D.AMO
Optimized encryption frameworks
Why Database Encryption Is Essential
A database should utilize quality encryption technology to protect critical data of a company from attempts of threatening information leakage through various attack techniques. In addition, to encrypt the database, database encryption technology needs to be tailored to fit the operating environment of each company.
D.AMO classifies the IT system into each layer to apply the optimized database encryption solution. Depending on the operation environment, Penta Security finds the best solution to guarantee both performance and security without compromise. In addition, it provides the optimized solution for secured encryption key management, which is considered to be a key element for security in this day and age.
What Makes D.AMO Your Optimal Choice
For companies that are considering deploying encryption technology, D.AMO is the ideal choice of database encryption solution suitable for any operation environment.
Since the 1990s, as various encryption technology concepts such as API, PLUG-IN, and Hybrid emerged, D.AMO has refused to use one specific encryption technology only, and instead applies an optimized encryption technology for each customer’s environment.
Penta Security offers various product families to apply optimized performance and security according to the customer’s system architecture.
Products Available
D.AMO offers four product families based on the data processing type by IT system layer structure:
- D.AMO Application Level Encryption products
- D.AMO System Level Encryption products
- D.AMO Network Level Encryption products
- D.AMO Key Management products
Introduction
D.AMO KE is the OS level volume encryption solution of D.AMO, which is the No. 1 DB encryption solution in Korea. In addition, it interworks with the SG-KMS, which is the encryption key management server that satisfies the security requirements of DB encryption products for the National Intelligence Service, providing more secured key management service.
Product Features
Volume encryption by using the encryption algorithm certified by the National Intelligence Service (creating the virtual volume at the OS level)
Access Control
Access control by server OS account, client IP, time, and process
Secured Key Management
Interworking and management of key through D.AMO KeyManager, an exclusive key management server
Audit and Log
Logs success/failure of encryption/decryption and access trials
Audits users and systems
Features
Stability
- Encryption at the kernel level does not allow manipulation
- Secure from malicious codes
- Protected from physical theft
- Prevents key leakage by using the exclusive key management server
- Compatible with the operating system (Microsoft WHQL-certified)
Easy to Install and Operate
- Applicable without changing applications or queries
- Installation is completed within 1 hour (excluding initial encryption, Windows installer-type)
- Simple and easy operation with an intuitive integrated UI
Fast encryption/decryption performance
- Fast encryption/decryption at the kernel level
- Guarantees fast performance by encryption in the unit of the file page (file encryption/decryption is not executed in the unit of the file)
Product Features
- Strict privilege control by separating the privilege of DBA from that of security administrator
- Application-independent (installation and operation without modification of application)
- Allows efficient encryption by selecting important data and encrypting by column
- Supports index column encryption through partial encryption
- Access control to the encryption column by DB account/IP
- Supports HASH for encryption of authentication information (such as password)
- Supports log forgery and modulation
- Supports audit for encryption columns
Features
- Separates the privilege of DBA from that of security administrator and controls access
- Provides an access control feature that allows only authorized users to access the encrypted data – Even a DBA cannot decrypt the encrypted data if the DBA is not authorized by the security administrator
Application-independent
Supports selective encryption through encryption by column
It can encrypt the desired columns when the columns should be used in the real environment. The difference of performance before and after encryption is within 10%
Performance Difference Less Than 10% When View or Renew Data After Encryption Using Index
Keeps the order of encrypted data and supports index search
Supports features to maintain existing data structures and to search indexes (matches and ranges) through partial encryption of specified ranges
D.AMO SG-KMS (Key Management Server)
MySQL, Altibase ETC.
Introduction
D.AMO DP (DBMS Package) is a DB encryption solution that is provided as an easy-to-install/use package.
Product Features
- Provides efficient encryption features by managing the security policies
- Provides two encryption modes according to the customer environment(VTI Mode and API Mode)
- Allows efficient encryption by selecting important data and encrypting by column
- Controls access to the entire DB and encryption columns by DB account/IP/MAC/application/time band
- Audits the tasks in the unit of encryption column
- Efficient log management feature through the integrated log management tool
- Powerful 3-tier encryption key system
- Supports secured key management through an additional appliance
- User-friendly UI
Features
- D.AMO DP supports both VTI encryption mode and API encryption mode
VTI (View/Trigger Interface) Mode
– A mode that encrypts data by using View and Trigger (changing the names of encryption tables and columns)
API (Application Programming Interface) Mode
– A mode that encrypts data without View and Trigger (no changes in the names of encryption tables and columns)
- Strict privilege control by separating the privilege of DBA from that of the security administrator
- Selectively encrypts the important data in the DB by column
- Non-interruptive encryption
Some service delays may occur when converting the encryption table to the service table
Details
Supported DBMS
ORACLE, SQL Server ETC.
Introduction
D.AMO BA-SAP is a DB security solution optimized for the SAP environment through partnership with SAP, preventing data leakage through encryption and decryption of critical information and key management by using proven, internationally-certified algorithms. In addition, it provides the best security and performance by satisfying the security requirements of DB encryption products for the National Intelligence Service.
Product Features
- Encryption/Decryption
- Safe key management in compliance with Korean and International Standards (PKCS #1, #8,TTAS.KO-12.0004/R1, etc.)
- Improved convenience by auto-creating a convention exit that executes encryption/decryption
- Excludes specific data from encryption/decryption by setting the Rule Function condition
- Automatically creates and allocates the execute privilege object
- Supports tools for correction and verification of encryption
- Supports data masking
- Supports a feature to search the encryption target
- Searches the encryption target by using Source Scan for the developed item such as the CBO program or Function.
- Searches the encryption table for the domain to encrypt in accordance with the Where Used List.
- Supports auto-decryption when the encryption setting is reset
- Encrypts transmission data (SAP SNC-certified technology)
- Supports index search for the encrypted data
- Supports partial encryption
- Supports index search of the encrypted column (match search, range search) by using partial encryption, which encrypts a specific range of data
- Full-Scan prevention
- Provides the initial migration tool
- Supports batch encryption of large data (improving performance through parallel processing)
- Guarantees less than 10% of latency to download the encrypted data as Excel comparing to data as general text
Access Control
- Access control by issuing and verifying the authentication key
- Controls access to the key management server by the IP of the accessing server
- Controls access and permission by user
- Encrypts transmission data (SAP SNC-certified technology)
- Supports batch upload of users who will receive permission (feature for convenience)
High Availability
- Supports load balancing
- Supports automatic policy synchronization between HA systems
Features for Convenience
- Manages various logs and audit records (duplexed storing to prevent data forgery and modulation)
- Provides intuitive statistics and reporting features
- Supports backup policies in compliance with related laws and regulations
- Supports a real-time view for the encryption system
- Encryption solution optimized for the SAP ERP environment
- No changes of filed size and data type in the SAP environment after encryption
- More reliable security based on SAP SNC certificates
- Completely cuts off data leakage by encryption algorithms, and key management proven domestically and internationally
- Satisfies the security requirements of DB encryption products for the National Intelligence Service
- Supports security audit and policy management through intuitive GUI
- Applies secured encryption as preserving the data format (properties and length)
Format Preserving Encryption (FPE) operating mode
Patent-registered Format Preserving Encryption (Patent Registration No. 101106604)
- Protects critical information assets through complete encryption in the SAP environment
- Meets technical requirements for data protection
- Meets compliance issues, D120+E120 including the privacy protection act
- Stable data operation with the experience and technology of D.AMO
Format Preserving Oneway Encryption (FPOE) operating mode
Format Preserving Oneway Encryption (patent-pending)
- Uses the oneway encryption (decryption is not available)
- Certified encryption algorithm + FPOE operating mode
- Data created with FPOE is used as a token and saved in the customer DB
- Encrypts and saves the personal information and token in D.AMO SG-KMS
Product Specification and Configuration
SAP Agent (iSECURE)
An agent that is configured in the SAP Application Server communicates with D.AMO SG-KMS and processes events, providing convenient features through the SAP GUI, encryption/decryption permission setting, and encryption/decryption request to SG-KMS
Encryption/Decryption and Key Management Server (D.AMO SG-KMS)
- Integrated management of encryption key and log
- Encrypts/decrypts and stores personal information
- Creates and stores the token (personal information identification data)
- Provides GUI-type management tools
Introduction
D.AMO BA-SCP is an API-type DB security solution that uses the API installed in the application server to encrypt data and then sends queries to the DBMS. It minimizes the encryption/decryption load upon the DBMS and offers superior compatibility with various OSs and DBMSs.
Product Features
Safer Encryption Algorithm
Uses the self-developed encryption module certified by the National Intelligence Service(CIS-CC) Certified by the Federal Information Processing Standards (AES, TDES) Supports all domestic and international standard algorithms (SEED, ARIA, AES, TDES, SHA, BLOWFISH, etc.) D.AMO SCP Agent provides various interface modules according to the language used to implement the application Provides powerful compatibility by using an identical encryption engine for each module, of which the interface is different from the others.
Authentication and encryption key management using additional systems
D.AMO SG-KMS and D.AMO SCP Agent execute the authentication processes by using the mutual authentication protocol and share the encryption key. D.AMO SCP Agent saves the shared encryption key in the cache memory to increase the processing speed and system efficiency.
DBMS Load Balancing
As encryption/decryption is performed at the application level, the load on the DBMS server for encryption is balanced by the application.
Supports indexing and selective encryption of the index column
Keeps the existing Index Search after encrypting the index column No changes of application with encryption Supports index search of the encrypted column (match search, range search) by using partial encryption
Supports batch encryption of large data
Batch encryption of large data means that the DBMS exports the data as a file format and then encrypts the file to save in the DBMS The speed is very fast because batch encryption is not processed by the DBMS but by the
application Load caused by batch encryption on the DBMS is lown
Developer Convenience
Provides functions and libraries based on various programming languages for more convenient development Provides API functions to apply products with the least modification.
Features
Guarantees excellent performance and stability in network sections
No additional load is placed on the existing DBMS because encryption/decryption is performed in an additional application server, not in the DBMS Guarantees stability by transmitting encrypted data between the application and the DBMS
Provides developer convenience with various libraries
Provides various functions for data encryption/decryption service and various API libraries including C, JAVA, PHP, and ASP, maximizing convenient implementation of the product in various developer environments
Powerful key management and administrator authentication
Dual encryption of encryption/decryption key by using the Hybrid encryption method Supports powerful key management with additional H/W (when D.AMO KeyManager is applied)
Supports various algorithms and environments (flexibility and scalability)
Supports Korean and international standard encryption algorithms (RSA, 3DES, AES, SEED, ARIA, SHA, etc.)
Supports all application development environments (C, Java, etc.) and all types of DBMSs (Oracle, Altibase, MSSQL, DB2. etc.)
Secured data interworking between heterogeneous DBMSs even with different data encryption keys
Installing D.AMO SCP Agent allows integration of the management target DBMS to the existing encryption management system
Product Configuration
D.AMO SCP Agent (for the application server)API encryption module software that is installed on the application server to encrypt/decrypt data on the application
To establish an encryption system, the API-type D.AMO SCP Agent is installed in the application server to encrypt/decrypt the DB. When configured, the D.AMO KeyManager manages the encryption/decryption keys and policies.
D.AMO SG-KMS (Key Management Server)
- Manages all encryption/decryption keys and policies
- Processes the requests related to the key and saves the logs
- Web-based GUI console
Introduction
D.AMO DA is an API-type DB security solution that encrypts the data by using the API installed in the DBMS server. It minimizes the encryption/decryption load upon the DBMS and offers superior compatibility with various OSs and DBMSs. Find out more about application level encryption.
Product Features
Encryption/Decryption using a secured encryption algorithm
- Uses the self-developed encryption module certified by the National Intelligence Service (CIS-CC)
- Certified by the Federal Information Processing Standards (AES, TDES)
- Supports all domestic and international standard algorithms (SEED, ARIA, AES, TDES, SHA, BLOWFISH, etc.)
- D.AMO DA Agent provides various interface modules according to the DBMS.
- Provides powerful compatibility by using an identical encryption engine for each module, of which the interface is different from the others.
Authentication and encryption key management using additional systems
D.AMO SG-KMS and D.AMO DA Agent execute authentication processes by using the mutual authentication protocol and share the encryption key.
D.AMO SCP Agent saves the shared encryption key in the cache memory to increase the processing speed and system efficiency.
Supports indexing and selective encryption of the index column
- Keeps the existing Index Search after encrypting the index column
- No changes of the application with encryption
- Supports index search of the encrypted column (match search, range search) by using partial encryption
Supports batch encryption of large data
- Batch encryption of large data means that the DBMS exports the data as a file format and then encrypts the file to save in the DBMS
- The speed is very fast because batch encryption is not processed by the DBMS but by the application
- Load caused by batch encryption on the DBMS is low
Developer Convenience
Provides functions and libraries based on various programming languages for more convenient development Provides API functions to apply products with the least modification
Features
Powerful key management and administrator authentication
- Dual encryption of encryption/decryption key by using the Hybrid encryption method
- Supports powerful key management features with additional H/W
Supports various algorithms and environments (flexibility and scalability)
- Supports Korean and international standard encryption algorithms (RSA, 3DES, AES, SEED, ARIA, SHA, etc.)
- Supports all application development environments (C, Java, etc.) and all types of DBMSs (Oracle, Altibase, MSSQL, DB2. etc.)
- Secured data interworking between heterogeneous DBMSs even with different data encryption keys
- Installing D.AMO SCP Agent allows integration of the management target DBMS to the existing encryption management system
Product Configuration
D.AMO DA Agent (an agent installed in the DBMS)
D.AMO SG-KMS (Key Management Server)
- Manages all encryption/decryption keys and policies
- Processes the requests related to the key and saves the logs
- Web-based GUI console
D.AMO DA Configurations
- Manages all encryption/decryption keys and policies
- Processes the requests related to the key and saves the logs
- Web-based GUI console