Always Encrypted
E56730
Always Encrypted is a SQL Server security feature that protects sensitive data by encrypting it both at rest and in transit while keeping encryption keys only on the client side.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Always Encrypted canonical | 3 |
How this entity was disambiguated
This entity first appeared as the object of triple T452367 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Always Encrypted Context triple: [SQL Server, supportsFeature, Always Encrypted]
-
A.
AES-GCM
AES-GCM is an authenticated encryption mode of the Advanced Encryption Standard that provides both data confidentiality and integrity, widely used in modern network and security protocols.
-
B.
Probabilistic Encryption
Probabilistic Encryption is a cryptographic technique that uses randomness in the encryption process so that the same message encrypts to different ciphertexts, enhancing security against attackers.
-
C.
Advanced Encryption Standard
Advanced Encryption Standard is a widely used symmetric block cipher standard that secures digital data in applications ranging from wireless networks to government communications.
-
D.
Diffie–Hellman key exchange
Diffie–Hellman key exchange is a foundational cryptographic protocol that enables two parties to securely establish a shared secret over an insecure communication channel.
-
E.
AES-CTR
AES-CTR is a widely used symmetric-key encryption mode that turns the AES block cipher into a fast, parallelizable stream cipher by encrypting successive counter values and XORing them with the plaintext.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Always Encrypted Target entity description: Always Encrypted is a SQL Server security feature that protects sensitive data by encrypting it both at rest and in transit while keeping encryption keys only on the client side.
-
A.
AES-GCM
AES-GCM is an authenticated encryption mode of the Advanced Encryption Standard that provides both data confidentiality and integrity, widely used in modern network and security protocols.
-
B.
Probabilistic Encryption
Probabilistic Encryption is a cryptographic technique that uses randomness in the encryption process so that the same message encrypts to different ciphertexts, enhancing security against attackers.
-
C.
Advanced Encryption Standard
Advanced Encryption Standard is a widely used symmetric block cipher standard that secures digital data in applications ranging from wireless networks to government communications.
-
D.
Diffie–Hellman key exchange
Diffie–Hellman key exchange is a foundational cryptographic protocol that enables two parties to securely establish a shared secret over an insecure communication channel.
-
E.
AES-CTR
AES-CTR is a widely used symmetric-key encryption mode that turns the AES block cipher into a fast, parallelizable stream cipher by encrypting successive counter values and XORing them with the plaintext.
- F. None of above. chosen
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
SQL Server security feature
ⓘ
data encryption technology ⓘ |
| appliesTo |
Azure SQL Database
ⓘ
Azure SQL Managed Instance ⓘ SQL Server ⓘ
surface form:
Microsoft SQL Server
|
| category |
data protection
ⓘ
database security ⓘ |
| designedFor |
protecting credit card numbers
ⓘ
protecting financial data ⓘ protecting health information ⓘ protecting national identification numbers ⓘ |
| deterministicEncryptionAllows | equality comparisons ⓘ |
| developedBy | Microsoft ⓘ |
| differsFrom | Transparent Data Encryption by encrypting data in use on server side ⓘ |
| doesNotSupport |
LIKE operator on randomized encrypted columns
ⓘ
range queries on encrypted columns without special techniques ⓘ |
| encrypts | specific database columns ⓘ |
| helpsWith |
compliance requirements
ⓘ
data privacy regulations ⓘ |
| integratesWith |
SQL Server Management Studio
ⓘ
Visual Studio ⓘ |
| introducedIn |
SQL Server
ⓘ
surface form:
SQL Server 2016
|
| isTransparentTo | database engine ⓘ |
| limits | operations on encrypted columns ⓘ |
| performsDecryption | on client side ⓘ |
| performsEncryption | on client side ⓘ |
| prevents |
DBA from seeing plaintext data
ⓘ
database engine from seeing plaintext data ⓘ high-privilege users from seeing plaintext data ⓘ |
| protects | sensitive data ⓘ |
| randomizedEncryptionDisallows | equality joins ⓘ |
| randomizedEncryptionProvides | higher security ⓘ |
| relatedTo | Transparent Data Encryption ⓘ |
| requires |
enabled client driver
ⓘ
schema changes for encrypted columns ⓘ supported ADO.NET driver ⓘ supported ODBC driver ⓘ |
| storesKeys | client side ⓘ |
| supports |
deterministic encryption
ⓘ
encryption at rest ⓘ encryption in transit ⓘ randomized encryption ⓘ |
| supportsAlgorithm |
AES-256
ⓘ
RSA ⓘ |
| supportsKeyStorageIn |
Azure Key Vault
ⓘ
Windows Certificate Store ⓘ hardware security modules ⓘ |
| uses |
column encryption keys
ⓘ
column master keys ⓘ column-level encryption ⓘ encryption keys ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Always Encrypted Description of subject: Always Encrypted is a SQL Server security feature that protects sensitive data by encrypting it both at rest and in transit while keeping encryption keys only on the client side.
Referenced by (3)
Full triples — surface form annotated when it differs from this entity's canonical label.