Transparent Data Encryption (TDE)

Oracle Advanced Security – TDE (Transparent Data Encryption )


This is one of the advance feature of security, where Encryption is done automatically when written to the database file and transparently decrypts the data when accessed inside the database.
Files are secure from unauthorized access at the OS level, discarded disk drives and off-site backup media.[Adopted from Oracle Documentation]
Network encryption transparently encrypts all SQL*Net traffic between the Oracle EBS and the database.
Oracle Advanced Security supports both industry standard Secure Sockets Layer (SSL) encryption and an Oracle native encryption capability for customers that do not want to deploy X509 Public Key Infrastructure (PKI) certificates.
Traditional access controls including those enforced by Database Vault, Label Security and Virtual Private Database (VPD) also apply and so data will not be decrypted until the users are authenticated to the Oracle database.
TDE column encryption can be used to protect individual columns in application tables containing credit card numbers or other personally identifiable information (PII).
TSE

dgreybarrow Scenarios
You are told to explore the options for implementing Oracle Advanac Security Option(ASO) in Oracle financial application. Probally you might have these questions in mind?
  • What tool or function , should needed and how this handle with advance options?
  • Does this tool encrypt the table column in the database at all time and only decrypt the table column?
  • Is that needed through Oracle Financial or any OracleApps UI or is sitting standalone inside/outside application?
  • Is there any different treatment for some sensetive data like Credit card, Bank Account and or SSN values ?
In above senarios , you might have a similar requirement to encrypt the SSN value in an Oracle table at all time and only make it viewable(decrypted) when a authorized user via Oracle financial application tries added or update a record to database.
If you already aware about TDE , then you should not have much issue in doing fitment . Fundamentally the TDE have functionality is the same irrespective of the application. It's encrypts the column data at rest meaning in the storage it is kept encrypted, to protect the data in the event of stolen storage or when someone has direct access to the storage disks. Database automatically decrypts the data for whoever got privilege to access to this data, say SELECT privilege.

The best place is to start with Oracle documentation and get the details/
If you are doing with existing data value of Oracle Financial ref to these note in metalink that will be helpful.
  • Doc ID 862708.1 : R12 - Customer's Taxpayer ID and SSN On Customers Form Need To Be Encrypted
  • Doc ID 403537.1 : Best Practices For Securing Oracle E-Business Suite Release 12
  • Doc ID 828229.1 : Using TDE Tablespace Encryption with Oracle E-Business Suite Release 12
  • Doc ID 863053.1 : How To Encrypt Credit Card Data In Release 12
  • Doc ID 732764.1 : Using TDE Column Encryption with Oracle E-Business Suite Release 12
  • Doc ID 1301337.1 : How To Enable Oracle Payments Data Encryption Functionality
If you are looking the for the possiblity to encrypt and decrypt data using triggers or some other database object without changing an application, then probally you can use the the dbms_obfuscation_ toolkit within a trigger.



No comments:

ORA-00059: Maximum Number Of DB_FILES Exceeded in 19C database

When I am adding datafile to my 19C database facing the below error. SQL> alter tablespace DATA  add datafile '/u01/data/data15.dbf...