Architecture Graphic and Flow
The following diagram shows the PEG architecture for viewing a record. For a description of the keys in this architecture, see Types of Keys.
- A user queries sensitive data.
- The Privacera Access Manager verifies the user access privileges to the data and the key (encryption scheme) used to decrypt the data.
- If the user has access privileges to both the data and key, Privacera encryption requests Data Encryption Key (DEK) for the encryption scheme.
- The Privacera Encryption Gateway (PEG) sends the Encrypted Data Encryption Key (EDEK) from the scheme to Ranger KMS to decrypt the DEK.
- Ranger KMS authenticates the caller (the encryption module) and uses the KEK to decrypt EDEK and obtain the DEK.
- The PEG obtains the DEK and decrypts the data.
- The PEG returns the data to user.