Minimize the Impact of PCI Section 3 on SAP Applications - Paymetric
Minimize the Impact of PCI Section 3 on SAP Applications - Paymetric
Minimize the Impact of PCI Section 3 on SAP Applications - Paymetric
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
A New Approach to Encrypti<strong>on</strong> Management for<br />
Heterogeneous <strong>SAP</strong> Envir<strong>on</strong>ments<br />
Today, <str<strong>on</strong>g>the</str<strong>on</strong>g>re’s a new approach to encrypti<strong>on</strong> management that <str<strong>on</strong>g>of</str<strong>on</strong>g>fers an array <str<strong>on</strong>g>of</str<strong>on</strong>g> benefits, both<br />
in terms <str<strong>on</strong>g>of</str<strong>on</strong>g> security and ease <str<strong>on</strong>g>of</str<strong>on</strong>g> administrati<strong>on</strong>. This approach focuses <strong>on</strong> using an encrypti<strong>on</strong><br />
management server to c<strong>on</strong>trol and manage not <strong>on</strong>ly encrypti<strong>on</strong> keys, but <str<strong>on</strong>g>the</str<strong>on</strong>g> underlying data.<br />
This approach is based <strong>on</strong> two key facets that deliver value throughout an enterprise:<br />
Centralizati<strong>on</strong>. All credit card numbers stored in<br />
<strong>SAP</strong> and o<str<strong>on</strong>g>the</str<strong>on</strong>g>r business applicati<strong>on</strong>s and databases<br />
are removed from those systems and placed<br />
in a highly secure, centralized encrypti<strong>on</strong> management<br />
server that can be protected and m<strong>on</strong>itored<br />
utilizing robust encrypti<strong>on</strong> technology.<br />
BEFORE<br />
Tokenizati<strong>on</strong>. Each credit card number that previously<br />
resided in <strong>SAP</strong> or o<str<strong>on</strong>g>the</str<strong>on</strong>g>r applicati<strong>on</strong>s is replaced<br />
with a token that references <str<strong>on</strong>g>the</str<strong>on</strong>g> credit card number.<br />
A token can be thought <str<strong>on</strong>g>of</str<strong>on</strong>g> as a claim check that an<br />
authorized user or system can use to obtain <str<strong>on</strong>g>the</str<strong>on</strong>g> associated<br />
credit card number. In <str<strong>on</strong>g>the</str<strong>on</strong>g> event <str<strong>on</strong>g>of</str<strong>on</strong>g> a breach<br />
<str<strong>on</strong>g>of</str<strong>on</strong>g> <strong>on</strong>e <str<strong>on</strong>g>of</str<strong>on</strong>g> <str<strong>on</strong>g>the</str<strong>on</strong>g> business applicati<strong>on</strong>s or databases, <strong>on</strong>ly<br />
<str<strong>on</strong>g>the</str<strong>on</strong>g> tokens could be accessed, which would be <str<strong>on</strong>g>of</str<strong>on</strong>g> no<br />
value to a would-be attacker.<br />
Before Centralizati<strong>on</strong> and Tokenizati<strong>on</strong><br />
<strong>SAP</strong><br />
1 2 3 4<br />
Encrypti<strong>on</strong> and key management<br />
technology must be implemented<br />
<strong>on</strong> each system in which credit card<br />
numbers are stored.<br />
Web Store<br />
1 2 3 4<br />
Encrypti<strong>on</strong><br />
# # # # # # # # # # # #<br />
####<br />
# # # # Encrypti<strong>on</strong><br />
####<br />
#### ####<br />
Payment App<br />
1 2 3 4<br />
# # # #<br />
Encrypti<strong>on</strong><br />
# # # #<br />
####<br />
© 2008 <strong>Paymetric</strong>, Inc. All rights reserved.<br />
.