Data Protection
IPI Enterprise Server – Data protection
What is the purpose of Data Protection?
Data Protection solves the problem of secure data storage in the database (DB).
What confidential data is stored in the DB?
The database stores Device Keys – encryption keys that provide access to the information stored on the Security Key. Passwords and OTP Secrets that are awaiting transfer to devices are also temporarily stored in the DB. Passwords to the “Shared Account” are permanently stored in the database. If Data Protection is turned off, all passwords and keys are stored in plain text. If you have a Device Key and the device itself, you can read all the content of the Security Key memory.
Do I need to enable Data Protection?
First of all, you need to evaluate which employees have a direct to potential access to the server database. If some of them should not have access to the sensitive data listed above than Data Protection must be enabled. Please also note, that the data can be physically read from the HDD/SDD on which it is stored. It is necessary to consider the possibility of both software and physical access to the data. In some cases, for example, if the web application and the database server are running on the same physical server that can be accessed by a limited number of trusted people, then Data Protection can be omitted.
How does it work?
All the confidential fields in the DB are encrypted using the AES-256 algorithm.
The master encryption key is stored in the DB. To protect the master key itself it is encrypted by the certificate installed in the system. You can generate a new certificate file in .pfx format on this page or use an existing one. The master key is decrypted at server startup and stored in the server’s RAM. If the server reboots the master key is loaded from the DB and decrypts using the installed certificate. Other protected data decrypts on the fly by the master key.
At any time, the certificate can be replaced.
Risks and best practices
The main risk of Data Protection use is the loss of the certificate. In such a case, you lose access to the encrypted data on the server, as well as access to all the data on all of your Security Keys. All the devices will have to undergo manual reset procedure with full memory wipe, and then to be bonded again with the employees. All the accounts should be added to the devices from scratch. Therefore, we recommend that the Data Protection certificate and the password for its private key should be backed up.
If for some reason you lose your IES server, but you have a database backup, then you can restore the server only if you have a data protection certificate and a password for its private key.\
If the certificate backup or the password to it has been lost, but the server continues to operate normally, then you can install another certificate and re-encrypt the data.
It is recommended to use multiple servers (primary and backup). In this case, the certificate must be installed on each of them and the risk of losing it will be minimal.
An update of the Data Protection certificate should be done according to the company’s information security regulations.
Last updated