DPG Workflow

The following diagram shows how DPG protects and reveals sensitive data based on PROTECT and REVEAL configuration within Protection Policies. Refer to Creating Protection Policies for details.

DPG uses CipherTrust Manager as the trusted Key Manager. Whenever DPG starts, it fetches the configurations, policies, and keys from the CipherTrust Manager. DPG also fetches the latest configurations/policies from the CipherTrust Manager whenever the configurations/policies are modified.

The following sequence of steps summarizes the DPG flow.

1. Client sends the request to the REST API endpoint of the Application Server, as it always has.

2. DPG intercepts the request and PROTECT/REVEAL the sensitive data based on the configured policies.

3. DPG sends the transformed request to the REST API endpoint Application Server.

4. Application Server processes the request, as usual, and sends the response back to Client.

5. DPG intercepts the response and PROTECTS/REVEALS the data based on the configured policies.

6. DPG sends the transformed response to the client.