What's New in Oracle Advanced Security?

This section describes new features of Oracle Advanced Security 11g Release 1 (11.1) and provides pointers to additional information.

Oracle Database 11g Release 1 (11.1) New Features in Oracle Advanced Security

This release includes the following new features:

  • Enhanced Transparent Data Encryption

    Transparent Data Encryption enables you to encrypt data in columns without having to manage the encryption key. Businesses can protect sensitive data in their databases without having to make changes to their applications.

    Oracle Advanced Security uses industry standard encryption algorithms including AES and 3DES to encrypt columns that have been marked for encryption. Key Management is handled by the database. SQL interfaces to Key Management hide the complexity of encryption.

    You can now encrypt entire tablespaces using tablespace encryption. All objects created in the encrypted tablespace are automatically encrypted. See "About Tablespace Encryption" in Chapter 3, "Securing Stored Data Using Transparent Data Encryption" for more information.

    Transparent Data Encryption now enables you to use a hardware security module (HSM) to store the master encryption key. This allows for enhanced security.

    See Also:

    "Supported Encryption Algorithms" for more information on the encryption algorithms that are supported.

    Chapter 3, "Securing Stored Data Using Transparent Data Encryption" for more information on implementing and using Transparent Data Encryption.

  • Kerberos authentication is more secure and manageable

    The Kerberos implementation now makes use of secure encryption algorithms like 3DES and AES in place of DES. This makes using Kerberos more secure. The Kerberos authentication mechanism in Oracle Database now supports the following encryption types:

    • DES3-CBC-SHA (DES3 algorithm in CBC mode with HMAC-SHA1 as checksum)

    • RC4-HMAC (RC4 algorithm with HMAC-MD5 as checksum)

    • AES128-CTS (AES algorithm with 128-bit key in CTS mode with HMAC-SHA1 as checksum)

    • AES256-CTS (AES algoritm with 256-bit key in CTS mode with HMAC-SHA1 as checksum)

    The Kerberos implementation has been enhanced to interoperate smoothly with Microsoft and MIT Key Distribution Centers.

    The Kerberos prinicipal name can now contain more than 30 characters. It is no longer restricted by the number of characters allowed in a database user name.


In this release, the features of Multiplexing and Connection Pooling do not work with SSL transport. Refer to Oracle Database JDBC Developer's Guide and Reference for details of encryption support available in JDBC.