Skip to main content

Privacera Platform

Encryption architecture and UDF flow


This diagram shows the PEG architecture for viewing a record. For a description of the keys in this architecture, see Hierarchy and Types of Encryption Keys.Hierarchy and Types of Encryption Keys

  1. A user queries sensitive data.

  2. Privacera Access Management verifies the user access privileges to the data and the key (encryption scheme) used to decrypt the data.

  3. If the user has access privileges to both the data and key, Privacera encryption requests the Data Encryption Key (DEK) for the encryption scheme.

  4. The Privacera Encryption Gateway (PEG) sends the Encrypted Data Encryption Key (EDEK) from the scheme to Ranger KMS to decrypt the DEK.

  5. Ranger KMS authenticates the caller (the encryption module) and uses the KEK to decrypt EDEK and obtain the DEK.

  6. The PEG obtains the DEK and decrypts the data.

  7. The PEG returns the data to user.