Skip to content

Encryption Key Concepts and Terminology

Understanding key concepts and terms is essential to effectively use the Privacera Encryption Gateway (PEG). This section outlines core terms and roles relevant to configuration, operation, and access control.

Encryption Methods

  • Format-Preserving Encryption (FPE): Encrypts data without changing its format, maintaining the original data structure and length.
  • Advanced Encryption Standard (AES): A symmetric encryption algorithm that provides strong security for data protection.
  • Vaultless Tokenization: Replaces sensitive data with non-sensitive equivalents without requiring a secure lookup vault. This is implemented using Format-Preserving Encryption (FPE).
  • Masking: Replaces original values with obfuscated characters or nulls, providing data protection while maintaining usability.

Encryption Types

  • Native Encryption: Encryption is performed on the client-side (e.g., within the data platforms like Databricks Legacy Cluster or Vertica), providing better performance and reduced network traffic.
  • Remote Encryption: Encryption is performed server-side by the PEG server (e.g., via REST API).

Scheme Types

  • Encryption Scheme: Used for standard encryption and decryption operations, defining how data is transformed.
  • Presentation Scheme: Used to obfuscate decrypted data, controlling how sensitive information is displayed.
  • Masking Scheme: Defines how data should be masked (e.g., redaction, nullification), providing flexible data protection options.

User Types and Authentication

For detailed information about user types, authentication, and role-based access control, see Users and Roles in Privacera Encryption.

Integrations

PEG supports encryption workflows through several integration interfaces:

  • REST API: Direct integration for secure data encryption, decryption, and masking.
  • Databricks: Through UDFs integrated with policy and scheme controls.
  • StreamSets: Using a dedicated Privacera processor.
  • File Encryption Utility (FEU): CLI tool for field-level and binary file encryption.
  • Vertica: Through UDFs integrated with policy and scheme controls.

For detailed integration guides and configuration instructions, refer to the Encryption Integrations section.

Comments