Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Administration

search

Please Note:

Administration

One of the biggest barriers to enterprises securing their data is the lack of security knowledge required and the need to rewrite code. With the introduction of CipherTrust Data Protection Gateway (DPG), we plan to simplify data protection.

With DPG in picture, enterprises can protect any sensitive data which is incoming or outgoing from a cloud-native application via REST API.

DPG is designed from the ground up to seamlessly fit with existing cloud-ready applications. It is deployed as a sidecar and performs cryptographic operations transparently on behalf of the application. The application never has to know about encryption. Best of all, no code changes are necessary.

DPG allows enterprises to centralized configure their cryptographic policies in a reusable, human-readable way and to deploy data protection that fits seamlessly within their native cloud deployment.

When a client sends a request to the application server and then receives a response, the JSON payload can contain sensitive information such as credit card numbers. This information is vulnerable to unauthorized access. Based on configured policies, DPG can secure the sensitive data in the payload sent to the application server and returns the ciphertext or plaintext. DPG transparently protects sensitive data without modifying the application.

Prerequisites

Make sure that CipherTrust Manager is up and running. Refer to CipherTrust Manager Deployment for details.

Specifications

Supported Algorithms

FPE/AES

  • FPE/AES/CARD10

  • FPE/AES/CARD26

  • FPE/AES/CARD62

  • FPE/AES/UNICODE

Note

For FPE/AES, DPG does not support data length greater than block size defined for the cardinalities. For details, refer to the Cardinality Block-Size Table.

FPE/FF1

  • FPE/FF1v2/CARD10

  • FPE/FF1v2/CARD26

  • FPE/FF1v2/CARD62

  • FPE/FF1v2/ASCII

  • FPE/FF1v2/UNICODE

FPE/FF3

  • FPE/FF3/CARD10

  • FPE/FF3/CARD26

  • FPE/FF3/CARD62

  • FPE/FF3/ASCII

  • FPE/FF3/UNICODE

AES

  • AES/CBC/NoPadding

  • AES/CBC/PKCS5Padding

  • AES/ECB/NoPadding

  • AES/ECB/PKCS5Padding

Supported Data Types

DPG protects data that is transferred via REST API within the JSON request and response messages and query params in the request URL.

Supported Encoding Method

DPG only supports UTF-8 character set range. Any characters outside the configured character set range are preserved in the output.

Supported Environments

DPG is a standard Docker image and, as such, can be deployed in any Kubernetes environments or as a standalone Docker Container.

Licensing

DPG is licensed per REST API endpoint configuration. Licenses for DPG are part of the CipherTrust Flex Connector Advanced. For details, refer to DPG Licensing Model.