Setting Up Bank Account Encryption
Prior to using the Bank Account Encryption feature, you must set up Algorithm Keysets and Encryption Profiles in PeopleTools setup. Then, you must run the Bank Account Number Encryption process to encrypt and mask bank account number in existing FSCM tables.
To set up Algorithm Keysets and Encryption Profiles in PeopleTools:
Define Algorithm Keysets using the Algorithm Keyset page (PeopleTools, Security, Encryption, Encryption Algorithm Keyset).
For existing Algorithm ID's, create a Keyset ID and Key Value. You must create two Keyset IDs; one for encryption and one for decryption. The Keyset ID and Key Value should be the same for the encryption and decryption Algorithm ID's.
PeopleSoft delivers Keyset ID's with empty Key Values. You must set the Key Value per your business and security requirements.
See PeopleTools: Administration Tools, Security Administration, Securing Data with PeopleSoft Encryption Technology.
Verify two delivered Algorithm Chain ID's using the Algorithm Chain page (PeopleTools, Security, Encryption, Encryption Algorithm Chains).
Algorithm Chain ID
Algorithm Chain Description
Algorithm ID
FSCM_AES_CBC_256_DEC
FSCM Account Number Decryption
aes_ks256_cbc_decrypt
FSCM_AES_CBC_256_ENC
FSCM Account Num Encrypt
aes_ks256_cbc_encrypt
Select a Parameter Value from the look up option on the Encryption Profile page (PeopleTools, Security, Encryption, Define Encryption Profiles).
Encryption Profile ID is FSCM_ACCT_NUM_DECRYPT and Algorithm Chain ID is FSCM_AES_CBC_256_DEC.
Encryption Profile ID is FSCM_ACCT_NUM_ENCRYPT and Algorithm Chain ID is FSCM_AES_CBC_256_ENC.
(Optional) Test your encryption profiles using the Encryption Demo page (PeopleTools, Security, Encryption, Test Encryption Profiles).
This test converts a bank account number to an encrypted value and converts an encrypted value to a bank account number.
To encrypt and mask bank account number in existing FSCM tables, use the Bank Account Number Encryption Page. To re-encrypt the bank account numbers, use the Manage Bank Account Encryption Page.
After setting up Algorithm Keysets and Encryption Profile ID's in PeopleTools, run the Bank Account Number Encryption process to encrypt and mask bank account numbers in existing FSCM tables.
Page Name |
Definition Name |
Usage |
---|---|---|
CRYPTPRFL_CONF |
To encrypt and mask bank account numbers in existing FSCM tables. This is a one-time process. |
|
CRYPTPRFL_CONF_MGR |
To re-encrypt the bank account numbers stored in the database with a new Profile ID. |
Use the Bank Account Number Encryption page (CRYPTPRFL_CONF) to encrypt and mask bank account numbers in existing FSCM tables. This is a one-time process.
Navigation:
Note: When running this process, make sure that other processes are not running as this process updates many FSCM tables and data could be compromised.
When running this process for the first (and only) time:
Select the delivered encryption and decryption profile ID's.
Select the Validate Profiles button.
This step confirms and validates the algorithm keysets for both profiles. If the Profile Status changes to Valid, the Run button appears. If the Profile Status does not change to Valid, check the algorithm keysets for both Profile ID's.
Select the Run button to run the FSCM_CRYPTAE process, which encrypts and masks bank account numbers and IBAN ID's in existing FSCM tables.
Use the Manage Bank Account Encryption page to re-encrypt the bank account numbers stored in the database with a new profile ID.
Navigation:
The Manage Bank Account Encryption page is editable only when the existing Bank Account Encryption process is run.
The existing encryption and decryption profile ID's are populated automatically. Enter the new encryption and decryption profile ID's. Validate the profiles and run the process similar to the Bank Account Number Encryption page.
When running this process, make sure that other processes are not running as this process updates many tables and data could be compromised.