| |
Crypto-Edition is a special and secure encryption tool for clients.
The encoding process is carried out column per column for selected columns. The data is saved in the form of encoded text fields in the data base, thus, it is not the coding of the data base system itself that is being used.
This makes it possible to avoid a loss of performance as the server does not decode the data block per block and does not have to send the decoded data back to the clients using an encoded connection.
Easy and fast decoding
The special characteristic of this type of coding consists in the fact that the encoded data may only be decoded on selected hardware and on such only with a password or assigned chip cards. The data is exclusively decoded on the clients, the AES 256 bit master key is saved neither in the data base nor on the client. Thus, data transfers to the server cannot be observed by strangers as only encoded data is transferred. The master key is encoded with hardware information of the respective client as well as, if applicable, with a key saved on a chip card.
Both the password and the chip card have to be read into the system only once per system reboot. To prevent brute force attacks on passwords, the password itself is not used directly but instead the 1000-fold SHA512-Hash-value is calculated. Due to this calculation it is not possible to try more than 10 passwords per second – without this method several thousand tries could be executed every second. This calculation process may not be shortened and, thus, also offers a maximum level of security for passwords.
System Requirements
Crypto-Edition and Cryptoruntime
Intel Pentium ab 500 MHz bzw. gleichwertiger AMD-Prozessor
Main memory: 50 MB
Hard disk storage space: 10 MB
Operating system: Windows XP, Windows Vista, Windows 7, Windows Server 2000, 2003, 2005, 2008, 2010
DBMS: User credentials for read access must be available.
Oracle since Version 8.1: User, Password, Service
IBM DB2 since Version 7: User, Password, ServerIP
MsSQLServer since 2000: User, Password, Server
MsAccess since 2003: Directory and name of the MsAccess-Database
MySQL since 4.1: User, Password, Host, Port
SQLite since 3.6: Directory and name of the SQLite-Database
For access via ODBC the required ODBC drivers must be installed.
|
|
Features
Fast 256-bit AES encryption, regardless what is the database system being used
Encryption and decryption only on the client, not impact to the server load
Client / server data is not encrypted and decrypted the data, therefore not needed computationally intensive encrypted connection between client / server
Manipulation of records by record-encrypted hash
Master-key is never stored in the database, the decryption-key only available in the main memory of the client
Inclusion of stable hardware information in the client-specific encryption
Encryption and decryption only to authorized clients - hedge against data theft - Columns of data encryption, for desired columns
Brute-force attacks on the password by approximately 0.1 seconds of calculation time of the final key is extremely difficult
No overhead for encryption, because when comparing and decrypt only a Encrypt-YES parameter to be expanded the storage and display the function
Renaming of file not possible
Crypto-Edition available for Oracle, DB2, MySQL, MsSQLServer, MSAccess |
|
|
