본문바로가기

Petra Cipher

DB encryption solution PETRA CIPHER encrypts sensitive information
such as personal information to prevent leakage and loss.

a database encryption solution

PETRA CIPHER

Petra Cipher is a database encryption solution that protects the asset and brand value of companies and
prevents the loss of important data through encryption. It complies with security-related legislations and
compliances including the Personal Information Protection Act and the Standards for Measures to Secure Safety of Personal Data.

Petra Cipher also ensures the availability of the system by analyzing possible issues from encryption in
advance and supports highly confidential, integrity, and stable services through advanced technology such as
triple redundant key servers and prevention of double encryption.

Related Legislations & Compliance

Personal Information Protection Act
Article 24 (Limitation to Processing
of Personally Identifiable Information)

A personal data controller who processes personally identifiable information pursuant to each subparagraph of paragraph (1) shall take measures necessary to ensure safety, including encryption, as prescribed by Presidential Decree so that personally identifiable information is not lost, stolen, exposed, forged, altered, or damaged.
Article 24-2(Limitation to Processing of Resident Registration Numbers)

Notwithstanding Article 24(3), a personal data controller shall take measures necessary to ensure safety, including encryption, as prescribed by Presidential Decree so that resident registration numbers are not lost, stolen, exposed, forged, altered, or damaged.
Standards for Measures to Secure Safety of Personal Data
Article 7 (Encryption of Personal Data)

A personal data controller shall encrypt and save personally identifiable information, passwords, and biometrics information when transmitting and receiving via a telecommunications network or sending via external memory.

A personal data controller shall encrypt and save passwords and biometrics information: Provided, that passwords shall be one-way encrypted and saved to prevent decryption.

A personal data controller shall encrypt and save personally identifiable information in the internet section and the demilitarized zone (DMZ) of the internal network and internet section.

A personal data controller shall determine the application and scope of encryption for the following subparagraphs when saving personally identifiable information in the internal network:

1. The result of the privacy impact assessment, if the government institution is subject to the privacy impact assessment pursuant to Article 33 of the Personal Information Protection Act; and

2. The result of risk analysis when not encrypted

A personal data controller shall encrypt and save personal data pursuant to paragraphs (1), (2), (3), or (4) of these Standards using a safe encryption algorithm.

A personal data controller shall encrypt and save personally identifiable information using a safe encryption algorithm or commercial encryption software when saving and managing them on a work computer or mobile device.

A personal data controller shall encrypt and save personally identifiable information using a safe encryption algorithm or commercial encryption software when saving and managing them on a work computer.
Standards for Administrative and Technical Measures of Personal Data
Article 6(Encryption of Personal Data)

The information and communication service provider shall one-way encrypt passwords and save them to prevent decryption.

The information and communication service provider shall encrypt and save the following data using a safe encryption algorithm:

1. Resident registration number

2. Passport number

3. Driver’s license number

4. Alien registration number

5. Credit card number

6. Account number

7. Biometrics information

Key Features

Safe key generation and management

  • Generates safe initial keys, and encrypts and saves generated data keys
  • Safely manages keys by setting expiration dates

Strict access control and log management

  • Applies access control with multiple conditions such as database accounts, IPs, and system names
  • Provides log management and query screen on the history of decryption and encryption

Perfect linkage with database access control (Petra)

  • Provides integrated UI for consistent rule management of database user control
  • Controls decryption and encryption based on the user’s IP if the user passes through database access control

Prevents query of large data decryption

  • Prevents large data exposure by controlling the volume of data decryption

Full encryption and partial encryption in the unit of a column

  • Encryption setting in the unit of a column
  • Partial encryption with just a column of a specific position

Dual redundant key management servers and local key management

  • Maintains the service through dual redundant key servers even during active server failure

Strengths

  • High-performance and high-functioning APIs

    • Ensures efficient management after encryption by providing separate APIs for session settings and saving logs

  • Stable deployment support

    • Supports triple redundant key management servers (dual redundant key servers + Local key management)
    • Uses pre-apply mode verified at numerous clients

  • Database access control and encryption linkage

    • Provides integrated UI for consistent rule management of database user control

Petra Cipher Configuration Diagram

Plug-In

  • Installs encryption/decryption libraries in the database server
  • Encrypts without modifying the application
  • Maximizes performance using C-based formulas and minimizes PL/SQL logic

API

  • Installs encryption/decryption libraries in the application server
  • Provides various APIs such as Java, C, JAVA, and PL/SQL to be compatible with applications and batch processing
  • Provides encryption for heterogeneous DBMS independent of DBMS

Deployment Cases