Data Protector Utility

Configure UXP Technology into any Machine-to-Machine Data Flow

The Data Protector is an independent process that stands alone for protecting and accessing data targeting the machine-to-machine business data flow. This utility performs automated tasks within the existing data flow customized to the security needs of the data as defined by the owner. It does not require integration with existing software applications or data process flows.

The Data Protector facilitates the automatic creation and accessing of protected UXP Objects. 

The Data Protector functions in most environments. 

Function

Using the Data Protector, data owners can define and assign automated UXP Tasks suited for their specific data flow. The Data Protector operates on the surface as a Task Manager and collaborates with a process running in the background, the Sertainty Agent. The Agent schedules and monitors the Data Protector Task activity for execution as well as other technical functions for this utility.

To see a brief demonstration of a completed and activated Data Protector workflow, click below to watch the final video in the Data Protector training video series. The full series is located on the Data Protector Resources page.

Data Protector Task Configuration Components

The core pre-built tasks are:

  • Auto-Unprotect
  • Auto-Protect

Two task types exist:

  • Change-Task
  • Time-Task (scheduled)

Included in a single task are:

  • A machine UXP Identity
  • An executable script
  • Folder locations
  • Other required script parameters for task execution

Machine UXP Identity: Prior to configuring a Task, a UXP Identity must be generated from the destination node.

The machine UXP Identity generated is based on the destination node’s unique machine User Definition.

The Definition includes:

  • Challenge Pairs, automatically generated
  • Machine’s unique digital fingerprint

Specific to UXP Technology, a machine User Definition includes the unique digital fingerprint for the designated machine where the dataset is permitted access.

Creating a machine profile involves a distinctive UXP Technology process that occurs when the machine UXP Identity is generated. The process begins physically on the machine where the Technology generates a unique digital fingerprint for that specific device.

The result is the unique digital fingerprint locking it to that single machine. These attributes are never revealed as they are collected nor are they visible when housed in the UXP Identity or when utilized during Object generation. This machine profile with its unique digital fingerprint is now defined as the user that is permitted dataset access.

On the Data Protector Resources page in the video series, Video 6 and 7 discuss and demonstrate generating a machine Identity. The generation process is automated using a wizard.

  • Executable: Executables used in Task configuration are predefined proprietary *.uxl script templates or custom programs provided in the Data Protector.
  • Folder Location: These folders reference folders that already exist in the workflow.
  • Other: Other includes parameters noted in the Features section above.

Sertainty Agent

The Sertainty Agent is a background process that handles several critical functions on behalf of the Data Protector.

Once Data Protector Tasks are configured and activated, the utility and the Sertainty Agent function together. In order for the Data Protector Tasks to execute, the Sertainty Agent must be running in the background.

The Sertainty Agent executes the script defined in the task configuration. All other processes within the data flow are managed by the existing software or applications.

In the Workflow Guide the Sertainty Agent is called the Sertainty Workflow Agent. For more information, see the Workflow Guide/Section 1 Sertainty Workflow Agent.

Tasks

Data Protector Tasks are the technical instructions configured for automated processes. A group of Tasks for a specific workflow are referred as a configuration in the Data Protector.

Task examples include, but not limited to the following:

Auto-Unprotect

The Auto-Unprotect is a process for automatically determining trust for data access and extraction from a UXP Object. This process is configured to execute on a destination node. The destination node is the designated location where UXP Objects are received and the Auto-Unprotect Task executes.

Prior to configuring the Auto-Unprotect Task, the machine UXP Identity along with the associated Auto-Unprotect script must be already generated for the destination node.

When the Unprotect Task executes on the destination node, a validation process begins. The Identity credentials embedded in the Auto-Unprotect script must match the UXP Object’s Identity credentials. An additional check occurs; the destination node’s digital fingerprint must match the script and the Object. If anything fails to match between the three elements, access to the UXP Object is denied.

Auto Protect

The Auto-Protect is a process for automatically creating UXP Objects in a workflow. This process is configured to execute on a source node. The source node is the origin for UXP Object creation.

Prior to configuring, a copy of the machine Identity for the destination node is required on the source node.

The Auto-Protect script utilized is a pre-built *.uxl script provided in the Data Protector.

Benefits

  • Seamless leverage of Sertainty UXP Core Technology without writing code
  • Data-centric
  • Access and mitigation policies are defined in the UXP Identity
  • Non-invasive integration with existing applications and data transfer processes. No code changes are required.
  • Utilizes existing data transport process
  • Auditing capabilities
  • Notification capabilities

Features

  • Data Protector process is defined as either:
    • Change-Task: watches a folder for changes and processes new files
    • Timed-Task: executes the action based on a scheduled interval
  • Executable can be created using:
    • UXL Script Engine (*.uxl)
    • Native binary or native script (*.exe, *.bat, *.sh., etc.)
  • Configurable:
    • Number of files included in each UXP Object
    • File types
  • Log file generation

Restrictions

  • Fully automated workflows only support machine-to-machine workflows.
  • Each Data Protector Task runs in its own thread.
  • Mobile currently is not supported.