1. Managing Customers
  2. Managing Customer Data
  3. Masking Sensitive Customer Data

29 Masking Sensitive Customer Data

Learn how to mask sensitive customer data in Oracle Communications Billing and Revenue Management (BRM).

Topics in this document:

About Masking Sensitive Customer Data

You can prevent access to and logging of sensitive customer data, such as banking information and passwords, by masking the string data fields that store this information. BRM client applications, transaction messages, and logs can contain sensitive information.

Note:

By default, data masking is enabled to protect sensitive data.

Masking Sensitive Data in Logs When Using Client Applications

Portal Communication Module (PCM) C++ and PCM Java client applications log flists containing sensitive customer data before calling the CM for processing. Client application logs can contain flists in either the standard BRM format or in XML format. Standard format flist fields configured for masking are automatically hidden before logging by the PIN_FLIST_TO_STR macro. To mask sensitive data in flists stored in XML format during logging, your client application must call the XMLToFlist class included in the pcm.jar file.

For more information on developing PCM C++ and Java client applications see "Creating Client Applications by Using PCM C++" and "Creating Client Applications by Using Java PCM" in BRM Developer's Guide.

Masking Additional Fields in Client Application Logs

BRM masks the following string data fields in client application logs for standard format flists and XML flists processed by the XMLToFlist class:

  • PIN_FLD_PASSWD

  • PIN_FLD_PASSWD_CLEAR

  • PIN_FLD_DEBIT_NUM

  • PIN_FLD_DEBIT_EXP

  • PIN_FLD_BANK_NO

  • PIN_FLD_BANK_ACCOUNT

  • PIN_FLD_BANK_ACCOUNT_NO

  • PIN_FLD_IBAN

You can add additional fields to be masked, including custom fields, in client application logs based on your security requirements. A list of default BRM fields are defined in the pin_flds.h file while custom fields are found in the cust_flds.h file. See "Creating Custom Fields and Storable Classes" in BRM Developer's Guide for information on adding custom fields.

To mask additional fields in logs of PCM C++ applications:

  1. Open the BRM_home/include/pin_flds.h file or the BRM_home/include/cust_flds.h file and obtain the field IDs you want to mask.

  2. For each field requiring masking, add a line at the end of either the pin_flds.h or cust_flds.h file using the following syntax: 

    #define Field_Name PIN_MAKE_FLD(Field_Name,ID)
Field_Name masked

    where Field_Name is the string field to mask in PCM C++ client application logging, and ID is the BRM assigned ID for the field. For example, mask the PIN_FLD_CHECK_NO field by using the following line: 

    #define PIN_FLD_CHECK_NO PIN_MAKE_FLD(PIN_FLDT_STR, 931)
PIN_FLD_CHECK_NO masked

    Note:

    Ensure that your cust_flds.h file does not contain duplicate entries.

  3. Save the file.

  4. If only masking additional fields in pin_flds.h, restart the CM.

To mask fields defined in cust_flds.h, complete the following additional steps:

  1. Make a copy of your cust_flds.h file named masked_fields.

  2. Run the BRM_home/bin/parse_custom_ops_fields.pl perl script which generates the masked_fields.dat file using the following syntax: 

    perl -S parse_custom_ops_fields.pl -L pcmc -I masked_fields -O masked_fields.dat

  3. Add the following entry in the pin.conf file for your PCM C++ client application: 

    - - ops_fields_extension_file path/masked_fields.dat

    where path is the path to the masked_fields.dat file.

    Note:

    The pin.conf file must only have one -- ops_fields_extension_file entry. If you already have a cust_flds.h file, append your masking entries in the same file and generate a single masked_fields.dat file.

  4. Restart the CM.

To add additional string data fields for masking in logs of PCM Java applications:

  1. Open the BRM_home/include/pin_flds.h file or the BRM_home/include/cust_flds.h file and obtain the field IDs. BRM assigns each field a numerical value listed at the end of each row. Use this field ID in the Infranet.properties file for masking. For example, the field ID for the PIN_FLD_CHECK_NO field is 931: 

    #define PIN_FLD_CHECK_NO PIN_MAKE_FLD(PIN_FLDT_STR, 931)

  2. Open the Infranet.properties file for your PCM Java application in a text editor.

  3. Add a line for each additional field to be masked using the following syntax:

    infranet.custom.masked.field.field_id=masked

    where field_id is the field ID for the default or custom field you want to mask.

  4. Save the file.

  5. Verify that the Infranet.properties file is included in the CLASSPATH of the PCM Java client application process.