Oracle Database 11g: Database and File and SafeNet Enterprise HSM
Oracle Advanced Security, an option to Oracle Database 11g, helps address privacy and regulatory requirements. Oracle Advanced Security provides data encryption and strong authentication services to the Oracle database, safeguarding sensitive data against unauthorized access to the network, operating system or through theft of hardware or backup media.
The secure storage of master encryption keys is the foundation of any robust security solution. The integration of SafeNet Enterprise (formerly Luna SA) hardware security modules (HSMs) with Oracle Advanced Security transparent data encryption (TDE) allows for the Oracle master encryption keys to be stored in the HSM, offering greater database security and centralized key management. The master encryption key never leaves the secure conﬁnes of the HSM. Oracle integrates with SafeNet Enterprise HSM to provide users with a powerful combined Gemalto and Oracle Database 11g Database and File Encryption solution.
The TDE master encryption key is part of a two-tiered key architecture that protects the encryption keys used to encrypt the data. The TDE master key can be stored with minimal security, in software only in an Oracle Wallet (a PKCS#12 formatted ﬁle), or in a highly secure and auditable format in the SafeNet Enterprise HSM. This two-tiered key architecture allows for easy re-keying and high performance.
Resources and Additional Information