Architecture Graphic and Flow

The following diagram shows the PEG architecture for viewing a record. For a description of the keys in this architecture, see Types of Keys.

  1. A user queries sensitive data.
  2. The Privacera Access Manager verifies the user access privileges to the data and the key (encryption scheme) used to decrypt the data.
  3. If the user has access privileges to both the data and key, Privacera encryption requests Data Encryption Key (DEK) for the encryption scheme.
  4. The Privacera Encryption Gateway (PEG) sends the Encrypted Data Encryption Key (EDEK) from the scheme to Ranger KMS to decrypt the DEK.
  5. Ranger KMS authenticates the caller (the encryption module) and uses the KEK to decrypt EDEK and obtain the DEK.
  6. The PEG obtains the DEK and decrypts the data.
  7. The PEG returns the data to user.