FLIES - Frankenstein-Limes Integrated Extended Security

The product family FLIES encompasses all components of the FL5 infrastructure that serve for the administration of compressed and encrypted FLAM archives. These component do not have the means to access the plain data contents. They can, however, manage the compressed and encrypted segments. This includes, beside re-keying (REKEY), searching (FIND) within compressed and encrypted data sets. Search results are a relatively small set of compressed and encrypted segments that is returned to the requestor while the archive manager gets no clue about the true data contents. An authorized requestor can continue searching with FLAM within the result set and obtain either through the record interface the record he was looking for or through the element interface the elements he was searching in plain, readable form. The separation of FLIES and FLAM allows creating central resources (cloud, headends, archives) that can centrally manage the data by FLIES with no access to the contents which, in turn, can be accessed with FLAM only by persons authorized to do so.

 

Splitting the components between FLAM and FLIES provides better security, particularly in environments where this is not done in a proven way through the key management of hardware security modules. Basically, however, it is more advisable to rely on the key-management functions (FKME) of FLAM and FLIES then on the sepearation of executables or load modules.