Help Center/ Identity and Access Management/ Service Overview/ Security/ Data Protection/ IAM Side
Updated on 2024-04-19 GMT+08:00
View PDF
Share

IAM Side

To ensure that your personal data, such as the username, password, and mobile phone number, will not be obtained by unauthorized or unauthenticated entities or individuals, IAM encrypts your data during storage and transmission to prevent data leakage.

Personal Data

Table 1 lists the personal data generated or collected by IAM.

Table 1 Personal data

Type

Source

Used For

Modifiable

Mandatory

Username
  • Entered when you create a user on the management console.
  • Entered when you call an API.
  • User identity identification
  • Identity authentication during console access or API calls

Yes (Administrators can call the API to change the username.)

Yes

Usernames are used to identify users.

Password
  • Entered when you create a user, modify user credentials, or reset the password on the management console.
  • Entered when you call an API.

Identity authentication during console access or API calls

Yes

No

You can also choose AK/SK authentication.

Email address

Entered when you create a user, modify user credentials, or change the email address on the management console.
  • User identity identification
  • Identity authentication during console access
  • Receiving messages

Yes

No

Mobile number

Entered when you create a user, modify user credentials, or change the mobile number on the management console.
  • User identity identification
  • Identity authentication during console access
  • Receiving messages

Yes

No

AK/SK

Displayed in the Security Settings > Access Keys area of a specific user on the IAM console or on the My Credentials > Access Keys page.

Identity authentication during API calls

No

AK/SK cannot be modified, but they can be deleted and created again.

No

AK/SK are used to sign the requests sent to call APIs.

Data Storage Security

IAM uses encryption algorithms to encrypt user data before storing it.

  • Usernames and AKs: non-sensitive data, which is stored in plaintext.
  • Password: The password is encrypted using the salted SHA512 algorithm.
  • Email address, mobile number, and SK: Use the AES algorithm to encrypt and store them.

Data Transmission Security

Sensitive data (including passwords) of users is encrypted using TLS 1.2 during transmission. All IAM APIs support HTTPS to encrypt data during transmission.

Parent topic: Data Protection