Eruces Data Security has secured a patent for its three-step encryption and key management scheme, which is designed to lock down data through its lifecycle.
The security firms so-called Tricryption technology first encrypts the data itself with symmetric keys, and then encrypts the keys and stores them in a central key repository. It also encrypts the links between the data and the keys.
It stores the keys separately from the data items and encrypts the links between them, says Oggy Vasic, senior vice president of software development for Eruces.
Vasic says Tricryption is different in that it centralizes key management for different types of encrypted data, including file, database, and storage, and it applies individual access control lists for each key to determine how a key is used, who can use it, when they can use it, and how often, for example. So when a client requests a key, its then authenticated using LDAP, PKI, Active Directory, or other authentication methods, as well as authorized based on its access rights, he says.
The authentication and authorization part of the key process is aimed at protecting data from outside attacks as well as for preventing insider attacks, such as a malicious employee snooping into the database or siphoning information off of a storage device, he says.