Product Documentation

Certain applications may have a need to search the SAKA internal database to determine if a specific piece of sensitive data exists. SAKA provides a web service method for performing this task. The method requires four parameters:

DID

The unique encryption domain identifier.

username

The encryption domain username with the authorization to call this web service.

password

The password of the username to authenticate the credential of the requester.

plaintext

The sensitive data to for which to search.

When SAKA receives the request, it verifies the credentials presented against its internal database or an optional LDAP directory server and then determines their authorization to request the search service by determining if they are a member of a SearchAuthorized group. Note that if using LDAP, this group and its members must be created in the LDAP directory as a distinct task of theSAKA installation process; when using the SAKA internal database, this group is created automatically.

If the requester is authorized, SAKA converts the plaintext to an HMAC and searches its RDBMS for the HMAC; if found, the token is returned to the caller and and the search is logged and replicated to other nodes. A non-null return value to the calling application indicates the search was successful.