DPG Workflow

The following diagram shows how DPG protects and reveals sensitive data. DPG protects data based on the associated Protection Policy and reveals data based on the associated Access Policy in conjunction with the associated Protection policy. Refer to Managing Protection Policies and Managing Access Polices for details.

DPG uses CipherTrust Manager as its Central Manager and trusted Key Manager. Whenever DPG starts, it fetches the configurations, policies, and keys from the CipherTrust Manager. Whenever the policies/configurations are modified, DPG uses the heartbeat mechanism to get the updates from the CipherTrust Manager.

The following sequence of steps summarizes the DPG flow.

1. Client sends the request to the REST API endpoint of the Application Server, as it always has.

2. DPG intercepts the request and PROTECTS/REVEALS the sensitive data, as per configured Protection and Access Policies.

3. DPG sends the transformed request to the REST API endpoint Application Server.

4. Application Server processes the request, as usual, and sends the response back to client.

5. DPG intercepts the response and PROTECTS/REVEALS the data, again, as per configured Protection and Access Policies.

6. DPG sends the transformed response to the client.