Integration
This section details the CipherTrust Vaulted Tokenization (CT-V) and System Application and Products (SAP) integration, also known as SAPTM. The integration of CT-V in SAP environment extends its capabilities of data tokenization while preserving the original data.
It covers the following topics:
Solution Overview
SAPTM enables the SAP system to receive the tokenized version of data (token) for use. This tokenized version of data is used to retrieve original value on request. All tokenized data and the original value is encrypted by the Key Manager and stored in the token vault database.
SAPTM offers the following benefits to a SAP user:
Proven Data Protection: Secure structured sensitive data with transparent, application-level tokenization.
Format Preservation: No changes required to databases and no modification to SAP standards.
Scalability: Fast and easy deployment as well as the ability to leverage bulk tokenization and batch APIs.
Centralized and Streamlined Data Security: Works with the Key Manager to provide centralized administration of all keys and policies.
Access Control and Authorization: Granular access controls to ensure only authorized users or applications can view protected tokens and data.
Ensure Compliance: Comply with internal security policies and regulatory mandates.
Below diagram illustrates the steps involved in CipherTrust Vaulted Tokenization integration with the SAP system:
Solution Components
This section presents an overview of the three main components that work together for SAPTM. The individual components are described below:
System Application and Products (SAP)
System Application and Products (SAP) provide customers with a common corporate database for a widespread range of applications including Web Interfaces. This helps in curbing the damaging effects of complexity. SAP R3 system runs on a number of platforms and makes use of the client/server model.
CT-V
CT-V is a data tokenization application written in Java that can be run as a web service or an API. CT-V consists of the following:
Tokens - Unique values created to take the place of valuable plaintext (e.g., credit card numbers, email addresses) normally stored in your database. Tokens are the same data type as the plaintext. Credit card numbers can maintain whitespace and dashes used for formatting. Email addresses maintain ‘@’ and ‘.’ characters. Valid dates remain valid dates. Tokens can be any length allowed by your database.
Token Vaults - Tables that store tokens with their associated ciphertext. There can be multiple token vaults in a database. All tokens in a vault must use the same token format.
A Key Table - The table that maps token vaults to encryption keys; one key table per database.
A Java API - Offers public methods to create, retrieve, delete tokens, and create token formats.
A Java Web Service - Offers the ability to create, retrieve, and delete tokens, and create token formats through a web service.
Key Manager
The Key Manager appliance enables organizations to leverage a range of disparate software and hardware-based encryption products, while gaining the efficiency and security benefits of having all keys stored on a centralized, hardened security appliance.
The Key Manager offers robust capabilities for managing cryptographic keys across their entire lifecycle, including key generation, key import and export, key rotation, and much more. The Key Managers can be integrated through open APIs with virtually any off-the-shelf encryption product, including database encryption, laptop and device encryption, file and storage level encryption, and more.
