Forum OpenACS Q&A: Response to Encryption of data

Posted by David Walker on
I don't have any current systems that store credit card numbers but I do have one site that requires encrypted data storage for private information. For that I'm using the loopback encrypted filesystem with the crypto kernel patch for the Linux 2.2.18 kernel.

I'd actually like to implement a system similar to what Philip Greenspun describes with a public and private key but in a slightly different way. (unless a credit card processor can or already has been convinced to implement the public/private key method of handling credit card numbers)

My idea would require a separate machine that contacts the credit card processor for a decision. A public and private key are generated and the public key is stored only on the web server, the private key only on the card processor server.
  • The web server machine receives the order and stores the encrypted credit card number using our public key.
  • The web server machine triggers the credit card processor machine to retrieve a decision
  • The card processor machine decrypts the credit card number using the private key and makes the SSL connection or whatever secure means the credit card processor has set up and retrieves the decision, storing it in the database
If an instant decision is required then some communication may be required between the web server and the processor machine but that can be limited to something like "get me a decision for order #2341". "OK, I'm done with order #2341. Go check the database for my decision".

The store we used to run a couple of years ago (discontinued for reasons completely unrelated to security) used to store the credit card numbers in plain text and depend on our wonderful security elsewhere to keep them safe.