Contents x
    Encryption, Decryption, and Masking Fields
    • 26 Mar 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Encryption, Decryption, and Masking Fields

    • Updated on 26 Mar 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article Summary

    This topic relates to the following sections:

    About Encryption, Decryption, and Masking Fields

    Due to the sensitive nature of fields within company data the Syniti Migrate system provides defaulted functions to encrypt, decrypt, or mask sensitive data "at rest" within snapshot and working tables. The concept is that the data is stored as a masked value to not provide the actual value within tables, and the reporting encrypts or decrypts these values for the validation of these rows of data. This would include as example Social Security numbers, Birth dates, Credit Card numbers, Telephone numbers and more.

    The encryption functions are setup for use in SQL Server, HANA DB, and Oracle DB in their respective languages.

    Encrypt and Decrypt

    The image below provides examples of these Syniti functions used against data to produce the Encrypted or Decrypted values. The functions are stored in the base or MIGRATE database and are installed with the system.

    These functions include:

    • SYN_ENCRYPT_SETUP - must be run once per database, and is responsible for creating the database keys/certificates needed for encrypting and decrypting data.

    • SYN_ENCRYPT_COLUMN - this procedure encrypts the data within a new column named "[OriginalName]_ENCRYPTED ". The data in the original column is replaced with masked data, via our SYN_MASK_DEFAULT function.

    • SYN_DECRYPT_VALUE - this function is used to return a decrypted value. Note that it returns VARBINARY, so the user must convert the value, as appropriate.

    null
    SQL Server: Encrypt and Decrypt

    Masking data fields

    The image below provides example of the Masking of record values where only the last four digits of a number is provided

    These Masking functions stored in the MIGRATE database include:

    • SYN_MASK_DEFAULT: Full masking according to the inferred data types of the inputted value.

    • SYN_MASK_PARTIAL: Masking method that exposes the first and last letters and adds a custom padding string in the middle of the inputted value.

    • SYN_MASK_EMAIL: Masking method that exposes the first letter of an email address and the constant suffix ".com", in the form of an email address. Example: "aXXX@XXXX.com".

    As an example of usage, take the following table/data:

    null
    SQL Server: Masking

    Was this article helpful?
    What's Next
    **Access to pages and visibility of fields may be restricted based on the security settings of the current user. The Syniti logo is a registered trademark of BackOffice Associates, LLC. Other names appearing on the Site may be trademarks of their respective owners.
    Get in Touch
    Related Content
    Copyright © 2024 BackOffice Associates, LLC d/b/a Syniti. All rights reserved.