Data protection
Protegrity
3 min
this document provides information about configuring our hsms with the protegrity data security platform by using pkcs #11 libraries for additional questions related to your hsm, see the relevant administrator guide application description the protegrity data security platform uses many keys to protect your sensitive data the protegrity key management solution manages these keys, and this system is embedded into the fabric of the protegrity data security platform for example, defining the protection method for sensitive data includes creating a cryptographic or data protection key there is no specific user visible function to create a data protection key with key management as part of the core infrastructure of the platform, the security team can focus on protecting data instead of the low level mechanics of key management this platform infrastructure based key management technique eliminates the need for a human to be a custodian of keys this applies to all functions included in key management the following keys are part of the protegrity key management solution key encryption key (kek) a cryptographic key that protects other keys the following keys are types of keks master key protects the data store keys and esa repository key in the esa, only one active master key is present at a time esa repository key protects policy information in the esa in the esa, only one active esa repository key is present at a time data store key encrypts the audit logs on the protection endpoint in the esa, multiple active data store keys can be present at a time data encryption key (dek) a cryptographic key that encrypts the sensitive data for the customers codebooks the lookup tables that tokenize the sensitive data you can configure the protegrity data security platform to use an hsm to generate and protect the protegrity keks guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration