Automatic Encryption of Data at Rest and in Transit

To comply with GDPR and to ensure that aspects such as security of processing are achieved, personal data must be encrypted, both when at rest and when in transit. For more information about setting up the encryption of data at rest and in transit, see Data at rest and Data in transit, or refer to the OneSpan Authentication Server Administrator Guide and the OneSpan Authentication Server Administrator Reference.

Encryption with file-based key management

During a basic installation of OneSpan Authentication Server with the embedded MariaDB ODBC database, data are automatically encrypted by means of file-based key management. The data-at-rest encryption key file and self-signed ODBC SSL certificates, unique for each organization, are automatically generated, and the ODBC connection is encrypted.

The key file and the self-signed ODBC SSL certificates cannot be customized.

The key file is stored with the MariaDB File Key Management Plugin, which also reads the keys directly from the key file. On Windows, the key file and the ODBC SSL certificates are stored in %PROGRAMDATA%\VASCO\IDENTIKEY . On Linux, these files are stored in /etc/vasco/ias.

If your organization is impacted by the General Data Protection Regulation (GDPR), note that when you select the Advanced installation option, you must ensure that the GDPR requirements are met, and that the database and its connections are adequately encrypted!

For more detailed information about MariaDB and data-at-rest encryption, refer to the OneSpan Authentication Server Installation Guide for Linux or the OneSpan Authentication Server Installation Guide for Windows, the OneSpan Authentication Server Administrator Guide, and the MariaDB product documentation.