SAP POS can safeguard information such as customer names and credit card numbers through processes which encrypt or mask sensitive data as it is transmitted from the POS to the Xpress Server or beyond, or stored in the TLogs, journals or databases. You can define specific parameters to control some aspects of these processes such as which encryption key to activate when several keys have been defined, or which portion of data in a string of data should be masked.

Through its security module, SAP POS now supports the use of multiple encryption keys. This module maintains a library of secret keys and allows the active secret encryption key to be changed at any time as the need arises.

To support multiple keys, the key index ID used to encrypt a database record is stored in the record’s header. Access to encrypted data requires it to be decrypted using that encryption key index. New data written to the database is always encrypted with the active encryption key index on the Xpress Server. Existing data uses the encryption index that was retrieved from the database to re-encrypt the data and the encrypt key index value is written to the database along with the data. The utilities cvtlog.exe, safutil.exe and dcdump.exe read the key index from their respective record types and decrypt the contents of the record. These utilities will not decrypt any information if the encryption key from the record is not installed on the machine where the utility is being run.