Overview of Application Integrations
Pi Soft System
-
Transparent Encryption with Pi Soft dS
- Protect user data files
- Protect database data files
- Protect application files
-
Application Integration (Encryption and Key Management with Pi Soft sdk)
-
Applications calling API in C/C++ and Java
-
-
**Pi Soft System Deployed
**
Application Integration with Pi Soft sdk
- Encrypt/Decrypt with kS Key Server
Application ---- connect ----> key server
Encrypt data:
Application ----- raw data ---------------> key server
Application <---- enc data, T-Tag --------- key server
Decrypt data:
Application ---- enc data, T-Tag ---------> key server
Application <----- raw data --------------- key server
…
Application ---- disconnect ----> key server
Encryption Process:
- Receive data from user
- Create key and key ID
- Encrypt user data with key
- Encrypt key
- Encrypt key ID
- Save key ID and encrypted key to key database
- Return encrypted data and encrypted key ID (T-Tag) to user
Decryption Process:
- Receive Encrypted data and Encrypted Key ID (T-Tag) from user
- Decrypt Encrypted Key ID (T-Tag) to get Key ID
- Retrieve Encrypted Key from key database with Key ID
- Decrypt Encrypted Key to get Key
- Decrypt Encrypted data with Key to get original data
- Return original data to user
- Key Management with kS Key Server and Encrypt/Decrypt Data Locally
Application ---- connect ----> key server
Create key:
Application ----- create key ---> key server
Application <---- T-Tag --------- key server
Export key:
Application ---- T-Tag ---------> key server
Application <---- key ----------- key server
…
Application ---- disconnect ----> key server
Encrypt/decrypt data:
Application : use key to encrypt/decrypt data locally
Application : discard key
Create Key Process:
- Get request from user
- Create key and key ID
- Encrypt key
- Encrypt key ID
- Save key ID and encrypted key to key database
- Return encrypted key ID (T-Tag) to user
Export Key Process (for certificate user only):
- Decrypt encrypted key ID to get key ID
- Retrieve encrypted key from key database with key ID
- Decrypt encrypted key to get key
- Encrypt key with user’s public key
- Return encrypted key to user
- User decrypts the encrypted key with his private key to get the key
Considerations for Database (Change of Schema)
-
Columns to encrypt and storage of T-Tag
- One key for a table
- One key for a column
- One key for each row
-
Data type and storage
- Encrypted data can be character-type or binary-type
- Storage length will be increased
-
Primary/foreign key, index
- Primary/foreign key and indexed columns shouldn’t be encrypted
-
Search
- For each encrypted/searchable field, add an additional hash field
-
Convert existing database
- It is better to create a new database for encrypted data
- Extract existing data, run through the Pi Soft process and insert to new database
-
Encrypt relationship (De-identification)
- Remove existing primary/foreign keys
- Add additional columns to navigate through the tables with Pi Soft process
Considerations for Application (Modifications)
-
INSERT Transactions
- Logic needs to be added to have data encrypted and optionally hashed
- INSERT statements need to be modified to include T-Tag, hash values and encrypted data
-
Queries
- SELECT statements need to be modified to include T-Tag and encrypted data
- WHERE clauses need to be modified to use the hash values if searching on fields containing encrypted data
- Logic needs to be added to decrypt data returned from database
-
UPDATE Transactions
- Logic needs to be added to have data encrypted and optionally hashed
- UPDATE statements need to be modified to include hash values and encrypted data
- WHERE clauses need to be modified to use the hash values if searching on fields containing encrypted data
Get Started with Pi Soft sdk
-
Install Pi Soft sdk
- Library, Reference, Development Guide and Samples in C/C++ and Java
-
Read Development Guide
-
Run Samples
-
Check Reference