Privacera Platform master publication

Table of Contents

Essential Privacera Encryption terminology


For a view of these terms in action, see Graphical view of encryption processes

Privacera Encryption relies on schemes:

  • A scheme is a combination of formats, algorithms, and scopes. There are two types of schemes:

    Both encryption schemes and presentation schemes rely on the same set of Encryption formats, algorithms, and scopes.Encryption formats, algorithms, and scopes

    • An input data format defines the data type and structure to be encrypted, such as alphanumeric, credit card, email address, or social security number.

    • An encryption algorithm specifies the mathematics used to encrypt, such as AES, FPE, or SHA.

    • A scope defines the extent of the encryption on the data, such as the first four digits, an IP domain, or all data. Scoping ALL is recommended.

  • A scheme policy defines access control: users who have permission to access a scheme.

For example, you might rely on a Privacera-supplied encryption scheme to protect a PII field called "EMAIL". The scheme:

  • Uses EMAIL format.

  • Applies the SHA-256 algorithm for a one-way hash.

  • Is scoped with "masked domain" to hide portion of the email to the right of the @ sign.

You can also define your own custom encryption and presentation schemes.