Public Key Infrastructure (PKI) encryption has been available on the zSeries for a while, but IBM hopes companies...
will take a more serious look at it now.
The PKI encryption technology for z/OS has been certified by Identrus LLC, a New York-based company that issues and manages
In PKI cryptography each bank uses an algorithm to create a unique public/private key pair. The root certificate authority -- Identrus in this case -- certifies the authenticity of the public key by issuing the bank a digital certificate. The requesting bank then publishes the public key certificate in a public directory.
When the requesting bank wants to transfer money to another member bank, it finds the recipient's public key in the directory and sends the transaction encrypted with the recipient's public key and signed with its own private key. Only the correct recipient bank will be able to decrypt the transaction with its own private key.
Historically, mainframers have been slow to embrace PKI encryption, which is available in z/OS v1.5 and higher. "Anytime you encrypt, you lose processing speed, but a cryptographic processor and encryption accelerator [built into the zSeries] will dramatically reduce the cost of encryption," said Jim Porell, distinguished engineer and chief architect for zSeries software, in a phone interview.
The Identrus PKI identity system for banking can also be applied to z/OS shops in other industries, such as retailers, pharmaceutical manufacturers and insurance companies.
"We believe we're going to see an explosion of secure communications between organizations, and PKI will open the door to a simple deployment of end-to-end security," Porell said.
Note: This article originally appeared on Search390.com.