On Thu, 4 Aug 2005 11:15:23 -0400, Bruce Black <[EMAIL PROTECTED]> wrote: >>"IBM intends to deliver a software-based file encryption solution for z/OS >>that leverages the existing z/OS key management capabilities provided >>within the Integrated Cryptographic Services Facility (ICSF) in 2005. More >>information will be provided at a later date." >It doesn't say "tape" so I didn't think that was what you meant. I >suppose that can be interpreted to mean that they will provide >encryption of tape files.
I found more information in one of Computerworld's System z9 stories: http://www.computerworld.com/hardwaretopics/hardware/mainframes/story/0,10801,103510,00.html >From this article, some Q&A with IBM's Erich Clementi: [Question:] What security functionality did you include in this system that will be of most interest to your customers? [Answer:] First and foremost, the new AES [Advanced Encryption Standard algorithm] standard. That is higher encryption than Triple DES [Triple Data Encryption Standard]. We have added into the zOS software Identrus-certified public-key infrastructure [PKI]. There is the work we have done with standards to allow the mainframe to work as the security server for a diverse infrastructure. So when you look at it, we have bleeding[-edge] encryption technology, we have augmented the encryption bandwidth of the system with more power for encryption capability, we have tripled the performance [of the] adapters for [Secure Sockets Layer] encryption, we have introduced PKI, and we are extending the security into the infrastructure. It's pretty comprehensive. On top of this, we have announced a zOS encryption facility to address this tape in the clear issue. [Question:] How does tape security work? [Answer:] When you produce the tape, you encrypt the tape [with] software that uses the hardware accelerators in the system. That makes it affordable, and that makes it viable. By using the centralized key management, we can use the key with a PKI infrastructure, so you send me your public key, and I send you the encryption key with your private key, you access the key and decrypt the data -- so the data is never in the clear. If you don't have a PKI identity, then we deliver to you a Java applet, which allows you to combine tape and key and decrypt and re-encrypt. So in reality, losing a tape would never again be a problem. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
