Oracle® Database Advanced Security Administrator's Guide 10g Release 2 (10.2) Part Number B14268-02 |
|
|
View PDF |
This section describes new features of Oracle Advanced Security 10g Release 2 (10.2) and provides pointers to additional information. New features information from the previous release is also retained to help those users migrating to the current release.
The following sections describe the new features in Oracle Advanced Security:
Oracle Database 10g Release 2 (10.2) New Features in Oracle Advanced Security
Oracle Database 10g Release 1 (10.1) New Features in Oracle Advanced Security
This release includes the following new feature:
Transparent Data Encryption and Built-in Key Management
Transparent Data Encryption enables you to encrypt data in columns without having to manage the encryption key. Businesses can protect sensitive data in their databases without having to make changes to their applications.
Oracle Advanced Security uses industry standard encryption algorithms including AES and 3DES to encrypt columns that have been marked for encryption. Key Management is handled by the database. SQL interfaces to Key Management hide the complexity of encryption.
See Also:
"Supported Encryption Algorithms" for more information on the encryption algorithms that are supported.Chapter 3, "Transparent Data Encryption" for more information on implementing and using Transparent Data Encryption.
Note:
In this release, the features of Multiplexing and Connection Pooling do not work with SSL transport. Refer to Oracle Database JDBC Developer's Guide and Reference for details of encryption support available in JDBC.This release provides the following new features for strong authentication:
Support for TLS (Transport Layer Security), version 1.0
TLS is an industry-standard protocol which provides effective security for transactions conducted on the Web. It has been developed by the Internet Engineering Task Force (IETF) to be the successor to SSL version 3.0. TLS is a configurable option provided in Oracle Net Manager.
See Also:
Chapter 8, "Configuring Secure Sockets Layer Authentication" for configuration detailsSupport for Hardware Security Modules, including Oracle Wallet Manager Integration
In this release, Oracle Advanced Security supports hardware security modules which use APIs that conform to the RSA Security, Inc., Public-Key Cryptography Standards (PKCS) #11. In addition, it is now possible to create Oracle Wallets that can store credentials on a hardware security module for servers, or private keys on tokens for clients. This provides roaming authentication to the database.
Hardware security modules can be used for the following functions:
Store cryptographic information, such as private keys, which provides stronger security.
Perform cryptographic operations to off load RSA operations from the server, freeing the CPU to respond to other transactions.
See Also:
Certificate Revocation Lists (CRL) and CRL Distribution Point (CRLDP) Support for Certificate Validation
In the current release, you have the option to configure certificate revocation status checking for both the client and the server. Certificate revocation status is checked against CRLs which are located in file system directories, Oracle Internet Directory, or downloaded from the location specified in the CRL Distribution Point (CRL DP) extension on the certificate. The orapki
utility has also been added for CRL management and for managing Oracle wallets and certificates.
See Also:
"Certificate Validation with Certificate Revocation Lists" for details
Appendix F, "orapki Utility" for details about orapki
command line utility