Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

TECHNOLOGIES

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Technologies A-Z

ARCHITECTURE

Enterprise 2.0
Grid
Service-Oriented Architecture
Virtualization

COMMUNITY

Join OTN
Oracle ACEs
Oracle Mix
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Transparent Data Encryption

Transparent Data Encrytion Oracle Database 11g Transparent Data Encryption, introduced with Oracle Database 10gR2 as a component of the Advanced Security Option, supports your PCI compliance efforts by transparently encrypting data when it is written to disk and decrypting it when it is read back to the authorized user. Applications don't have to be modified, and authorized users won't even notice the fact that the data has been encrypted on the storage media.
"I wouldn't trust the encryption of our content to anything or anyone else"
Andy Barrett, CTO Yuntaa NV

New in Oracle Database 11g: TDE tablespace encryption

TDE tablespace encryption makes stored data encryption even easier: Without any storage increase, define a tablespace as 'encrypted' and use it to store your sensitive data; the limitations of TDE column encryption in terms of foreign keys, range scans and unsupported data types don't apply anymore. There are no functional differences between clear-text and encrypted tablespaces, even execution plans don't change.

The following Oracle Applications are certified with Oracle Advanced Security TDE tablespace encryption in Oracle Database 11gR1:

Oracle E-Business Suite 11i (OracleMetaLink note 828223.1)
Oracle PeopleSoft Enterprise
Oracle Siebel CRM
Oracle JD Edwards EnterpriseOne

New in Oracle Database 11g: Hardware Security Module support

For centralized key storage and high assurance key protection, TDE can be configured to work with network based Hardware Security Modules (HSM). RSA, SafeNet (incl. Ingrian) and Thales (incl. nCipher) have certified their HSM devices to provide key management for the Oracle TDE master encryption key.

New in Oracle Database 11g: 'SecureFile' LOB encryption

Sensitive documents (contracts, X-ray images etc.) are often scanned and stored electronically. Now they can benefit from the increased security of the Oracle Database: The new 'SecureFile' LOB in Oracle Database 11g can be encrypted.

For backward compatibility, both the DBMS_OBFUSCATION_TOOLKIT and the newer, more powerful DBMS_CRYPTO package are still available with Oracle Database 11g.

While data encryption should not be used as a substitute for access control, storing data encrypted does provide an additional layer of protection on storage media, including export files created with Oracle Data Pump, backups generated with Oracle RMAN or Oracle Secure Backup. This helps protect sensitive data such as credit card numbers in the event of media theft. Media theft can occur due to poor physical security, operating system configuration or backup processes.

Technical Information

	Transparent Data Encryption Best Practices
	Frequently Asked Questions
	Technical White Paper
	Datasheet

Hands-On:

	Using Transparent Data Encryption


	Download Patch 7639262 for TDE column encryption in 10.2.0.4
	Download Patch 8211698 to correct 'Library not found' error on 64-bit UNIX

	Learn More

·	Oracle by Example: Database Security

	Security Options

·	Oracle Database Vault
·	Oracle Advanced Security
·	Oracle Label Security
·	Oracle Secure Backup

	Security Features

·	Data Encryption
·	Virtual Private Database
·	Database Auditing
·	Backup Encryption
·	Proxy Authentication
·	Enterprise User Security
·	Secure Application Roles
·	Fine Grained Auditing

	Related Technologies

·	Audit Vault
·	Secure Backup
·	Configuration Management
·	Information Rights Management
·	Identity Management

	Previous Releases

·	Oracle10g R2 Security
·	Oracle9iR2 Security
·	Oracle9i Security

	Discussion Forums

·	Audit Vault
·	Security
·	Database