Data Encryption Facility®:
Mainframe Encryption
Product Overview
Version 3.0A available now! Email
ron@appliedsoftware.com for pricing information or for a free 45 day trial.
Encryption: The best known
method for protecting highly sensitive
computer data.
Using NITS standards as the basic
element of data encryption, ASI
began extensive research and development
on a comprehensive data encryption
facility which was first released
in 1987. After years of additional
development and testing, ASI’s
Data Encryption Facility DEF® now
supports additional cryptology
algorithms and provides for management
of encryption keys. DEF supports
IBM and plug-compatible CPU’s with
the z/OS operating systems.
Major enhancements over version
2.1 include AES 128 encryption,
Triple DES (3DES) and DESX encryption
support. A Key Administration Facility
as well as improved
sample programs for application
programmers will also be available
as part of the bundled product
line. The batch mode encryption
facility may be purchased separately.
Today you can hardly
pick up a newspaper or go online
for news without reading about
an incident involving a data breach.
These breaches include all sorts
of data; social security numbers,
drivers license records, credit
card numbers. The Privacy Rights
Clearinghouse, a highly respected
nonprofit consumer organization
concluded that over 100 million
records containing personal information
have been involved in security
breaches in less than a two year
period 2005-2006. That is just
what is known.
It is becoming widely recognized
that one of the most important security
tools to effectively protect data
is strong encryption technology.
Encryption
Applied Software’s
Data Encryption Facility (DEF)
provides strong encryption using
one of the two NIST (National Institute
of Standards and Technology) recommended
symmetric key cryptology algorithms,
Triple DES. Symmetric key algorithms
(also known as secret key algorithms),
such as Triple DES, transform data
in a way that is fundamentally
difficult to undo without knowledge
of a secret key.
The key is “symmetric” because
whatever key is used to encrypt
it is also used to decrypt data.
There are two methods,
using DEF, to encrypt and decrypt
data.
The first is to use a batch
process where a DEF Batch program
reads a file, encrypts or decrypts
the data, and writes it back. The
second method deals with online
applications where DEF provides
a set of callable subroutines where
an application program essentially
passes data to a callable DEF module
which encrypts/decrypts the data
and passes them back.
Protecting
Encryption Keys
The proper management
of cryptographic keys is essential
to the effective use of cryptography
for security. Ultimately, the
security of information protected
by cryptography directly depends
on the strength of the keys, the
effectiveness of mechanisms and
protocols associated with keys,
and the protection afforded to
the keys. The management of cryptographic
keys includes their generation,
use, and eventual destruction.
Applied Software’s
Data Encryption Facility (DEF)
provides a symmetric Key Management
component that follows the recommendations
put forth by the NIST for symmetric
keys. Keys can be generated and
encrypted such that the original
key is never visible, and can then
be tracked through a key life cycle.
The life cycle itself consists
of five states; pre-active, active,
deactivated, destroyed and compromised
which can be policy-based driven.
