nshield Modules Integration Guide for Oracle Database 11g Release 2 Transparent Data Encryption



Similar documents
ncipher Modules Integration Guide for Axway Validation Authority Server 4.11 (Responder)

ncipher Modules Integration Guide for Apache HTTP Server

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

Thales ncipher modules. Version: 1.2. Date: 22 December Copyright 2009 ncipher Corporation Ltd. All rights reserved.

ncipher modules Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services Windows Server bit and 64-bit

Thales nshield HSM. Integration Guide for ISC BIND DNSSEC.

Thales Database Security Option Pack. for Microsoft SQL Server Integration Guide.

Integration Guide Microsoft Internet Information Services (IIS) 7.5 Windows Server 2008 R2

Integration Guide. Microsoft Internet Information Services (IIS) 7.0 and ncipher Modules. Windows Server 2008 (32-bit and 64-bit)

Thales e-security Key Isolation for Enterprises and Managed Service Providers

Microsoft AD CS and OCSP Integration Guide. Microsoft Windows Server 2008 R2

SolarWinds Migrating SolarWinds NPM Technical Reference

Microsoft AD CS and OCSP

VERITAS NetBackup 6.0 Encryption

Ex Libris Patch Instructions for Oracle 10 CPUs for Voyager Windows Servers

Microsoft SQL Server Integration Guide

Oracle TDE Tablespace Encryption

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Ex Libris Patch Instructions for Oracle 10 CPUs for Voyager Windows Servers

Integration Service Database. Installation Guide - Oracle. On-Premises

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Verax Service Desk Installation Guide for UNIX and Windows

TIBCO Spotfire Server Migration. Migration Manual

IBM Lotus Enterprise Integrator (LEI) for Domino. Version August 17, 2010

CA Workload Automation Agent for Remote Execution

Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices

Thales e-security Financial and Operational Benefits of using Datacryptor R4.02 in your network

Oracle Database 11g: Administration I

CA SiteMinder. Web Agent Installation Guide for Apache-based Servers. r nd Edition

An Oracle White Paper January Oracle Database Backup Service A Technical White Paper

HP OpenView Patch Manager Using Radia

PGP Command Line Version 10.3 Release Notes

Symantec NetBackup Clustered Master Server Administrator's Guide

PGP CAPS Activation Package

Interoperability of Bloombase StoreSafe and Thales e-security keyauthority for Data At- Rest Encryption

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1

Product Support Notice. FTP backup MSS to a Windows 2003 Server

Data Center Real User Monitoring

BEAWebLogic. Portal. WebLogic Portlets for SAP Installation Guide

CA SiteMinder. Web Agent Installation Guide for Apache-based Servers 12.51

How to Upgrade Oracle Software and Databases from Oracle Version x to for Ex Libris Applications

Siebel Installation Guide for UNIX. Siebel Innovation Pack 2013 Version 8.1/8.2, Rev. A April 2014

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Setting up the Oracle Warehouse Builder Project. Topics. Overview. Purpose

Oracle Insurance Policy Administration

Configuring and Integrating Oracle

PGP Command Line Version 10.2 Release Notes

By the Citrix Publications Department. Citrix Systems, Inc.

4.0. Offline Folder Wizard. User Guide

Oracle Order to Activate Integration Pack for Siebel CRM and Oracle Communications Order and Service Management

Oracle Advanced Security Transparent Data Encryption Best Practices

TIBCO ActiveMatrix BusinessWorks Plug-in for TIBCO Managed File Transfer Software Installation

Upgrade: SAP Mobile Platform Server for Windows SAP Mobile Platform 3.0 SP02

VERITAS NetBackup 6.0 for Oracle

CA SiteMinder. Upgrade Guide. r12.0 SP2

Symantec NetBackup for DB2 Administrator's Guide

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Install BA Server with Your Own BA Repository

ACTi NVR Config Converter User s Manual. Version /06/07

5-Bay Raid Sub-System Smart Removable 3.5" SATA Multiple Bay Data Storage Device User's Manual

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Heroix Longitude Quick Start Guide V7.1

Ex Libris Patch Instructions for Oracle 10 CPUs for Voyager Solaris/AIX Servers

hp digital home networking wireless USB network adapter hn210w quick start guide

Symantec NetBackup PureDisk Deduplication Option Guide

PGP Command Line Version 10.0 Release Notes

Unified Infrastructure Management Compatibility Matrix April 4, 2016

Dell Statistica Statistica Enterprise Installation Instructions

Nimsoft Monitor Compatibility Matrix October 17, 2013

Active Directory Rights Management Service Integration Guide

HP ProtectTools Embedded Security Guide

PATROL Console Server and RTserver Getting Started

CA ARCserve Backup. UNIX and Linux Data Mover Guide. r16

CA ARCserve Backup for Windows

Craig Pelkie Bits & Bytes Programming, Inc. craig@web400.com

BrightStor ARCserve Backup for Linux

Lotus Domino Security

Patch Assessment Content Update Release Notes for CCS Version: Update

Preface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide

Symantec Mobile Management 7.2 MR1Quick-start Guide

ODBC Driver User s Guide. Objectivity/SQL++ ODBC Driver User s Guide. Release 10.2

CA Identity Manager. Installation Guide (WebLogic) r12.5 SP8

VERITAS NetBackup Bare Metal Restore 6.0

Siebel Installation Guide for Microsoft Windows. Siebel Innovation Pack 2013 Version 8.1/8.2, Rev. A April 2014

CA SiteMinder. Web Agent Installation Guide for IIS 12.51

CA SiteMinder. Web Agent Installation Guide for IIS. r12.5

Fuse ESB Enterprise Installation Guide

PN Connect:Enterprise Secure FTP Client Release Notes Version

IBM Lotus Protector for Mail Encryption. User's Guide

2-Bay Raid Sub-System Smart Removable 3.5" SATA Multiple Bay Data Storage Device User's Manual

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

NetIQ Aegis Adapter for Databases

CA SiteMinder. Policy Server Installation Guide. r12.0 SP2

2015 Jože Senegačnik Oracle ACE Director

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Oracle Database Security Solutions

CA ARCserve Replication and High Availability

Symantec Mobile Management for Configuration Manager

Transcription:

nshield Modules Integration Guide for Oracle Database 11g Release 2 Transparent Data Encryption

Version: 2.0 Date: 01 November 2013 Copyright 2013 Thales e-security Limited. All rights reserved. Copyright in this document is the property of Thales e-security Limited. It is not to be reproduced, modified, adapted, published, translated in any material form (including storage in any medium by electronic means whether or not transiently or incidentally) in whole or in part nor disclosed to any third party without the prior written permission of Thales e-security Limited neither shall it be used otherwise than for the purpose for which it is supplied. Words and logos marked with or are trademarks of Thales e-security Limited or its affiliates in the EU and other countries. Information in this document is subject to change without notice. Thales e-security Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Thales e-security Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material. nshield Modules 2

Contents Contents Contents 3 Chapter 1: Introduction 4 Product configuration 4 Supported Thales nshield functionality 5 Requirements 5 This guide 5 More information 6 Chapter 2: Procedures 7 Installing Oracle Database 11g Release 2 7 Installing the HSM 7 Installing the support software and configuring the HSM 7 Configuring Oracle Database 11g TDE to use the HSM 8 Chapter 3: Troubleshooting 13 Addresses 14 nshield Modules 3

Chapter 1: Introduction Chapter 1: Introduction Oracle Database 11g Release 2 TDE transparently encrypts data that is stored in the Oracle database, without requiring any changes to the application that runs on top of the database. It supports both TDE tablespace encryption and TDE column encryption. The HSM secures the unified TDE master encryption key, which is used to encrypt and decrypt the tablespace keys for encrypted tablespaces, and table keys for encrypted application table columns. The HSM is used in place of the Oracle Wallet to provide a higher level of security assurance, including: Centralized storage and management of the master encryption key(s). Full life cycle management of the master encryption key(s). Highest level of security assurance, the keys never leave the HSM as plain text. FIPS 140-2 level 3 validated hardware. Failover support. Depending on your current Oracle setup, you can use this document to either: Create and start using a new HSM-protected wallet (if you are not using an Oracle Wallet). Migrate from an existing Oracle Wallet to an HSM-protected wallet. The Oracle Wallet can be the default database wallet shared with the other components of the Oracle database or a separate wallet specifically used by TDE. When using Oracle TDE, Oracle recommends that you use a separate wallet to store the master encryption key. See the Oracle documentation for more information. Product configuration The integration between the HSM and TDE uses the PKCS #11 cryptographic API. The integration has been successfully tested in, and is only supported for, the following configurations: Operating system Thales ncipher software version Oracle Database version nshield Solo support nethsm support nshield Connect support Red Hat Enterprise Linux 6 11.50 11.2.0.2.0 Yes Yes Solaris 10 for SPARC systems 11.50 11.2.0.2.0 Yes Yes Red Hat Enterprise Linux 5 11.50 11.2.0.2.0 Yes Yes Red Hat Enterprise Linux 5 11.40 11.2.0.1.0 Yes Yes Yes Solaris 10 for SPARC systems 11.40 11.2.0.1.0 Yes Yes Yes IBM AIX 5.3 11.40 11.2.0.1.0 Yes Yes Yes IBM AIX 6.1 11.40 11.2.0.1.0 Yes Yes Yes Additional documentation produced to support your Thales ncipher product can be found in the document directory of the CD-ROM or DVD-ROM for that product. Note: Throughout this guide, the term HSM refers to nshield Solo modules, nethsm, and nshield Connect products. (nshield Solo products were formerly known as nshield.) nshield Modules 4

Chapter 1: Introduction Supported Thales nshield functionality Key Generation Yes 1-of-N Operator Card Set Yes Strict FIPS Support Yes Key Management Yes K-of-N Operator Card Set Load Sharing Yes Key Import Softcards Yes Fail Over Yes Key Recovery Yes Module-only Key Yes Requirements Before installing the software, we recommend that you familiarize yourself with the Oracle Database 11g Release 2 TDE documentation and setup process, and that you have the Thales documentation available. We also recommend that you have an agreed organizational Certificate Practices Statement and a Security Policy/Procedure in place covering administration of the HSM. In particular, these documents should specify the following aspects of HSM administration: The number and quorum of Administrator Cards in the Administrator Card Set (ACS), and a policy for managing these cards Whether the application keys are protected by the module or an Operator Card Set (OCS) The number and quorum of Operator Cards in the OCS, and a policy for managing these cards Whether the security world must comply with FIPS 140-2 Level 3 Key attributes, such as the key size, persistence, and time out. Note: K/N functionality is not currently supported. This means that you must create a 1/N OCS. This integration requires Oracle Database 11g Release 2 (11.2.0.1.0 or 11.2.0.2.0) to be installed with the following Oracle patches applied: Patch Unique patch ID Bugs fixed 9229896 for 11.2.0.1.0. 10098816 for 11.2.0.2.0. 12118360 for 11.2.0.1.0. 1123404322 for 11.2.0.2.0. 8909973: TDE cannot support multi-token HSMs. 9034189: TDE with HSM race condition. This guide This guide explains how to integrate Oracle Database 11g Release 2 Transparent Data Encryption (TDE) with a Thales ncipher Hardware Security Module (HSM). We have thoroughly tested the instructions in this document. They provide a straightforward integration process. There may be nshield Modules 5

More information other untested ways to achieve interoperability. This document may not describe every step of the software setup process. This guide assumes that you have read your HSM documentation and that you are familiar with the documentation and setup process for Oracle Database 11g Release 2 TDE. More information For more information about OS support, contact your Oracle sales representative or Thales Support. For more information about contacting Thales, see Addresses at the end of this guide. For more information on administering an nshield module, see the User Guide. Additional documentation produced to support your Thales nshield product is in the document directory of the CD-ROM or DVD-ROM for that product. For more information about using Oracle Database 11g Release 2 TDE, see: http://download.oracle.com/docs/cd/e11882_ 01/network.112/e10746/asotrans.htm#ASOAG600 nshield Modules 6

Chapter 2: Procedures Chapter 2: Procedures To integrate Oracle Database 11g Release 2 TDE with an HSM: 1. Install Oracle Database 11g Release 2 and apply patch. 2. Install the HSM. 3. Install the support software and configure the HSM. 4. Configure Oracle Database 11g Release 2 TDE to use the HSM. All these procedures are described in the following sections. Installing Oracle Database 11g Release 2 To install Oracle Database 11g Release 2: 1. Download and unzip the appropriate Oracle distribution for your operating system. 2. Set environment variables ORACLE_BASE, ORACLE_HOME, PATH, TNS_ADMIN and ORACLE_SID according to your environment, for example: ORACLE_SID=<database_name>; export ORACLE_SID; ORACLE_BASE=/home/oracle/app; export ORACLE_BASE; ORACLE_HOME=$ORACLE_BASE/product/11.2.0/dbhome_1; export ORACLE_HOME; PATH=$PATH:$ORACLE_HOME/bin; export PATH; TNS_ADMIN=$ORACLE_HOME/network/admin; export TNS_ADMIN; Note: Ensure that ORACLE_SID is at least eight alphanumeric characters long. 3. Ensure that the prerequisite configuration is complete according to Oracle documentation at: http://www.oracle.com/pls/db112/portal.portal_db?selected=11&frame= 4. Navigate to the installation folder and execute./runinstaller to start the installation process and install the database software only. 5. Download and unzip patch 9229896 or 10098816 for the appropriate distribution and refer to the readme.txt file to use OPatch to install the patch. Run opatch lsinventory to verify the patch afterwards. 6. Run dbca to create a database and select the option to add the sample schemas on step 8 of the dbca wizard. When asked for the ORACLE_SID, use the one you specified in step 2. The sample schemas and user accounts are used to test TDE with an HSM. Installing the HSM Install the HSM using the instructions in the documentation for the HSM. We recommend that you install the HSM before configuring the ncipher software. Installing the support software and configuring the HSM To install the Thales ncipher support software and configure the HSM: nshield Modules 7

Chapter 2: Procedures 1. Install the latest version of the support software and create a security world as described in the User Guide for the HSM. Note: We recommend that you uninstall any existing Thales ncipher software before installing the new software. 2. Create or edit the cknfastrc file located in the /opt/nfast directory, and depending on how you want to protect the master encryption key, set one of the following environment variables: OCS or softcard key protection: CKNFAST_LOADSHARING=1 Module-only key protection: CKNFAST_FAKE_ACCELERATOR_LOGIN=1 For more information, see the PKCS #11 library environment variables in the User Guide for the HSM. 3. Initialize a security world. 4. For OCS protection, create a 1 of N card set, following the instructions in the User Guide for the HSM. Note: Ensure that your Operator Card or softcard pass phrase has a minimum of eight alphanumeric characters. You must create a softcard for softcard protection; see the User Guide for the HSM for more information. Configuring Oracle Database 11g TDE to use the HSM To configure Oracle Database 11g Release 2 TDE to use the HSM: 1. Copy the PKCS #11 library located at /opt/nfast/toolkits/pkcs11/libcknfast-64.so (or libcknfast.so depending on your OS architecture) to one of the following locations: Red Hat Enterprise Linux 5 (x86) /opt/oracle/extapi/32/hsm/libcknfast.so Solaris 10 SPARC (64-bit) /opt/oracle/extapi/64/hsm/libcknfast-64.so IBM AIX (PPC64) /opt/oracle/extapi/64/hsm/libcknfast-64.so Ensure that the directory exists and that oracle:oinstall is the owner:group of the directory with read and write access. 2. Add the oracle user to group nfast. You can verify this addition by looking at the entry for the nfast group in /etc/group. 3. In the $TNS_ADMIN/sqlnet.ora file add or edit the following lines, depending on whether you are migrating from an Oracle Wallet: ENCRYPTION_WALLET_LOCATION =(SOURCE = (METHOD = Migrating from an Oracle HSM) (METHOD_DATA = (DIRECTORY = $ORACLE_ Wallet BASE/admin/$ORACLE_SID/wallet/))) Not migrating ENCRYPTION_WALLET_LOCATION = (SOURCE = (METHOD = HSM)) nshield Modules 8

Configuring Oracle Database 11g TDE to use the HSM 4. Log into the database using the following commands: In the UNIX command shell: sqlplus / as sysdba In sqlplus (at the SQL> prompt): connect / as sysdba 5. Create the master encryption key inside the HSM using one of the following commands, depending on how you want to protect the key and whether you are migrating from an Oracle Wallet: OCS key protection: alter system set encryption key identified by Migrating from an Oracle Wallet OCS_pass_phrase OCS_name migrate using wallet_password ; Not migrating alter system set encryption key identified by OCS_pass_phrase OCS_name ; OCS key protection requires an OCS to be inserted into the module slot. You must specify OCS_name after the pass phrase to identify a particular OCS in the security world. In the cknfastrc file, you must set CKNFAST_LOADSHARING=1. Softcard key protection: alter system set encryption key identified by Migrating from an Oracle softcard_pass_phrase softcard_name migrate Wallet using wallet_password ; Not migrating alter system set encryption key identified by softcard_pass_phrase softcard_name ; For softcard key protection, you must specify softcard_name after the pass phrase to identify a particular softcard in the security world. In the cknfastrc file, you must set CKNFAST_LOADSHARING=1. Module-only key protection: alter system set encryption key identified Migrating from an Oracle Wallet Not migrating by module_pass_phrase migrate using wallet_password ; alter system set encryption key identified by module_pass_phrase ; Module-only key protection accepts any given pass phrase. In the cknfastrc file, you must set CKNFAST_FAKE_ACCELERATOR_LOGIN=1. The pass phrase must be at least eight alphanumeric characters long. The wallet_password is the password for the Oracle Wallet. 6. To verify that the master encryption key has been created, run /opt/nfast/bin/cklist. You should see the following PKCS #11 keys: nshield Modules 9

Chapter 2: Procedures Migrating from an Oracle Software Wallet Not migrating ORACLE.TDE.HSM.MK.key_hash ORACLE.TDE.HSM.MK.key_hash ORACLE.TSE.HSM.MK.key_hash 7. If you migrated from an Oracle Software Wallet: In the UNIX command shell, use an orapki command similar to the following command to alter the Oracle Wallet pass phrase to match the new pass phrase: orapki wallet change_pwd -wallet "/home/oracle/app/admin/your_test_database_name/wallet/ ewallet.p12" - oldpwd "wallet_password" newpwd "OCS_pass_phrase OCS_name" This example is for OCS key protection. For softcard key protection, use softcard_ pass_phrase softcard_name. For module-only key protection, use module_pass_ phrase. Navigate to the Oracle Wallet ewallet.p12 and rename it to ewallet.p12.old. This stops Transparent Data Encryption opening the software wallet. It is important that you keep this Oracle Wallet. 8. To use tablespace encryption and column encryption using the HSM, we recommend that you first create an encrypted tablespace using the following command and then proceed with column-level encryption: CREATE TABLESPACE securespace1 DATAFILE '$ORACLE_BASE/oradata/$ORACLE_SID/secure01.dbf' SIZE 10M ENCRYPTION using AES256 DEFAULT STORAGE(ENCRYPT); 9. Create a table inside the tablespace by using the command: CREATE TABLE customer_payment_info (first_name VARCHAR2(11), last_name VARCHAR2(10), order_number NUMBER(5), credit_card_number VARCHAR2(16), active_card VARCHAR2(3))TABLESPACE securespace1; 10. Insert values into the table by using commands similar to the following example commands: INSERT INTO customer_payment_info VALUES ('Mike', 'Hellas', 10001, '544695 9708812985','YES'); INSERT INTO customer_payment_info VALUES ('Peter', 'Burton', 10002, '51223 58046082560','YES'); INSERT INTO customer_payment_info VALUES ('Mary', 'Banker', 10003, '559596 8943757920','YES'); INSERT INTO customer_payment_info VALUES ('Holly', 'Mayers', 10004, '49298 89576357400','YES'); commit; nshield Modules 10

Configuring Oracle Database 11g TDE to use the HSM 11. Check the encrypted tablespace by using the command: select tablespace_name, encrypted from dba_tablespaces; 12. To list the values in the encrypted tablespace in plain text, use the command: select * from customer_payment_info; 13. Encrypt the credit_limit column of the CUSTOMERS table, which is owned by the user OE, using the command: alter table oe.customers modify (credit_limit encrypt); 14. To list the values in the encrypted column in plain text, use the command: select credit_limit from oe.customers where rownum <15; 15. To list the encrypted columns in your database, use the command: select * from dba_encrypted_columns; 16. To list information about the wallet, use the command: select * from v$encryption_wallet; 17. To rotate the TDE master encryption key, use the command: alter system set encryption key identified by pass_phrase ; This creates another ORACLE.TDE.HSM.MK.key_hash master encryption key in the /opt/nfast/kmdata/local directory, which you can see by running /opt/nfast/bin/cklist. Note: The pass_phrase is the pass phrase that you used when creating the master encryption key in step 5. The tablespace encryption key cannot be rotated; a work around is to move the data into a new encrypted tablespace. 18. Close the wallet and exit sqlplus, by using the commands: alter system set encryption wallet close identified by pass_phrase ; exit You do not need to specify the OCS or softcard name when closing the wallet. nshield Modules 11

Chapter 2: Procedures 19. Open the wallet by logging into the database and using the following command: OCS key protection: alter system set encryption wallet open identified by OCS_pass_phras e OCS_name ; Softcard key protection: alter system set encryption wallet open identified by softcard_pass_phrase softcard_name ; Module-only key protection: alter system set encryption wallet open identified by module_pass_ph rase ; nshield Modules 12

Chapter 3: Troubleshooting Chapter 3: Troubleshooting The following table provides troubleshooting guidelines. Note: Supported versions of Oracle 11g include only v11.2.0.2.0 and v11.2.0.1.0. Error message ORA-28376: cannot find PKCS11 library ORA-28353: failed to open wallet ORA-00600: internal error code, arguments: [kzthsmgmk: C_ GenerateKey], [6], [],[], [], [], [], [] Resolution Check the library path is set correctly, for example: /opt/oracle/extapi/64/hsm/libcknfast- 64.so Ensure that oracle:oinstall is the owner:group of this directory, with read and write access. Ensure that the HSM wallet pass phrase is correct. Ensure that if OCS/softcard key protection is used, the name and pass phrase are correct and are separated by a, for example:softcard_pass_ phrase softcard_name Ensure that you have added user oracle to group nfast. In some cases you may have to re-login with the oracle user for this to take effect. ORA-00600: internal error code, arguments: Ensure that if a strict FIPS 140-2 level 3 [kzthsmgmk: C_ security world is in use, an OCS is inserted GenerateKey], into the HSM slot when creating the master [2147483872], [], [], [], encryption key. [], [], [], [], [], [], [] nshield Modules 13

Addresses Addresses Americas 900 South Pine Island Road, Suite 710, Plantation, Florida 33324, USA Tel: +1 888 744 4976 or + 1 954 888 6200 sales@thalesesec.com Europe, Middle East, Africa Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ, UK Tel: + 44 (0)1844 201800 emea.sales@thales-esecurity.com Asia Pacific Units 4101, 41/F. 248 Queen s Road East, Wanchai, Hong Kong, PRC Tel: + 852 2815 8633 asia.sales@thales-esecurity.com Internet addresses Web site: Support: Online documentation: International sales offices: http://www.thales-esecurity.com/ http://www.thales-esecurity.com/support-landing-page http://www.thales-esecurity.com/knowledge-base http://www.thales-esecurity.com/contact nshield Modules 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information