|
View previous topic :: View next topic
|
| Author |
Message |
murugan_mf
Active User
.jpg)
Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India
|
|
|
|
Hi All,
We have a task where we need to mask some account numbers in a
dataset. Actually we thought of writing a program to encrypt and
decrypt.
I wanted to know if is there any other way this can be done?
Soliciting thougths. |
|
| Back to top |
|
 |
Bill Woodger
Moderator Emeritus
Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix
|
|
|
|
| You want to encrypt? Or you want to garble so that live client data cannot reasonably be revealed? |
|
| Back to top |
|
|
murugan_mf
Active User
Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India
|
|
|
|
| we Prefer to encrypt the data |
|
| Back to top |
|
|
Bill Woodger
Moderator Emeritus
Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix
|
|
|
|
Talk to your technical support to see what is available at your site.
If nothing already, your best bet would be to buy something in. Or allocate a lot of time/money to implement and test it yourselves. |
|
| Back to top |
|
|
Robert Sample
Global Moderator
Joined: 06 Jun 2008
Posts: 8696
Location: Dubuque, Iowa, USA
|
|
|
|
| If your goal is to meet PCI standards, your site needs to buy something to do the encryption. Implementing an acceptable (under PCI) encryption method is not a simple task. |
|
| Back to top |
|
|
murugan_mf
Active User
Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India
|
|
|
|
| Thsi we are doing it internally and not required to met PCI standards. |
|
| Back to top |
|
|
Bill Woodger
Moderator Emeritus
Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix
|
|
|
|
If you use a very simple "encryption" it won't be very secure but won't cost as much in resources.
But really, why do you want to encrypt but not do it properly? |
|
| Back to top |
|
|
murugan_mf
Active User
Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India
|
|
|
|
| We dont want to let users to see some confidential information and that is reason we planning to write a program to do that..but before we define our own rules to write a program, i am just want to know will this can be done in any other way. |
|
| Back to top |
|
|
Bill Woodger
Moderator Emeritus
Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix
|
|
|
|
Really? How are they getting to see the data? They have TSO/ISPF access?
Even so, why would you need the decrypt? For what you've said, either don't show it to them, or garble it.
Explain further, please. |
|
| Back to top |
|
|
murugan_mf
Active User
Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India
|
|
|
|
Yes, some users will have.
First of all we dont want to open up with all the available account numbers.
after analysing the data(only a/c no will be encrypted) and any discrepencies found with the record then they will come back to us asking the account number.
During that instance we need to decrypt the record alone and give back to them. |
|
| Back to top |
|
|
Nic Clouston
Global Moderator
Joined: 10 May 2007
Posts: 2455
Location: Hampshire, UK
|
|
|
|
| If they are going to have acces anyway when they come across an anomolie why not just give them the access to start with and save all the hassle? Either they are authorised or they are not. If not then have the security software stop them from looking at the data. If you still want to mask the account numbers then look in the DFSort forum - someone was doing that the other month. |
|
| Back to top |
|
|
Anuj Dhawan
Superior Member
Joined: 22 Apr 2006
Posts: 6250
Location: Mumbai, India
|
|
|
|
It might sound rude but - before one attempts to do what you say, one need to understand the basic difference between encryption and garble-the-data. There are commercially available products that do field level encryption; use one of them to encrypt the data as you copy from one place to another -- commercial products are available in market, because this is a serious business and not done using some home grown utility. Having said that, I agree will Bill on this, as you talk about account numbers, garble-the-data is what you need.
Just my .02$... |
|
| Back to top |
|
|
Jose Mateo
Active User
Joined: 29 Oct 2010
Posts: 121
Location: Puerto Rico
|
|
|
|
Good day to all!
I have a solid background on Encryption/Decryption. First with ATM software and then with HSM (Hardware Security Module), I just finish implementing PCI standard at the bank where I work at. One thing I could tell you is that encryption/decryption is not a easy task first of all, if you decide to encrypt the account number then you need to modify all the programs that reference the account number plus the account number will not be displayable unless you decrypt it back to displayable format. IBM has callable encryption/decryption module which you could use. Now if you want to make it simple and just mask the account number using a masking table then all you will do is use the account digit as a subcript to the masking table replacing the account digit with the offset digit of the masking table. Now I will let you decide and think of the rest of the process. Good luck!! |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10873
Location: italy
|
|
|
|
| Quote: |
We have a task where we need to mask some account numbers in a
dataset. |
then all of it falls under PCI or similar compliancy,
even if You are not a financial institution, Your CEO and CIO are still responsible for the protection and access of <sensitive> data.
before worrying about the lowly technicalities better worry about the organizational and legal issues. |
|
| Back to top |
|
|
murugan_mf
Active User
Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India
|
|
|
|
| Thank you all for your valuable comments. |
|
| Back to top |
|
|
|
|
