Managed Accounts with Impersonation
Managed Users - Private Containers
In this model, private containers are still set up by a participant, but the system owner has access to private keys and can utilize these to access content. This access allows administrators to "impersonate" users when necessary, to access information stored in these containers. It is suited to environments that require stricter oversight, but do not necessitate regular content modification.
Such a setup requires the system owner to generate and store all Private Keys in a safe place and use them only in extreme situations. Since the users still create their containers, only impersonation (using participant's Private Key) can grant full access to the container content.
System Roles
The table below outlines system roles in this scenario:
| Application | Application Server | PrivMX Bridge | |
|---|---|---|---|
| Generating Users' Key Pair | |||
| Storing Users' Private Keys | |||
| Storing Users' Public Keys | |||
| Registering Users' Public Keys in Bridge | |||
| Creating and managing containers | |||
| Storing always encrypted data |
Example Applications:
- Data Management in Healthcare: Hospitals may require administrators to access patient records or test results during emergencies, where key management enables rapid access without direct user involvement.
- Compliance in Financial Systems: Financial institutions may need administrators to monitor client resources to comply with regulatory standards, ensuring the information remains auditable.