The customer owns a considerable number of proprietary formulations for products relating to their business area of thermosetting plastics and silicones. Each formulation is a recipe for the production of a plastic product enjoying specific physical and/or chemical characteristics.
This intellectual property is a key business asset.
The aim of the project was to establishment a database capable of ensuring the ongoing confidentiality of the data overall while allowing the organisation's research chemists improved access to this valuable resource.
Table of suppliers with addresses and contact names.
Table of materials with current price, specific gravity and a link to the supplier table.
Table of Products with attribute data.
Table of Product formulations with links to relevant entries in the materials table.
Facilities for printing individual formulations, materials lists and product listings.
Facilities will be provided to allow the searching of the product database for products possessing attributes within specified ranges or those including specified materials in their formulation.
Search results will be presented in a list format with "drill down" into individual product specifications and formulations.
Security was a major issue for this project, and the following areas were considered.
Software security:
Password access to the program - to limit the facilities offered to individual users.
Password protected database.
Physical Security:
The company had already identified the advantages of implementing the proposed database on a PC that included physical adaptations to preclude data copying or printing.
Advantages: Simple to implement. Precludes screen copying and printing. Ensures the physical security of the database.Disadvantage: Data is only available on a single machine. Data security back-up procedures may be time consuming and there would be a need to secure the back-up media.Encryption:
Light Encryption: The simplest encryption option is to use a straightforward rule based algorithm to encrypt the data being stored in the database.Advantages: The data encryption would quickly discourage any casual attack that managed to break through the password protection of the database. Any continued attack would require access to suitable computer based tools. The customer could (should necessity arise) pass details of the rule based encryption procedure to any trusted third party allowing them to access the stored data from a suitable program.Disadvantages: Unlikely to protect the data from a determined attack by a knowledgeable cryptanalyst.Key Cipher Encryption Key cipher encryption could be applied to all or selected sections of the data (such as the formulation) being stored in the database. We can apply ciphers based upon a key with a length ranging from 32 bits to 488 bits. A wisely selected key would make the data unreadable to even the most effective cryptanalysisAdvantages: Capable of providing unbreakable security for the encrypted data in the database.Disadvantages: Decryption is impossible without the key and some knowledge of the encryption algorithm used. Losing the key would mean that the stored data could never be recovered.