项目作者: CipherWorksorg

项目描述 :
语义加密语义加密是一种基于NIST加密标准的新型加密方案。传统的加密方法(如AES,RSA等)会生成加密文本,该文本不遵循原始纯文本的格式。例如,加密电话号码将产生字母数字字符串,其看起来不像电话号码。当使用语义加密对电话号码进行加密时,它会生成一个字符串,该字符串会产生一个看起来像电话号码的输出(NPA NXX XXXX的排列格式与原始纯文本相同。例如:未加密的电话号码:770-098-0987通过标准加密加密的电话号码:1CYR + 88ZGE1ymsx + o4x7uX3ekgDfnU11通过语义加密加密的电话号码:767-208-7386原谅权安全法规和政策可能要求UII数据需要被删除或忘记,如果所有者提出要求例如,如果客户要求他的UII数据被删除,那么企业需要删除或使客户的数据无法使用。或者,企业可以删除客户数据的敏感元素,以便无法再识别客户例如,如果客户的名称,联系信息和其他可识别信息从客户的tr中删除响应历史记录,它使客户交易历史记录不敏感,因为它无法再与客户一起识别。企业中常见的是在企业中的多个数据存储中保存和维护相同数据的副本。例如,企业可以选择在以下方面维护相同的数据:i)交易数据存储,其具有实时和/或接近实时的购物/购买/销售交易ii)操作数据存储,其具有历史原始商业交易的副本数据iii)数据仓库,其中包含业务交易的汇总数据iv)数据集市,其中包含部门内部应用程序所需的数据。所有这些数据存储都可能具有UII信息。为了忘记或删除任何特定的客户数据,需要从所有这些数据存储中删除敏感数据。 CipherWorks提供了一种新颖的解决方案,可以在不需要数据时轻松使敏感数据无法使用。异常检测CipherWorks提供用于语义加密和解密敏感数据的服务。加密和解密服务应该仅由具有执行加密和解密权限的应用程序使用。任何异常(或欺诈)使用都由CwHawk定期监视。 CwHawk使用机器学习(ML)来不断学习所有加密和解密服务的使用模式。 CwHawk了解所有可用使用历史记录中每小时(HOD)和星期几(DOW)的使用模式。当CwHawk注意到任何使用中的异常时,它会计算风险评分并写入日志文件。企业系统监视工具需要监视日志文件,以提醒安全管理员。
高级语言:
项目地址: git://github.com/CipherWorksorg/Concepts.git
创建时间: 2018-02-13T14:34:41Z
项目社区:https://github.com/CipherWorksorg/Concepts

开源协议:

下载


Concepts

Semantic Encryption Semantic Encryption is a novel encryption scheme which is based on NIST Encryption standards. The traditional encryption methods (such as AES, RSA, etc.) produces an encrypted text which does not follow the format of the original plain text. For example, encrypting a phone number will produce a alpha numeric string which does not look like a phone number. When a phone number is encrypted using Semantic Encryption it produces a string that produces an output that looks like a phone number (with NPA NXX XXXX arranged in the same format as the original plain text. Example: Unencrypted Phone Number: 770-098-0987 Phone Number encrypted by Standard Encryption: 1CYR+88ZGE1ymsx+o4x7uX3ekgDfnU11 Phone Number encrypted by Semantic Encryption: 767-208-7386 Right to Forgive Security regulations and policies may require that UII data needs to be Erased or Forgotten, when requested by the owner of the data. For example, if a customer requests that his UII data is Erased, then the enterprise needs to delete or make customer’s data unusable. Alternatively, the enterprise can remove the sensitive elements of the customer data so that the customer can no longer be identified in the data. For example, if customer’s name, contact information and other identifiable information is removed from the customer’s transaction history, it makes customer transaction history insensitive as it can no longer be identified with the customer. It is common in enterprises to have copies of the same data saved and maintained in multiple data stores in the enterprise. For example, an enterprise may choose to maintain same data in: i) Transactional Data Store, which has real time and/or near-real time shopping/buying/selling transactions ii) Operational Data Store, which has copies of historical raw business transaction data iii) Data Warehouse, which has the summarized data for the business transactions iv) Data Marts, which has data needed by intra departmental applications. All these data stores may have UII information. In order to Forget or Erase any specific customer data, the sensitive data needs to be removed from all these data stores. CipherWorks provide a novel solution for easily making the sensitive data unusable when the data is not needed. Anomaly Detection CipherWorks provides services for semantically encrypting and decrypting the sensitive data. The encryption and decryption services are supposed to be used only by applications that have privilege to perform encryption and decryption. Any anomalous (or fraudulent) use is monitored by CwHawk at periodic interval. CwHawk uses Machine Learning (ML) to continuously learn the usage pattern for all encryption and decryption services. CwHawk learns the usage pattern for every Hour Of the Day (HOD) and Day Of the Week (DOW) for all the available usage history. When CwHawk notices any anomaly in usage, it computes a Risk Score and writes to the log file. The log file needs to be monitored by the enterprise system monitoring tools to alert the security administrators.