Skip to main content

Overview of Application Integrations

Pi Soft System
  • Transparent Encryption with Pi Soft dS

    • Protect user data files
    • Protect database data files
    • Protect application files
      Protecting information contained in files
  • Application Integration (Encryption and Key Management with Pi Soft sdk)

    • Applications calling API in C/C++ and Java

      Protecting information in a relational database

  • **Pi Soft System Deployed

    Pi Soft Suite System Architecture**

Application Integration with Pi Soft sdk
  • Encrypt/Decrypt with kS Key Server

Application   ---- connect ----> key server

Encrypt data:

Application   ----- raw data ---------------> key server

Application   <---- enc data, T-Tag --------- key server

Decrypt data:

Application   ---- enc data, T-Tag ---------> key server

Application   <----- raw data --------------- key server

                        …

Application   ---- disconnect ----> key server

Encryption Process:

  1. Receive data from user
  2. Create key and key ID
  3. Encrypt user data with key
  4. Encrypt key
  5. Encrypt key ID
  6. Save key ID and encrypted key to key database
  7. Return encrypted data and encrypted key ID (T-Tag) to user

Decryption Process:

  1. Receive Encrypted data and Encrypted Key ID (T-Tag) from user
  2. Decrypt Encrypted Key ID (T-Tag) to get Key ID
  3. Retrieve Encrypted Key from key database with Key ID
  4. Decrypt Encrypted Key to get Key
  5. Decrypt Encrypted data with Key to get original data
  6. Return original data to user
  • Key Management with kS Key Server and Encrypt/Decrypt Data Locally

Application   ---- connect ----> key server

Create key:

Application   ----- create key ---> key server

Application   <---- T-Tag --------- key server

Export key:

Application   ---- T-Tag ---------> key server

Application   <---- key ----------- key server

                        …

Application   ---- disconnect ----> key server

Encrypt/decrypt data:

Application : use key to encrypt/decrypt data locally

Application : discard key

Create Key Process:

  1. Get request from user
  2. Create key and key ID
  3. Encrypt key
  4. Encrypt key ID
  5. Save key ID and encrypted key to key database
  6. Return encrypted key ID (T-Tag) to user

Export Key Process (for certificate user only):

  1. Decrypt encrypted key ID to get key ID
  2. Retrieve encrypted key from key database with key ID
  3. Decrypt encrypted key to get key
  4. Encrypt key with user’s public key
  5. Return encrypted key to user
  6. User decrypts the encrypted key with his private key to get the key
Considerations for Database (Change of Schema)
  • Columns to encrypt and storage of T-Tag

    • One key for a table
    • One key for a column
    • One key for each row
  • Data type and storage

    • Encrypted data can be character-type or binary-type
    • Storage length will be increased
  • Primary/foreign key, index

    • Primary/foreign key and indexed columns shouldn’t be encrypted
  • Search

    • For each encrypted/searchable field, add an additional hash field
  • Convert existing database

    • It is better to create a new database for encrypted data
    • Extract existing data, run through the Pi Soft process and insert to new database
  • Encrypt relationship (De-identification)

    • Remove existing primary/foreign keys
    • Add additional columns to navigate through the tables with Pi Soft process
Considerations for Application (Modifications)
  • INSERT Transactions

    • Logic needs to be added to have data encrypted and optionally hashed
    • INSERT statements need to be modified to include T-Tag, hash values and encrypted data
  • Queries

    • SELECT statements need to be modified to include T-Tag and encrypted data
    • WHERE clauses need to be modified to use the hash values if searching on fields containing encrypted data
    • Logic needs to be added to decrypt data returned from database
  • UPDATE Transactions

    • Logic needs to be added to have data encrypted and optionally hashed
    • UPDATE statements need to be modified to include hash values and encrypted data
    • WHERE clauses need to be modified to use the hash values if searching on fields containing encrypted data
Get Started with Pi Soft sdk
  • Install Pi Soft sdk

    • Library, Reference, Development Guide and Samples in C/C++ and Java
  • Read Development Guide

  • Run Samples

  • Check Reference