Pi Soft Suite System Architecture
Basic Definitions
Pi Soft
Pi Soft uses a three-step encryption process in which data is encrypted using a unique cryptographic key, the key is then encrypted, and finally the link between the data and the key is encrypted. The data, key and link are then stored, remaining encrypted while in storage.
Decrypting the encrypted data so that it can be read involves decrypting the link, matching the key to the data, decrypting the key and then decrypting the data using the key. Protected data can only be decrypted and read by authorized users performing authorized transactions. As a result, stored data accessed by unauthorized users cannot be decrypted.
Pi Soft kS
The kS performs all cryptographic key management functions (key generation, key exchange, and the encryption and decryption of keys and links). The kS also performs data encryption and decryption.
These functions are performed in response to transaction requests received from the remote engines, rE. Data can be encrypted via requests from the rE agent.
The kS is also used to perform some administrative functions, such as the maintenance of backup user authentication information.
Agent
The Agent is an integration component that transmits cryptographic transaction requests from an application to the kS or rE. Available in Java, C++, and C versions, the Agent integrates seamlessly with various Windows and Linux client applications.
Remote Engine, or rE
The Remote Engine transmits cryptographic key requests from a computer to the Tricryption Engine, and uses the keys to encrypt and decrypt data stored on the client computer. Use of the Remote Engine is optional and will offload data encryption/decryption from the Tricryption Engine.
Key ID
A Key ID is an identifier assigned to an encrypted key.
T-Tag
The T-Tag is the link between data and the cryptographic key used to encrypt it. A T-Tag is formed when the Key ID is encrypted. T-Tags are stored with encrypted data.
Key Database
The Key Database stores encrypted keys and the Key IDs assigned to the encrypted keys.
Workstation and Application Server
An individual computer containing the Tricryption Agent, optional rE, various client applications, unencrypted data and encrypted data with their associated T-tags, also known as hidden links within object methods and attributes.
Certificate Authority
As part of a public key infrastructure, a certificate authority governs the issuance, management and verification of digital certificates, which are used to authenticate the identity of the certificate holder. A certificate authority is optional and used only to provide a trust between Tricryption Engines.