Previous Topic: Viewing the Status of Cache Refresh RequestsNext Topic: Configuring Custom Locales

CA Risk Authentication Administration GuideGetting StartedConfiguring CA Risk Authentication SettingsConfiguring Attribute Encryption

Configuring Attribute Encryption

By default, CA Risk Authentication stores the user-related data in plain format in the database tables that you seed during installation. To encrypt this data, you need to use the Attribute Encryption Set Configuration page and select the user attributes that you want to encrypt. See appendix, "Multi-Byte Character and Encrypted Parameters" for the list of attributes that can be stored in an encrypted format.

To configure attribute encryption and data masking:

  1. Ensure that you are logged in as the MA.
  2. Activate the Services and Server Configurations tab.
  3. Click the CA Advanced Authentication option on the submenu of the tab.
  4. Under the System Configuration section on the side-bar menu, click the Attribute Encryption Configuration link to display the page.

    Note: If you choose to encrypt the User Identifier attribute, all the following attributes that help in uniquely identifying the user are also encrypted:
    – User ID
    \*E2\*80\*93 Account ID
    – Account ID attributes

  5. In the Select Attribute(s) for Encryption section, select the attributes that you want to encrypt from the Available Attributes for encryption list to the Attributes Selected for encryption list.

    Click the > or < buttons to move selected attributes to the desired list. You can also click the >> or << buttons to move all attributes to the desired lists.

  6. In the Data Masking Configuration section, specify the parameters described in the following table.

    Note: Data masking is the process of hiding specific elements within the actual data string. It ensures that sensitive data is replaced with some data other than the real one.

Parameter

Description

Type

Select an option from the drop-down list to Mask or Unmask the attributes configured for encryption.

Start Length

The number of characters to be masked or unmasked from the start of the actual data string.

End Length

The number of characters to be masked or unmasked from the end of the actual data string.

Masking Character

The character that will be used to mask (hide) the actual data.
  1. Click Save to save your changes.
  2. Refresh all deployed CA Risk Authentication Server instances.

    See "Refreshing the Cache" for instructions on how to do this.

Examples of Masking and Unmasking

If you want to mask a user name that has been configured for encryption, and the Start Length, End Length, and Masking Character are 2, 2, and *, then the user name "mparker" is masked as "**ark**".

If you want to unmask a user name that has been configured for encryption, and the Start Length, End Length, and Masking Character are 2, 2, and *, then the user name "mparker" is unmasked as "mp***er".