing the data type or length of the field. Also, DUKPT key management is used.

These services can be used to encrypt or decrypt one or all of the following fields:

  • the primary account number (PAN),
  • the cardholder name,
  • the track 1 discretionary data, or
  • the track 2 discretionary data.

There are three encryption or decryption options:

  1. the standard option with CBC mode TDES and DUKPT keys
  2. the VFPE option with DUKPT keys
  3. the standard option with CBC mode TDES and double-length TDES keys.

To use these services, you must specify the following:

  • the processing method, which is limited to Visa Data Secure Platform (VDSP)
  • the key management method, either STATIC or DUKPT
  • the algorithm, which is limited to TDES
  • the mode, either CBC or Visa Format Preserving Encryption (VFPE)
  • the plaintext to be encrypted or decrypted
  • the character set of each field to be encrypted or decrypted using rule-array keywords
  • the base derivation key and key serial number if DUKPT key management is used, or a double-length TDES key if STATIC key management is used
  • a compliance or non-compliance indicator for the check digit of the PAN to be processed if VFPE is specified.

The services return the encrypted or decrypted fields and optionally, the DUKPT PIN key, if the DUKPT key management is selected and the PINKEY rule is specified.

NIST FFX (FF1, FF2, and FF2.1) algorithm description

The CSNBFFXD, CSNBFFXE, and CSNBFFXT callable services implement the NIST FFX algorithms. The FF1, FF2, and FF2.1 algorithms are all built in a similar way, using AES as the base cipher for the operations. The overall algorithm uses a pseudorandom function (PRF) as its main encryption function using a variable length Feistal network. Each of the three algorithms contain a different PRF to achieve the result. Each algorithm also takes in a tweak string to further vary the action of the PRF. FF1 uses either a 128-bit AES key or a 256-bit AES key. FF2 and FF2.1 only support AES 128-bit keys.

In the algorithm descriptions, the alphabet A is represented by characters in the sequence { 0, 1, 2,.. , n-1} where n is the number of characters in the alphabet A. Typically the string to be encrypted or decrypted is represented in a different alphabet (such as ASCII) in which case the string needs to be translated from/to original alphabet before/after the FPE algorithm is applied. In the parameters of the applicable verbs, the value n is known as the alphabet_length. For the CSNBFFXT verb, there are both input and output forms.

Additionally, there is a tweak alphabet T represented by {0, 1, 2, ..., t_radix-1} where t_radix is the number of characters in the tweak alphabet. In the parameters of the applicable verbs, t_radix is known as tweak_alphabet_length. For the CSNBFFXT verb, there are both input and output forms.