Show TOC

Background documentationSupporting Multiple Encryption Keys

 

Your system can safeguard information such as customer names and credit card numbers through processes which encrypt or mask sensitive data as it is transmitted from the POS client to the server and beyond, or while it is stored in Tlogs, journals or databases. You can define specific parameters which control aspects of these processes such as which encryption key to activate when several keys are defined, or which portion of data in a string of data should be masked.

SAP POS supports the use of multiple encryption keys through a behind-the-scenes security module. This module maintains a library of secret keys and allows the active secret encryption key to be changed at any time.

How it works

This multiple keys design is based on the assumption that there is only one key per transaction and that it cannot be changed during the transaction. The key index used to encrypt the Tlog record should be stored in the same Tlog record. The key index ID is stored in the header of the Tlog record and is used to encrypt and decrypt the Tlog record. If the key index field is empty, the last recent key will be used to encrypt and decrypt the Tlog record. A value of -1 in the key index field indicates that no encryption or decryption is needed.

When an active secret key changes, a miscellaneous Tlog record is created and serves as an indicator to third party applications processing Tlog data. If customer data is encrypted, the record types CA, CB, CD, CE, and CF are generated. See SAP POS Security Library for details.