Database encryption helps address compliance requirements associated with public and private privacy and security mandates such as PCI and California SB1386. Oracle Database Transparent Data Encryption (TDE) encrypts data that is stored in an Oracle database and decrypts data retrieved from an Oracle database.
Oracle Advanced Security TDE column encryption was introduced in Oracle Database 10g Release 2, enabling encryption of application table columns such as credit card and social security numbers. Oracle Advanced Security TDE tablespace encryption and support for hardware security modules (HSM) were introduced with Oracle Database 11g.
The SafeGuard CryptoServer is the HSM developed by Utimaco Safeware, i.e. a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage cryptographic keys and data. In a SafeGuard CryptoServer security system security-relevant actions can be executed and security relevant information can be stored. It can be used as a universal, independent security component for heterogeneous computer systems.
The Oracle Database server master key is an encryption key used to encrypt secondary keys used for column encryption and tablespace encryption. This key is stored inside and secured by the SafeGuard CryptoServer.
The SafeGuard CryptoServer has been certified with Oracle Advanced Security Transparent Data Encryption to provide an even higher level of security. The industry-standard API PKCS#11 is used to integrate the Oracle Database TDE with a SafeGuard CryptoServer solution.