Bookshelf v7.5: Business Component Encryption

Security Guide for Siebel eBusiness Applications > Communications and Data Encryption >

Business Component Encryption

This section describes how to use Siebel Tools to enable and disable encryption for business components fields.

Encrypting field data is subject to the following restrictions and requirements:

Encrypted field data is retrieved, decrypted, and displayed when records are selected. However, users cannot query or sort on the unencrypted values for these fields. Indexing columns for encrypted fields offers no benefit, because only the encrypted values are indexed.

Encrypted data requires up to 2.5 times more storage space in the database than unencrypted data. You must specify appropriate data length for the affected columns. For example, data 10 characters long uses 25 characters when encrypted, data 30 characters long uses 44 characters when encrypted, and so on.

All business component fields that are mapped to the same database column must have encryption turned on and must use consistent user property settings as described in this section.

Any business component field that is to store encrypted data must be active.

For more information about performing some of the tasks described in this section, see Siebel Tools Reference.

Siebel Systems provides the RC2 Encryptor, based on RSA encryption, to allow you to encrypt data fields. For information about using the RC2 Encryptor to add encryption keys to the keyfile and change the keyfile password, see RC2 Encryption Administration.

Setting Encryption User Properties

Application developers can encrypt fields in a business component by setting the encryption user properties described here. When encryption is turned on, data written to the field is encrypted and data read from the field is decrypted.

To turn on encryption

Start Siebel Tools.

Select the business component that contains the field you want to encrypt.

Select the field you want to encrypt.

For example, in the Quote business component, the Credit Card Number field has field user properties for encryption.

In the field user properties, set the following encryption values:


Field User Property	Value	Description
Encrypted	`Y`	`Y` indicates the field is encrypted. `N` indicates the field is not encrypted.
Encrypt Service Name	`RC2 Encryptor`	Sets the type of encryption to use for the field.
Encrypt Key Field	`KeyIndexField`	Specify the field on the business component where the encryption key index is stored. For the Credit Card Number field in the Quote business component, this user property is set to Credit Card Number Key Index.
Encrypt ReadOnly Field	`CalculatedField`	Specify a calculated field that determines whether the data in the encrypted field is read-only. Storing the data in read-only form may allow someone to recover it later. For example, for the Credit Card Number field in the Quote business component, this user property is set to the calculated field Credit Card Number - Read Only. The calculated value of Credit Card Number - Read Only is Y (TRUE) if encryption or decryption fails—the field data is read-only. The calculated value is N (FALSE) if encryption or decryption succeeds—the field data is editable. If you need to create an equivalent field for another business component, set it as calculated and do not specify a field value.

Table 3 shows some examples of Key Index Fields for business components.

Table 3. Encryption Key Index Fields
Business Component	Field	Key Index Field
Auction Invoice	Credit Card Number	Credit Card Number Key Index
FS Invoice	Credit Card Number	Credit Card Number Key Index
Order Entry - Orders	Credit Card Number	Credit Card Number Key Index
Personal Payment Profile	Account Number	Account Number Key Index
Quote	Credit Card Number	Credit Card Number Key Index
Cfg Favorites Quote Item	Credit Card Number	(Create a new field)
Get Users Data	PayAccntNum	(Create a new field)