Product introduction >>
SecDB, independently designed and developed by Sansec, offers solutions for underlying database security, by applying TDE technology. Through a centralized key management approach, supporting security mechanism and the core concept of separating the storage of data and keys, SecDB implements security best practices that achieve a high level of assurance throughout the whole life circle of keys.
Figure 1 shows the typical structure of SecDB topology.，HSM is a hard backup hardware security module, SecKMS is a key management center that applies the use of KMIP, and plugins are extensions for the database. When plaintext data enters the database, we can implement the calling and the running of the security protocol through the database plugins between the SecKMS and the HSM; Through these plugins, we can provide the database’s inherent TDE capabilities and implement the storage of encrypted data onto the hard drive.
Through database disk I/O encryption, it can protect at rest data stored by the database user. Encryption and decryption process is transparent to the user, and has no need for changes in order to protect ordered data
● Encryption application
The HSM is independently designed and developed by Sansec, and has been recognized nationally as a comprehensive key protection structure. Important keys will never appear in plaintext outside of device. Key backup files are also protected by the master key.
● Authority management
Implementation is based on access authority control, preventing DBA and users with high authority levels from accessing sensitive data. All users of the database must have permission before they can access secretive data.
● Disaster prevention
Supports HA method of backup and encrypted key fragmentation backup, while at the same time also supporting KMIP remote key management.
● Supports multiple algorithms
System uses support for RSA and AES algorithms while simultaneously supporting domestic algorithms SM2, SM3, SM4
■ Transparency and simplicity: Changing application system source code is unnecessary and has no disturbance to the user’s existing structure. Deployment and use does not need to put external factors into consideration.
■ Compliance：Product is nationally recognized and having a model number, and satisfies OSCCA’s relevant guidelines.
■ High key security: Important key storage in within the HSM, resolving the issue of isolation between the database and the keys.
■ High efficiency performance: Cryptographic performance process is within the HSM. It reduces the reliance on the database for calculations.
■ Multiple types of hot backup methods: Sansec’s HSM supports many different types of hot backup methods. In the circumstance that a group of keys are lost, it can use the backup HSM’s keys.
■ Centralized control and management：Provides a comprehensive identity and access management structure.
|SQL SERVER enterprise
||2008 R2 or later
||5.7.11 or later
||10g R2 or later