D’Amo

Optimized Encryption Frameworks

A DB should utilize quality encryption technology to protect critical data of a company from attempts of threatening information leakage through various attack techniques. In addition, to encrypt the DB, DB encryption technology needs to be tailored to fit the operation environment of each company.

D’Amo classifies the IT system into each layer to apply the optimized DB encryption solution. Depending on the operation environment, Penta Security finds the best solution to guarantee both performance and security without compromise. In addition, it provides the optimized solution for secured encryption key management, which is considered to be a key element for security in this day and age.

D’Amo

For companies that are considering deploying encryption technology as a solution, D’Amo is the right choice to select a DB encryption solution appropriate for their operation environment.

DB Encryption technology - D'mo applications

Since the 1990s, as leading various encryption technology concepts such as API, PLUG-IN, and Hybrid emerged, D’Amo has refused to use a specific encryption technology, but instead applies an optimized encryption technology for each customer’s environment.

Penta Security Systems owns and offers various product families to apply optimized performance and security according to the customer’s system architecture.

DB encryption D'amo layers

Products Available:

D’Amo offers four product families based on the data processing type by IT system layer structure:

  • D’Amo Application Level Encryption products
  • D’Amo System Level Encryption products
  • D’Amo Network Level Encryption products
  • D’Amo Key Management products

D’Amo BA-SAP

Introduction

D’Amo BA-SAP is a DB security solution optimized for the SAP environment through partnership with SAP, preventing data leakage through encryption and decryption of critical information and key management by using proven, internationally-certified algorithms. In addition, it provides the best security and performance by satisfying the security requirements of DB encryption products for the National Intelligence Service.


Product Features

  • Encryption/Decryption
  • Safe key management in compliance with Korean and International Standards (PKCS #1, #8,TTAS.KO-12.0004/R1, etc.)
  • Improved convenience by auto-creating a convention exit that executes encryption/decryption
  • Excludes specific data from encryption/decryption by setting the Rule Function condition
  • Automatically creates and allocates the execute privilege object
  • Supports tools for correction and verification of encryption
  • Supports data masking
  • Supports a feature to search the encryption target
  • Searches the encryption target by using Source Scan for the developed item such as the CBO program or Function.
  • Searches the encryption table for the domain to encrypt in accordance with the  Where Used List.
  • Supports auto-decryption when the encryption setting is reset
  • Encrypts transmission data (SAP SNC-certified technology)
  • Supports index search for the encrypted data
  • Supports partial encryption
  • Supports index search of the encrypted column (match search, range search) by using  partial encryption, which encrypts a specific range of data
  • Full-Scan prevention
  • Provides the initial migration tool
  • Supports batch encryption of large data (improving performance through parallel processing)
  • Guarantees less than 10% of latency to download the encrypted data as Excel comparing to data as general text

Access Control

  • Access control by issuing and verifying the authentication key
  • Controls access to the key management server by the IP of the accessing server
  • Controls access and permission by user
  • Encrypts transmission data (SAP SNC-certified technology)
  • Supports batch upload of users who will receive permission (feature for convenience)

High Availability

  • Supports load balancing
  • Supports automatic policy synchronization between HA systems

Features for Convenience

  • Manages various logs and audit records (duplexed storing to prevent data forgery and modulation)
  • Provides intuitive statistics and reporting features
  • Supports backup policies in compliance with related laws and regulations
  • Supports a real-time view for the encryption system
  • Encryption solution optimized for the SAP ERP environment
  • No changes of filed size and data type in the SAP environment after encryption
  • More reliable security based on SAP SNC certificates
  • Completely cuts off data leakage by encryption algorithms, and key management proven domestically and internationally
  • Satisfies the security requirements of DB encryption products for the National Intelligence Service
  • Supports security audit and policy management through intuitive GUI
  • Applies secured encryption as preserving the data format (properties and length)

Format Preserving Encryption (FPE) operating mode

Patent-registered Format Preserving Encryption (Patent Registration No. 101106604)

  • Protects critical information assets through complete encryption in the SAP environment
  • Meets technical requirements for data protection
  • Meets compliance issues,D120+E120 including the privacy protection act
  • Stable data operation with the experience and technology of D`Amo

Format Preserving Oneway Encryption (FPOE) operating mode

Format Preserving Oneway Encryption (patent-pending)

  • Uses the oneway encryption (decryption is not available)
  • Certified encryption algorithm + FPOE operating mode
  • Data created with FPOE is used as a token and saved in the customer DB
  • Encrypts and saves the personal information and token in D’Amo SG-KMS

Product Specification and Configuration

SAP Agent (iSECURE)

An agent that is configured in the SAP Application Server communicates with D’Amo SG-KMS and processes events, providing convenient features through the SAP GUI, encryption/decryption permission setting, and encryption/decryption request to SG-KMS

Encryption/Decryption and Key Management Server (D’Amo SG-KMS)

  • Integrated management of encryption key and log
  • Encrypts/decrypts and stores personal information
  • Creates and stores the token (personal information identification data)
  • Provides GUI-type management tools

application level d'amo ba-sap

D’Amo BA-SCP

Introduction

D’Amo BA-SCP is an API-type DB security solution that uses the API installed in the application server to encrypt data and then sends queries to the DBMS. It minimizes the encryption/decryption load upon the DBMS and offers superior compatibility with various OSs and DBMSs.


Product Features

Safer Encryption Algorithm

Uses the self-developed encryption module certified by the National Intelligence Service(CIS-CC) Certified by the Federal Information Processing Standards (AES, TDES) Supports all domestic and international standard algorithms (SEED, ARIA, AES, TDES, SHA, BLOWFISH, etc.) D’Amo SCP Agent provides various interface modules according to the language used to implement the application Provides powerful compatibility by using an identical encryption engine for each module, of which the interface is different from the others.

Authentication and encryption key management using additional systems

D’Amo SG-KMS and D’Amo SCP Agent execute the authentication processes by using the mutual authentication protocol and share the encryption key. D’Amo SCP Agent saves the shared encryption key in the cache memory to increase the processing speed and system efficiency.

DBMS Load Balancing

As encryption/decryption is performed at the application level, the load on the DBMS server for encryption is balanced by the application.

Supports indexing and selective encryption of the index column

Keeps the existing Index Search after encrypting the index column No changes of application with encryption Supports index search of the encrypted column (match search, range search) by using partial encryption

Supports batch encryption of large data

Batch encryption of large data means that the DBMS exports the data as a file format and then encrypts the file to save in the DBMS The speed is very fast because batch encryption is not processed by the DBMS but by the
application Load caused by batch encryption on the DBMS is lown

Developer Convenience

Provides functions and libraries based on various programming languages for more convenient development Provides API functions to apply products with the least modification.


Features

Guarantees excellent performance and stability in network sections

No additional load is placed on the existing DBMS because encryption/decryption is performed in an additional application server, not in the DBMS Guarantees stability by transmitting encrypted data between the application and the DBMS

Provides developer convenience with various libraries

Provides various functions for data encryption/decryption service and various API libraries including C, JAVA, PHP, and ASP, maximizing convenient implementation of the product in various developer environments

Powerful key management and administrator authentication

Dual encryption of encryption/decryption key by using the Hybrid encryption method Supports powerful key management with additional H/W (when D’Amo KeyManager is applied)

Supports various algorithms and environments (flexibility and scalability)

Supports Korean and international standard encryption algorithms (RSA, 3DES, AES, SEED, ARIA, SHA, etc.)
Supports all application development environments (C, Java, etc.) and all types of DBMSs (Oracle, Altibase, MSSQL, DB2. etc.)
Secured data interworking between heterogeneous DBMSs even with different data encryption keys
Installing D’Amo SCP Agent allows integration of the management target DBMS to the existing encryption management system


Product Configuration

D’Amo SCP Agent (for the application server)API encryption module software that is installed on the application server to encrypt/decrypt data on the application

application-level-damo-ba-scp-1

To establish an encryption system, the API-type D’Amo SCP Agent is installed in the application server to encrypt/decrypt the DB. When configured, the D’Amo KeyManager manages the encryption/decryption keys and policies.

application level encryption platform damo


D’Amo SG-KMS (Key Management Server)

  • Manages all encryption/decryption keys and policies
  • Processes the requests related to the key and saves the logs
  • Web-based GUI console

D’Amo DA

Introduction

D’Amo DA is an API-type DB security solution that encrypts the data by using the API installed in the DBMS server. It minimizes the encryption/decryption load upon the DBMS and offers superior compatibility with various OSs and DBMSs. Find out more about application level encryption.


Product Features

Encryption/Decryption using a secured encryption algorithm

  • Uses the self-developed encryption module certified by the National Intelligence Service (CIS-CC)
  • Certified by the Federal Information Processing Standards (AES, TDES)
  • Supports all domestic and international standard algorithms (SEED, ARIA, AES, TDES, SHA, BLOWFISH, etc.)
  • D’Amo DA Agent provides various interface modules according to the DBMS.
  • Provides powerful compatibility by using an identical encryption engine for each module, of which the interface is different from the others.

Authentication and encryption key management using additional systems

D’Amo SG-KMS and D’Amo DA Agent execute authentication processes by using the mutual authentication protocol and share the encryption key.
D’Amo SCP Agent saves the shared encryption key in the cache memory to increase the processing speed and system efficiency.

Supports indexing and selective encryption of the index column

  • Keeps the existing Index Search after encrypting the index column
  • No changes of the application with encryption
  • Supports index search of the encrypted column (match search, range search) by using partial encryption

Supports batch encryption of large data

  • Batch encryption of large data means that the DBMS exports the data as a file format and then encrypts the file to save in the DBMS
  • The speed is very fast because batch encryption is not processed by the DBMS but by the application
  • Load caused by batch encryption on the DBMS is low

Developer Convenience

Provides functions and libraries based on various programming languages for more convenient development Provides API functions to apply products with the least modification


Features

Powerful key management and administrator authentication

  • Dual encryption of encryption/decryption key by using the Hybrid encryption method
  • Supports powerful key management features with additional H/W

Supports various algorithms and environments (flexibility and scalability)

  • Supports Korean and international standard encryption algorithms (RSA, 3DES, AES, SEED, ARIA, SHA, etc.)
  • Supports all application development environments (C, Java, etc.) and all types of DBMSs (Oracle, Altibase, MSSQL, DB2. etc.)
  • Secured data interworking between heterogeneous DBMSs even with different data encryption keys
  • Installing D’Amo SCP Agent allows integration of the management target DBMS to the existing encryption management system

Product Configuration

D’Amo DA Agent (an agent installed in the DBMS)

DAmo-DA-1

D’Amo SG-KMS (Key Management Server)

  • Manages all encryption/decryption keys and policies
  • Processes the requests related to the key and saves the logs
  • Web-based GUI console

D’Amo DA Configurations

  • Manages all encryption/decryption keys and policies
  • Processes the requests related to the key and saves the logs
  • Web-based GUI console

D’Amo EA

Introduction

D’Amo EA is a solution for encrypting sections, and it manages certificates between devices (PCs or smartphones) and servers. It provides an integrated security measures for various devices. In addition, it provides secured key management service by interworking with the D’Amo SG-KMS.


Expected Effects

  • Encrypts the section between devices and business servers
  • Authenticates users by using certificates and manages certificates
  • Manages the encryption/decryption keys in an additional secured system.
  • Guarantees non-repudiation and integrity by using an electronic signature feature

Features

  • Provides a fast and powerful encryption feature with a public key of 1024 bits or more and a secret key of 128 bits or more
  • Uses 1-way key transmission protocol
  • Uses the encryption module verified and certified by the National Intelligence Service
  • Provides the certificate management feature by interworking with the authentication system
  • Provides various block encryption algorithms, including the Korean standards SEED/ARIA and encrypts/decrypts the section between business servers
  • Supports various certificates (NPKI, GPKI, etc.)

D’Amo DP

Introduction

D’Amo DP (DBMS Package) is a DB encryption solution that is provided as an easy-to-install/use package.


Product Features

  • Provides efficient encryption features by managing the security policies
  • Provides two encryption modes according to the customer environment(VTI Mode and API Mode)
  • Allows efficient encryption by selecting important data and encrypting by column
  • Controls access to the entire DB and encryption columns by DB account/IP/MAC/application/time band
  • Audits the tasks in the unit of encryption column
  • Efficient log management feature through the integrated log management tool
  • Powerful 3-tier encryption key system
  • Supports secured key management through an additional appliance
  • User-friendly UI

Features

D’Amo DP supports both VTI encryption mode and API encryption mode

VTI (View/Trigger Interface) Mode
– A mode that encrypts data by using View and Trigger (changing the names of encryption tables and columns)
API (Application Programming Interface) Mode
– A mode that encrypts data without View and Trigger (no changes in the names of encryption tables and columns)

Strict privilege control by separating the privilege of DBA from that of security administrator

Selectively encrypts the important data in the DB by column

Non-interruptive encryption

Some service delays may occur when converting the encryption table to the service table


Product Configuration

Installation diagram of DE-MYO (MySQL-exclusive component)

Installation diagram of DE-MYO (MySQL-exclusive component)


Supported DBMS

ORACLE, SQL Server ETC.

D’Amo DE

Product Features

  • Strict privilege control by separating the privilege of DBA from that of security administrator
  • Application-independent (installation and operation without modification of application)
  • Allows efficient encryption by selecting important data and encrypting by column
  • Supports index column encryption through partial encryption
  • Access control to the encryption column by DB account/IP
  • Supports HASH for encryption of authentication information (such as password)
  • Supports log forgery and modulation
  • Supports audit for encryption columns

Features

  • Separates the privilege of DBA from that of security administrator and controls access
  • Provides an access control feature that allows only authorized users to access the encrypted data  – Even a DBA cannot decrypt the encrypted data if the DBA is not authorized by the security administrator

Application-independent

Keep the Existing Query

Supports selective encryption through encryption by column

It can encrypt the desired columns when the columns should be used in the real environment. The difference of performance before and after encryption is within 10%

Performance Dofference Less Than 10% When View or Renew Data After Encryption Using Index

Performance Difference Less Than 10% When View or Renew Data After Encryption Using Index

Keeps the order of encrypted data and supports index search

Supports features to maintain existing data structures and to search indexes (matches and ranges) through partial encryption of specified ranges

column level partial encryption


Product Configuration

Installation diagram of DE-MYO (MySQL-exclusive component)

Installation diagram of DE-MYO (MySQL-exclusive component)


Supported DBMS

MySQL, Altibase ETC.

D’Amo SP

Introduction

Our D’Amo for Mainframe is an encryption solution optimized for the operating environment of the customer, and consists of an encryption//decryption API and a key management server.

D’Amo for mainframe API


Functions

  • Upon entry/referencing of data, executes its encryption/decryption with keys obtained from D’Amo SG-KMS through the D’Amo for Mainframe API
  • If working with an external system, does so through the D’Amo SCP Agent (constructed separately)
  • Functioning Process

BATCH/ONLINE Application

Product Features

Guaranteed excellence in encryption/decryption

D’Amo for Mainframe provides fast encryption/decryption and stability by optimizing the process through effective usage of the hardware’s central processor. We guarantee its equally excellent performance in online transactions as well as Batch tasks.

No additional load on system

The product does not cause additional load for the application in use and the DBMS. For encryption, only has to call the instructions once.

Safe hardware-based key management

Because the keys are managed through the D’Amo SG-KMS outside of the DB server, the data can be protected securely. With its GUI-based key management server console, keys can be conveniently generated and managed.


Support Environment for D’Amo SP

CategoryEnvironment
H/wz990, z9, z10 or later
OSz/OS 1.4 or later
ApplicationBatch, Online (CICS, IMS, etc)
DBMSAny DBMS (DB2, Oracle, etc)
AlgorithmDES, TDES, AES, SHA1

D’Amo KE

Introduction

D’Amo VL-DSK is the OS level volume encryption solution of D’Amo, which is the No. 1 DB encryption solution in Korea. In addition, it interworks with the SG-KMS, which is the encryption key management server that satisfies the security requirements of DB encryption products for the National Intelligence Service, providing more secured key management service.


Product Features

Volume encryption by using the encryption algorithm certified by the National Intelligence Service (creating the virtual volume at the OS level)

Access Control

Access control by server OS account, client IP, time, and process

Secured Key Management

Interworking and management of key through D’Amo KeyManager, an exclusive key management server

Audit and Log

Logs success/failure of encryption/decryption and access trials
Audits users and systems


Features

Stability

  • Encryption at the kernel level does not allow manipulation
  • Secure from malicious codes
  • Protected from physical theft
  • Prevents key leakage by using the exclusive key management server
  • Compatible with the operating system (Microsoft WHQL-certified)

Easy to Install and Operate

  • Applicable without changing applications or queries
  • Installation is completed within 1 hour (excluding initial encryption, Windows installer-type)
  • Simple and easy operation with an intuitive integrated UI

Fast encryption/decryption performance

  • Fast encryption/decryption at the kernel level
  • Guarantees fast performance by encryption in the unit of the file page (file encryption/decryption is not executed in the unit of the file)

Product Configuration