Database Encryption Gateway

PRODUCT OVERVIEW

Database Encryption Gateway is a basic cryptographic device designed for database security. It can prevent data leakage, external hacker attacks  and theft of database data by internal high-privileged users.

Database Encryption Gateway uses cryptography technology to encrypt and protect sensitive data; It sets encryption-based permission controls for encrypted data that are independent of the database, restricting users from performing operations on encrypted data; It protects the security of the entire lifecycle of encryption keys through centralized key management.

FEATURES

Sensitive data identification

Own a built-in sensitive information recognition rule library and recognition engine, supporting automatic recognition of sensitive data in the database to assist users in formulating database encryption rules.

Multiple application deployment modes

Support various encryption modes such as gateway encryption mode, JDBC encryption mode, and table-space encryption mode. Users can choose the appropriate application deployment mode according to their own needs.

Database confidentiality protection

Based on database transparent encryption technology, sensitive data is encrypted automatically before being written to the data table and decrypt before being returned. The encryption and decryption process is performed by calling the Gateway at the logical level of the database.

Encryption based permission control

Support database-independent, encryption-based permission control, which can restrict database users from performing encryption and decryption operations on encrypted data, and can also restrict access to encrypted databases based on environmental factors such as client IP, client name, and time.

Advanced features

Support cipher-text index, allowing indexes to be created on encrypted fields to accelerate query performance.

Support format-preserving encryption, where the cipher-text retains the same format as the original data, making it highly suitable for encrypting data that is sensitive to format.

Integrity Protection

Support the integrity protection and validation of data and files within the database.

PRODUCT ADVANTAGES

Application without modification

Achieve confidentiality and integrity protection of sensitive data in the database without modifying the application program.

Key security

Ensure key security with dedicated hardware cryptographic modules.

Centralized key management can effectively reduces the complexity of key management. The product also supports integration with third-party key management systems.

Safe and reliable

Support fine-grained permission control based on independent databases, support dual active deployment, support cold backup and restoration, to ensure high availability of cryptographic operations.