Increasing data security in enterprise applications by obfuscating encryption keys

摘要

A method, system, and computer program product for using hidden buffer formatting and passing obfuscated encryption key values to detect tampering with and/or prevent unauthorized inspection of a data buffer. The method comprises receiving an unencrypted sequence to be encrypted, selecting a layout version to associate to an encryption method and a checksum method, then encrypting the unencrypted sequence using the encryption method to form an encrypted sequence, and calculating, using the checksum calculation method, an unencrypted sequence checksum. Further, storing the encrypted sequence to form a hidden buffer payload, which hidden buffer has its own hidden buffer payload checksum. Encryption keys are not stored in program data, nor sent in the hidden buffers. Instead obfuscated encryption key values are used to generate keys on the fly. The receiver of a hidden buffer and obfuscated encryption key values can detect tampering or data corruption of the payload for further processing.

主权项

1. A computer implemented method for generating obfuscated cryptographic key values within an enterprise software application, the method comprising:
storing, in a distribution image of the enterprise software application, an indexed set of key construction values and an indexed set of key initial values; identifying a transmission comprising encrypted information; identifying, by a computer, an index value comprising a first portion and a second portion different from the first portion, wherein:
the first portion of the index value corresponds to the indexed set of key construction values pertaining to the transmission, and is used to generate a cryptographic key by accessing the indexed set of key construction values in combination with a key base data structure; andthe second portion of the index value corresponds to the indexed set of key initial values, and is used to generate a key initial value by accessing the indexed set of key initial values; and wherein the index value is contained within the transmission, and wherein the generated cryptographic key and key initial value are used to encrypt or decrypt the encrypted information and are not stored in the distribution image.