Principle

AvantGard Trax can protect access to data by using passwords and authentication, but a data- base administrator might still access the database itself where the data is vulnerable to changes. To counter this threat, AvantGard Trax offers data sealing. When this feature is active, changes made to the database by AvantGard Trax are characterized by a signature generated by the application. In this way, it is possible to detect changes which have been made by other sources than the AvantGard Trax application server.

Data sealing also makes use of digital signatures to address potential issues resulting from the application of the four eyes principle. A message can be sitting for some time in the database before actually being sent, e.g. waiting for the proper authorizations to be issued. Therefore care must be taken that a database administrator cannot modify this data in the interval, e.g. to deviate some funds to his private bank account.

When data is saved to the database, a digital signature is generated using a private key that is managed at the level of the application, and is unknown to the technical staff having access to the database. This allows AvantGard Trax to verify, before sending the message, that all information remains as it was when authorized.