Implementation

The implementation of the technique in AvantGard Trax is based on digital signatures. AvantGard Trax is capable of generating a digital signature for an object and storing that signature at database level. Every manipulation of that object is subject to a validation of the digital signature. Every update of the object by the application server will generate a signature that is consistent with the data in the object. For this purpose, a key is contained in the AvantGard Trax enterprise application archive (ear).

Any attempt to modify data that is secured in this way at the level of the database, will be detected by AvantGard Trax during subsequent processing. AvantGard Trax will raise a "Security Breach" exception, displayed to the end-user if the action was invoked by means of the user interface, and logged if the action was invoked by the scheduler. The action will fail in its entirety, consistent with the transaction boundaries of the context in which the action is executed.

The entities that are subject to data sealing can be customized. By default, an example integration of sealing functionality will be provided. For a list of available entities, see System > Entity configuration as System User in AvantGard Trax.

Note that this type of configuration is part of the implementation process. That is, the AvantGard Trax system does not provide a graphical user interface for this purpose and this function cannot be activated at a later time, it must be set up during the development phase

It is possible to create a custom 3DES encryption key by the client after implementation and installation so that complete confidentiality is guaranteed. A script which executes Encryption helper can be provided for this purpose. Do note that all user passwords will have to be reset and all data seals have to be recalculated and stored in the database. This can only be done when the application itself is not currently in use.