About the integration
This guide provides an integration explaining how to integrate an UTIMACO CryptoServer Hardware Security Module (HSM) with Oracle database. UTIMACO HSM is used to securely store the master encryption keys used by oracle database.
Oracle TDE
Transparent Data Encryption (TDE) enables you to encrypt sensitive data that you store in tables and tablespaces.
After the data is encrypted, this data is transparently decrypted for authorized users or applications when they access this data. TDE helps protect data stored on media (also called data at rest) if the storage media or data file is stolen. Oracle Database uses authentication, authorization, and auditing mechanisms to secure data in the database, but not in the operating system data files where data is stored.
To protect these data files, Oracle Database provides Transparent Data Encryption (TDE). TDE encrypts sensitive data stored in data files. To prevent unauthorized decryption, TDE stores the encryption keys in a security module external to the database, called a keystore.
Oracle provides a straightforward method of managing database credentials across multiple domains by using Oracle Wallets. These enable users to update the database credentials, without the need to change specific data source definitions, since the database connection string in the data source definition is resolved by an entry in the wallet.
If the security of the wallets and cryptographic material they contain needs to be enhanced, the Oracle Database needs to be configured to use a Hardware Security Module (HSM). When the HSM module is enabled with the Oracle Database, this strengthens the protection of the wallets.
UTIMACO CryptoServer HSM
CryptoServer is a hardware security module developed by UTIMACO IS GmbH. CryptoServer is a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage as well as store cryptographic keys and data. It can be used as a universal, independent security component for heterogeneous computer systems.
Are you interested in this document?
Simply add it to your collection. You can request access to this and other documents in your collection all at once via the blue basket on the right.