1. Field of the Invention
The present invention relates generally to the data processing field, and more particularly to a computer implemented method, system, and computer usable program code for selectively encrypting sensitive data in a distributed system.
2. Description of the Related Art
Data communication using distributed systems has grown exponentially in recent years because of enhanced communications standards and network availability. In distributed systems, messages are passed between a client and a server. As herein defined, a message or data transmission is any communication, transmission, file, program, object, attribute, field, or other data stream passed between servers interconnected by a network.
These messages contain data that may or may not be sensitive or confidential. If a message contains data that is sensitive, the message is protected prior to transport to ensure the security of the data as it flows across the network so that only the intended recipient can access the content of the message.
This security technique, commonly known as transport layer security, provides privacy and data integrity between two communicating applications. The protection occurs in a layer of software on top of the base transport protocol. In many cases, the security provided by a Secure Sockets Layer (SSL) communications link occurs through the use of encryption technology to ensure the integrity of the message in a network. The secure sockets layer provides confidentiality by ensuring the message content cannot be read. Because communications are encrypted between the sending and receiving parties, a third party cannot tamper with the message.
Encryption of data is a commonly applied method that is used for denying access to sensitive information to those who, generally, should not have access. The simple encryption of data being communicated between two points provides a single level of security. Encryption invoked using a transport layer security measure limits communication deciphering to those with access to the key. Anyone who has the key is privy to any communication at any location.
Data encryption at the transport level normally envelops total encryption of all of the data contained within the message. Through the secure sockets layer, the entire conversation is encrypted and transmitted between object request broker client and an object request broker server. The total encryption method necessitates the decryption of the entire conversation to intelligently interpret any of the data.
Total encryption is not always efficient because even if only a small portion of the data is sensitive, the entire message is necessarily encrypted and decrypted for the purpose of confidentiality. Additionally, most data theft occurs from within the organization that houses the data rather than from external interception and decryption. As a result, most encryption processing, efforts, and resources are not necessary or misplaced.