Encryption means that the data is scrambled when you look at it but it can be "unscrambled". There are two points of scrambling:
We can encrypt the data transmission using the HTTP Secure Socket Layer (HTTPS) protocol from the application server to the client. Follow the directions in Configuring SSL for your application server. In addition, as part of the Oracle Advanced Security Option, Network Encryption is also available with the Enterprise Edition of the application server software.
Data is encrypted using a key and when examined without the key, is scrambled. The key is required to decrypt it to make it readable. The key is stored outside the database so that if the database files are compromised, the data is still encrypted. The key becomes part of the backup strategy, but (for a best practice of security) must be backed up on a separate medium than the data base.
Oracle offers a mechanism known as Transparent Data Encryption (TDE) as part of the Advanced Security Option in the Enterprise Edition of the database server software. TDE allows you to encrypt any number of fields without modification of the application. It is not recommended that columns on transaction-oriented mass updatable tables be encrypted. Columns that are part of an index (like PERSON_CODE) cannot be encrypted.
The application also supports encryption of select often-secured fields. The columns that are available for encryption are: BIRTH_DATE, GOVERNMENT_CODE, DRIVERS_LICENSE, and BANK_ACCOUNT, in all the places within the system that they reside.
Table | Column | Encrypted Column |
---|---|---|
P2K_HR_CONTACTS | BIRTH_DATE | RAW_BIRTH_DATE |
P2K_HR_CONTACTS | GOVERNMENT_CODE | RAW_GOVERNMENT_CODE |
P2K_HR_IDENTITIES | BIRTH_DATE | RAW_BIRTH_DATE |
P2K_HR_IDENTITIES | DRIVERS_LICENSE | RAW_DRIVERS_LICENSE |
P2K_HR_IDENTITIES | GOVERNMENT_CODE | RAW_GOVERNMENT_CODE |
P2K_PR_DEPOSITS | BANK_ACCOUNT | RAW_BANK_ACCOUNT |
P2K_PR_PAYMENT_RULE_DETAILS | BANK_ACCOUNT | RAW_BANK_ACCOUNT |
P2K_RE_CANDIDATES | BIRTH_DATE | RAW_BIRTH_DATE |
P2K_RE_CANDIDATES | DRIVERS_LICENSE | RAW_DRIVERS_LICENSE |
P2K_RE_CANDIDATES | GOVERNMENT_CODE | RAW_GOVERNMENT_CODE |
P2K_WS_SERVICE_DEFINITIONS | WS_PASSWORD | RAW_WS_PASSWORD |
P2K_WS_SERVICE_DEFINITIONS | WALLET_PASSWORD | RAW_WALLET_PASSWORD |
P2K_WS_SERVICE_DEFINITIONS | TOKEN_PASSWORD | RAW_TOKEN_PASSWORD |
The views provided with the application handle the decryption of data, so if you are creating reports using external tools with these views, there is nothing more to be done. If you are accessing the fields above directly, then you will need to modify your reports to handle the decryption of the data. A database function, P2K_PMSEC.CHECKANDDECRYPT (and for date columns P2K_PMSEC.CHECKANDDECRYPTDATE) is provided to help your external reports with the decryption of the data.
Screen captures are meant to be indicative of the concept being presented and may not reflect the current screen design.
If you have any comments or questions please email the Wiki Editor
All content © High Line Corporation