News Stay informed about the latest enterprise technology news and product updates.

Identrus certifies PKI for mainframe banking customers

Banking credential issuer Identrus has certified Public Key Infrastructure encryption on z/OS. IBM says digital certificates will improve data security.

Public Key Infrastructure (PKI) encryption has been available on the zSeries for a while, but IBM hopes companies will take a more serious look at it now.

The PKI encryption technology for z/OS has been certified by Identrus LLC, a New York-based company that issues and manages

Security Seven Awards

TechTarget's Information Security magazine, and Information Security Decisions have created the Security Seven Awards to recognize the achievements of leading information security practitioners in seven vertical industries. Winners will be chosen from the financial services, telecommunications, manufacturing, energy, government, education and health care industries. To nominate an individual for the Security Seven Awards, please complete the form and return it to by Aug. 1, 2005.

identity credentials. For example, a bank using z/OS' built-in PKI capability will be able to create and issue digital certificates to its customers, enabling authentication in real time anywhere in the Identrus network.

In PKI cryptography each bank uses an algorithm to create a unique public/private key pair. The root certificate authority -- Identrus in this case -- certifies the authenticity of the public key by issuing the bank a digital certificate. The requesting bank then publishes the public key certificate in a public directory.

When the requesting bank wants to transfer money to another member bank, it finds the recipient's public key in the directory and sends the transaction encrypted with the recipient's public key and signed with its own private key. Only the correct recipient bank will be able to decrypt the transaction with its own private key.

Historically, mainframers have been slow to embrace PKI encryption, which is available in z/OS v1.5 and higher. "Anytime you encrypt, you lose processing speed, but a cryptographic processor and encryption accelerator [built into the zSeries] will dramatically reduce the cost of encryption," said Jim Porell, distinguished engineer and chief architect for zSeries software, in a phone interview.

The Identrus PKI identity system for banking can also be applied to z/OS shops in other industries, such as retailers, pharmaceutical manufacturers and insurance companies.

"We believe we're going to see an explosion of secure communications between organizations, and PKI will open the door to a simple deployment of end-to-end security," Porell said.

Note: This article originally appeared on

Dig Deeper on PKI and digital certificates

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.