Skip to main content

Basic Data Protection Scenarios

Two most common data protection scenarios in enterprise computing are:

  • Protecting information in a relational database
  • Protecting information contained in files
Protecting information in a relational database

Protecting information in a relational database

In this scenario we suggest you to use a kS to perform all cryptographic functionality, including key generation, key retrieval, key encryption, link encryption and data encryption.

Multiple kS may be used to assure fault tolerance. The Key Database will store encrypted keys and Key IDs, as well as user information and trusted component information. In addition, an application server will contain various client applications and an Agent, which will submit cryptographic transaction requests from the application server to a kS. Finally, a client-side database server will house a target database, which stores all unencrypted data, encrypted data and T-Tags.

Protecting information contained in files

Protecting information contained in files

In this scenario we suggest you to use a kS to perform all cryptographic key management functions, including key generation, key retrieval, key encryption and link encryption. The Key Database will store encrypted keys, while encrypted files and T-Tags will be stored on client machines. A Remote Engine can be installed on each client machine. The Remote Engine will transmits cryptographic key requests from the client machine to the kS, and will use the keys to encrypt and decrypt data stored on the client machine. This approach off-loads data encryption and decryption from the kS and also reduces network traffic.