Setting Up Bank Account Encryption

Prior to using the Bank Account Encryption feature, you must set up Algorithm Keysets and Encryption Profiles in PeopleTools setup. Then, you must run the Bank Account Number Encryption process to encrypt and mask bank account number in existing FSCM tables.

To set up Algorithm Keysets and Encryption Profiles in PeopleTools:

  1. Define Algorithm Keysets using the Algorithm Keyset page (PeopleTools, Security, Encryption, Encryption Algorithm Keyset).

    For existing Algorithm ID's, create a Keyset ID and Key Value. You must create two Keyset IDs; one for encryption and one for decryption. The Keyset ID and Key Value should be the same for the encryption and decryption Algorithm ID's.

    PeopleSoft delivers Keyset ID's with empty Key Values. You must set the Key Value per your business and security requirements.

    See PeopleTools: Administration Tools, Security Administration, Securing Data with PeopleSoft Encryption Technology.

  2. Verify two delivered Algorithm Chain ID's using the Algorithm Chain page (PeopleTools, Security, Encryption, Encryption Algorithm Chains).

    Algorithm Chain ID

    Algorithm Chain Description

    Algorithm ID

    FSCM_AES_CBC_256_DEC

    FSCM Account Number Decryption

    aes_ks256_cbc_decrypt

    FSCM_AES_CBC_256_ENC

    FSCM Account Num Encrypt

    aes_ks256_cbc_encrypt

  3. Select a Parameter Value from the look up option on the Encryption Profile page (PeopleTools, Security, Encryption, Define Encryption Profiles).

    • Encryption Profile ID is FSCM_ACCT_NUM_DECRYPT and Algorithm Chain ID is FSCM_AES_CBC_256_DEC.

    • Encryption Profile ID is FSCM_ACCT_NUM_ENCRYPT and Algorithm Chain ID is FSCM_AES_CBC_256_ENC.

  4. (Optional) Test your encryption profiles using the Encryption Demo page (PeopleTools, Security, Encryption, Test Encryption Profiles).

    This test converts a bank account number to an encrypted value and converts an encrypted value to a bank account number.

To encrypt and mask bank account number in existing FSCM tables, use the Bank Account Number Encryption Page. To re-encrypt the bank account numbers, use the Manage Bank Account Encryption Page.

After setting up Algorithm Keysets and Encryption Profile ID's in PeopleTools, run the Bank Account Number Encryption process to encrypt and mask bank account numbers in existing FSCM tables.

Page Name

Definition Name

Usage

Bank Account Number Encryption Page

CRYPTPRFL_CONF

To encrypt and mask bank account numbers in existing FSCM tables. This is a one-time process.

Manage Bank Account Encryption Page

CRYPTPRFL_CONF_MGR

To re-encrypt the bank account numbers stored in the database with a new Profile ID.

Use the Bank Account Number Encryption page (CRYPTPRFL_CONF) to encrypt and mask bank account numbers in existing FSCM tables. This is a one-time process.

Navigation:

Setup Financials/Supply Chain > Common Definitions > Encryption Configuration > Bank Account Number Encryption

This example illustrates the fields and controls on the Bank Account Number Encryption page after the FSCM_CRYPTAE process has run.

Bank Account Number Encryption

Note: When running this process, make sure that other processes are not running as this process updates many FSCM tables and data could be compromised.

When running this process for the first (and only) time:

  1. Select the delivered encryption and decryption profile ID's.

  2. Select the Validate Profiles button.

    This step confirms and validates the algorithm keysets for both profiles. If the Profile Status changes to Valid, the Run button appears. If the Profile Status does not change to Valid, check the algorithm keysets for both Profile ID's.

  3. Select the Run button to run the FSCM_CRYPTAE process, which encrypts and masks bank account numbers and IBAN ID's in existing FSCM tables.

Use the Manage Bank Account Encryption page to re-encrypt the bank account numbers stored in the database with a new profile ID.

Navigation:

Setup Financials/Supply Chain > Common Definitions > Encryption Configuration > Manage Bank Account Encryption

This example illustrates the fields and controls on the Manage Bank Account Encryption page

 Manage Bank Account Encryption Page

The Manage Bank Account Encryption page is editable only when the existing Bank Account Encryption process is run.

The existing encryption and decryption profile ID's are populated automatically. Enter the new encryption and decryption profile ID's. Validate the profiles and run the process similar to the Bank Account Number Encryption page.

When running this process, make sure that other processes are not running as this process updates many tables and data could be compromised.