Skip to main content

Privacera Documentation

Schemes

Privacera Encryption relies on schemes. A scheme is a combination of formats, algorithms, and scopes. There are three types of schemes:

All schemes rely on the same set of encryption formats, algorithms, and scopes:

  • Format: defines the data type and structure to be encrypted, such as alphanumeric, credit card, email address, or social security number.

  • Algorithm: specifies the mathematics used to encrypt, such as AES, FPE, or SHA.

  • Scope: defines the extent of the data encryption, such as the first four digits, an IP domain, or all data. Scoping ALL is recommended.

A scheme policy defines access control: users who have permission to access a scheme.

For example, you might rely on a Privacera-supplied encryption scheme to protect a PII field called "EMAIL" with the following properties:

  • Uses EMAIL format

  • Applies the SHA-256 algorithm for a one-way hash

  • Is scoped with "masked domain" to hide the portion of the email to the right of the @ sign

You can also define your own custom encryption, presentation, and masking schemes.