Concepts

Application

An application, configured on the CipherTrust Manager, contains the necessary settings that are required to protect data. The application includes:

• Name: friendly label to describe the application to be protected.

• Settings: configuration parameters required to initialize and configure CRDP associated to an application.

Refer to Managing Application for details.

Protection policy

Protection policy defines a set of rules that govern the cryptographic operations. The protection policy includes entities such as algorithm, key, IV, access policy name, and character set. Refer to Managing Protection Policy for details.

Access policy

Access policies contain set of rules that govern how the protected data will be revealed based on the username. Each access policy has a default reveal format for any username that is not part of any user set. For CRDP, the CipherTrust Manager administrator can configure access policy to get username from message body of the reveal request or from JWT token.

Refer to Managing Access Policy and Configure User for Access Policy for details.

User set

A user set is a collection of users that you want to grant or deny access to reveal data. User sets are configured in access policies. Refer to Managing User Set for details.

Heartbeat

Heartbeat is a lightweight mechanism that allows CRDP to poll the CipherTrust Manager for any change in configurations. Refer to Heartbeat Configuration

Key Caching

The key caching feature allows CRDP to securely cache a copy of the in-use key that it received from the CipherTrust Manager using the REST protocol. Key caching is limited for the value set in the Key Cache Expiry parameter while creating an application to perform cryptographic operations locally.

See the Key Cache Expiry parameter under the CRDP tab here for details.