Thursday, July 10, 2014

#14 SOA 12c New Features - Encrypting personally identifiable information (PII)

Great new feature enabling the encryption of sensitive data such as credit card number or SSN.

Here is a simple example of a order process where I can encrypt the (credit card number) field.

Here is my order XSD.

The BPEL process just assigns input to output.

Here is the composite view -

Notice the lock icon on the exposed service. Here I have defined the encryption.

Steps -

Select the data to be encrypted -

Note the key name -

I know this is probably preaching to the converted, however - to reiterate -
e.g. one needs to decrypt the ccnr before sending it on to the CreditCardValidation Service.

Now all we need to do is create the csf key.
We can use WLST to do this -

Open a CMD window in the following directory

Enter the cmd:
then you will see the prompt
key="pii-csf-key", user="weblogic", password="welcome1", desc="Key for

You will see the confirmation

Now deploy and test -

Review the BPEL audit trail

Now wasn't that easy!

Now to decryption -

The BPEL process now calls the credit card validation service - the argument passed is the ccnr.
So I need to decrypt before calling -

The web service's logic is pretty banal -

Deploy and Test

No comments: