What is DRS-K
DRS-K is a system that allow to encrypt data and have application do searches on those data in the encrypted format without using a decryption key. Uses a proprietary algorithm that allows fast encryption, searchable encrypted data and also searches on partial strings. It is highly scalable and efficient. DRS-K exists as SDK or as ODBC/JDBC driver
DRS-K Encryption Process
- The Query Disassembler acquisition module receive the query in a format that can be customized in order to simplify the integration to the environment
- Can accept the same format that the “DB” on the other side is accepting (to simplify the integration on an existing infrastructure) or accepting a legacy format (to simplify the migration to a new service)
- The Query Disassembler then extracts the fields and information from the query then for each field requests the relative encryption key to the key manager
- Any kind of key manager can be used here to manage the keys (the key manager require integration)
- If necessary, an authentication server/process can be integrated to the chain of key request process
- Got the encryption keys the field’s values are encrypted inside the Encryptor and the result is sent to the Query Reassembler
- The Query Reassembler puts together the new encrypted query
- The encrypted query is sent to be executed over the DB
DRS-K Decryption Process
- The Result Disassembler acquisition module receive the response from the DB in the native DB format.
- The Result Disassembler gets the incoming Response and extracts the fields and for each field requests the relative decryption key to the Key Manager
- Any kind of key manager can be used here to manage the keys (the key manager require integration)
- If is necessary, before the Key Manager returns the requested keys, the user who sent the request can be authenticated by an Authentication Server
- Got the decryption keys the field’s values are decrypted inside the Decryptor and the result is sent to the Result Reassembler
- The Result Reassembler puts together the new decrypted Result in a customizable format
- Can return the same format that the “DB” on the other side sent (to simplify the integration on an existing infrastructure) or return a legacy format (to simplify the migration to a new service)
- The decrypted query is executed over the DB
