Alle 11:30, venerdì 5 marzo 2004, Radu-Adrian Popescu ha scritto:
> We're basically doing it this way: generate a pair of private/public
> keys and save these.
> Then we get sensitive data in from some outside source, use it in the
> processing part,
> then we encrypt it using the public key (obviously) and store it in
> the database. They
> public key lives itself inside the database, because it presents no
> security risk if exposed.
> The private key lives on a separate machine in another physical
> location. So no-one can
> decrypt the data even if gaining access to the server machines.
> Obviously this assumes
> that we do not decrypt the data after using it... Which is something
> rather hard to enforce,
> depending on the application.
>
> If we do need to decrypt the data, we take the encrypted data to a
> safe location, get the private key
> securely and then decrypt and use the data.
That is quite complicated. It looks like what we actually need is a system
like Kerberos (devoted to data encryption "on the fly" instead of user
authentication). The logical schema of Kerberos fits well our model: a
third-party system authenticate and authorize whoever (process or human) that
have to access the data. Just the third party stores the private keys and use
them. All other parties just uses public keys.
Unfortunately, just a community of crypto-specialists can implement such a
mechanism.
See you.
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni@interfree.it
silvanadimartino@tin.it