Encryptio key hardware solution... help :(
From: Stephen O'Sullivan (steve_at_nospam_noway_dontyoudare.net)
Date: 06/27/03
- Next message: BJ Freeman: "Re: IIS and SQL Server on different machines: how to connect with windows security"
- Previous message: --Charles Johnson: "semi-random job failure: 8198"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Jun 2003 14:16:03 +0100
Hi Guys,
We're in the development stage of a Web Services solution that is offering
Credit Card holders who do business online a solution for the processing of
payments and posting of daily files to different acquiring Banks (all the
Global banks). We offer Dynamic Currency Conversion on transactions!!
Anyway enough about what we do, i've got an issue of spec'ing a solution
that provides a Secure and Safe environment where these Credit Card
tansactions can be queried and archived. There will be an online database
(SQL Server) that will store all the information about transaction (amounts,
ID numbers, and of course Credit Card numbers). What i need to do is encrypt
the database fields where the card numbers are stored. All the rest i can
secure using IPSec and DPAPI(as in all processing requests, server
communication, authentication, etc). Now it was proposed we do the 'hardware
solution' route.
We will have an 'Encryption Application Server. This encryption application
server will have a windows service running on the machine under a local
account. This local account will have very low privileges on the machine.
The windows service will host a single remote component, which will provide
methods to protect and unprotect passed data. The data will be protected
using a 2-step process the first step will need to read the encryption key
from a configuration file using the DPAPI Win32 function, it will then use
this encryption key to decrypt the passed data using the 3Des cryptography
algorithm which is provided by the OS. The reasoning for using the 2 step
process is to protect the key that was used to encrypt the data, we do not
want to have to rely on the DPAPI protection alone because if the host
machine or user account became corrupted we would not be able to unprotect
the data again, leaving us with data we cannot use. This leaves us with the
2-step solution where we encrypt using 3Des but we protect the encryption
key using DPAPI on the machine. We will need to keep a backup copy of this
key off site and this should never appear anywhere else in the network,
should be protected using DPAPI once and persisted to a configuration file
on this machine using the user store method. An explanation of DPAPI can be
found here
If we decide to go the route of the hardware solution where a piece of
hardware does the encryption then we will re-use the exact same
infrastructure as described above. It will however mean we do not need to
maintain a key as the hardware will maintain this key, I'm also presuming
the hardware vendor will provide a mechanism to cater for hardware failure
where we would need to replace the hardware if broken with time constraints
etc so that we can access the data.
Regards,
Steve.
- Next message: BJ Freeman: "Re: IIS and SQL Server on different machines: how to connect with windows security"
- Previous message: --Charles Johnson: "semi-random job failure: 8198"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
