Data Encryption
The TIBCO ActiveSpaces security API allows you to define encrypted fields in a space.
When data is put into a field that is defined to be encrypted, the data is encrypted while it resides in memory in the data grid and when it is persisted with shared-nothing persistence.
Certain types of fields in a space should not be encrypted. Do not encrypt fields that are used:
Suppose that you need to protect the social security number of patients admitted to a hospital. You could store the social security number in an encrypted field to ensure that the social security number cannot be accidently read while it is stored in memory in the data grid or stored using shared-nothing persistence. You can use the patient's name or admission ID as a key for the space and search for their name or admission ID to later retrieve their social security number.
To allow encryption to be used when defining the fields of a space using any of the TIBCO ActiveSpaces language APIs, set the following for the security domain in the security policy file:
data_encryption=true
If you try to define an encrypted field in a space when the data_encryption setting is set to false, ActiveSpaces throws an exception.
The data_encryption setting in a security domain is used in conjunction with the following methods to specify that the contents of a field should be encrypted:
- Java
- FieldDef.setEncrypted(boolean)
- C
- tibasFieldDef_SetEncrypted(tibasFieldDef fieldDef, tibas_boolean secured)
- .NET
- FieldDef.Encrypted
The data stored in an encrypted field is encrypted with a symmetric data encryption key that is generated when a security policy file is created. The data encryption key is always unique for each security domain and is stored encrypted under the domain's identity.
The security domain controllers pass the data encryption key to each security domain requestor so that all security domain requestors can encrypt and decrypt the data of encrypted fields in a space.