Executive Summary

BIP is a network-level transparent encryption solution for databases—specifically, a network proxy for Microsoft SQL Server that intercepts TDS traffic between apps and the database to encrypt/decrypt specific columns transparently, with no application changes.

It integrates with CipherTrust Manager and Luna HSM 7 for secure key management, supporting deterministic FPE/FF1 and AES-CBC. This enables compliance (PCI DSS, GDPR, etc.) while preserving user experience and compatibility with existing tools.

Key Benefits

• Transparent to apps: no refactor for basic queries.
• Stronger security: keys in HSM/KMS; centralized policy control.
• Compliance‑ready: audit support and separation of duties.
• Fast rollout: drop‑in between client and DB.
• Performance‑aware: column‑level encryption, policy cache, streaming.
• Database Platform Infrastructure Independent: BIP SQL Proxy can protect any MS SQL Database no matter if deployed at On-Premise, IaaS, PaaS or SaaS.

Use Cases

• Protecting PAN and payment data (PCI DSS).
• Encrypting/Masking PII, GDPR, HIPPA, etc. (customers, employees, patients).
• Tokenization/encryption for secure analytics and test data.

How It Works

1. Client connects to BIP (proxy port).
2. Proxy negotiates TDS, detects sensitive columns, and applies policy.
3. Decrypts data back to the client IF db-credential is allowed to receive the data decrypted / encrypts data to the DB.
4. Keys are fetched from CipherTrust Manager (optionally backed by Luna HSM).

Basic flow

flowchart LR
  A[APP] --> B[BIP_sql_proxy]
  B --> C[(DB)]