cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Information regarding Bid data encryption

Former Member

on ‎09-21-2012 6:47 AM

0 Kudos

Hello,

we are in SRM 7.01 release and we got to know that data encryption and decryption functionality is coming in standard with SRM 7.02.when is the expected date of release of SRM 7.02? Can we down put the same data encryption functionality in SRM 7.01 as it is required for us as well as for our public sector customers to implement it.

Waiting for you reply.

Thanks,

sabya

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎04-29-2013 11:52 AM
0 Kudos

Hi Sabya,

I might be too late to reply to your query.

SAP has provided their encryption solution in SRM 7.02 as an add-on. They are not down-porting it to SRM 7.01 and you have to upgrade for the same.

But, in case you require an encryption functionality in SRM 7.01, I have made a product called NGenSecure v1.0 which provides a Crypto-API integrated in SAP, which you can use for your SRM e-tendering process. It provides more security features than SAP standard version like multiple choices for algorithms, key strengths, audit compliance reporting at the application level, user authentication process during decryption and certificate upload time, key rotation ability annually, etc. If you still not upgraded, we together can implement the encryption solution in SRM 7.01 or 7.00 or even 5.00.

Thanks,

Krishnendu.

Show replies
Show replies
Former Member
‎04-29-2013 3:16 PM
0 Kudos

We have also seen this with SAP - you can work with your SAP resources to see if SAP will give you back data setup. We implemented the Dolphin Encryption solution.

Former Member
‎04-29-2013 11:25 PM
0 Kudos

James,

What algorithm does Dolphin Encryption solution uses? I studied there solution and I can only guess they are doing some masking along with perhaps (my guess since no information was provided) some native shift algorithm to encrypt data? If they are not using strong cryptographic algorithm such as AES 256 along with a confidentiality mode like CBC, then Dolphin is not providing strong encryption. If they are using strong cryptography, how they are protecting the symmetric key, are they using a PKI? How they are rotating keys?

I remember in order to follow PCI compliance, corporations used to develop some kind of shift algorithm to get rid of PCI audit. But, it doesn't take long to crack such encrypted data. Even with data back up strategy, the question lies how do one ensure the backed up data is safe. Data back up can only be possible with a centrally managed crypto system, but then how will customer trust a 3rd party software vendor to keep their data safe. So, these approaches all have their own limitation. Its a debate between security vs productive and these are not 100% mutually inclusive.

My product is borne out of that limitation and requirement, and is based on Hybrid Cryptosystem, which means if put in simple terms that it could take 10 super computers to crack the encrypted data 100 years or more theoretically only. Such kind of strong crypto system is required in today's date for SRM, cards and PII sensitive data, which very few corporations are targeting.

Thanks,

Krish.

Ask a Question
Top Q&A Solution Author
View all