Some business operations require performing periodic cryptographic operations on millions of records. While the standard web services are capable of receiving such large requests individually, the operations can be made significantly more efficient by submitting the input data in an eXtensible Markup Language (XML) file and performing the operation on the appliance without authenticating and authorizing each request (except for the first), and by eliminating the network round-trips for each web service call.
SAKA provides four (4) web service methods for encrypting, decrypting, deleting, and searching for sensitive data using XML-based files in batch mode.
The XML input file conforms to the SKLESBatchInput element, defined in the SAKA XML Schema Definition (XSD) file supplied with the appliance. Any number of records may be processed through batch files more efficiently; the only limitation to the number of records in such a batch file would be the appliance's operating system limit on the file size.
NOTE: An XML input file with one million 16-digit credit card numbers, and conforming to the SAKA XSD, uses a little less than 40 megabytes of space, or approximately 25,000 records per megabyte of space. Based on this, a one-Gigabyte file can store 25 million input records. An input file with the maximum file size limitation of Linux (8 Terabytes) can accommodate 200 billion credit card numbers. |
The appliance processes the input file in batch mode: it performs just a single authentication and authorization check, a single verification of the encryption domain's status and proceeds to execute the requested cryptographic operation for each record in the input file. It writes the result to a different XML file corresponding the SKLESBatchOutput element in the SAKA XSD. The input and output files may be transferred to and from the appliance using the Secure File Transfer Protocol (SFTP), secure NFS, or SAMBA over TLS.