Data Encryption

Encryption of Data

Encryption of Data is possible in two different places

• Encryption of the Data in the Database.
• Encryption of the Datatransfer between AMT Screens or the Webclient and the Application Server

Encryption of Data Fields in the Database can be set in Field properties.

Encryption of Data Transfer between AMT Screens or the Webclient and the Application Server can be set
set when editing the Screen Layout of the Form in the Lion Developer. Note that encryption of Data Transfer is
not available on all objects.

Encryption of Webservices is not possible.

 

Encryption Methods

In LION 5.4 and higher there are two methods of encryption available.

• The encryption method used in LION 5.3.
• A modern strong encryption method according to the PCI Data Security Standard using AES 256 bit algorithms and asymmetric keys for data encryption and RSA symmetric encryption for secure storing and transmission of the asymmetric keys itself.

The LION 5.3 encryption is the default encryption. To enable the modern PCI Data Security Standard encryption first the steps described in Enabling PCI dss encryption must be followed. If the setup described there is not completed correctly the Developer will still use the default encryption.

For optimal security, Avanade recommends to use the modern PCI Data Security Standard encryption and to convert
data encrypted according to the LION 5.3 method to the new encryption method. The PCI Data Security Standard also supports
encryption of Unicode characters, thus enabling the usage of different character sets