Alliance AES/400

Alliance AES/400 is an AES encryption application for the IBM iSeries and AS/400 platforms. With Alliance AES/400 you can:

• Encrypt DB2 fields
• Encrypt Save files
• Encrypt tapes for secure off-line storage
• Encrypt whole DB2 files
• Encrypt IFS files  
• Secure query and Business Intelligence
• Encrypt Spooled file reports with secure retrieval
• Create Self-decrypting archives
• Deploy TCP sockets encryption services
• Create Encryption audit trails for regulatory compliance  
• Integrate nCipher, Protegrity and RSA key managers
• Mask data in production, test, and QA systems
• Discover and document sensitive data
• Encrypt and decrypt on Windows, UNIX, Linux, and zSeries with fully compatible APIs

Alliance contains the tools you need to secure your AS/400 data and meet security compliance and regulation requirements.

[Request more information]

Regulatory standards
AES (Advanced Encryption Standard) has been adopted as a standard by the US government and many state and local agencies. AES encryption technology has been incorporated into many data security products. The National Institute of Standards and Technology has codified AES encryption as FIPS-197.  For credit card security, AES is one of the recommended encryption methods of the Payment Card Industry (PCI) standard, and the Visa Cardholder Information Security Program (CISP). AES meets the requirements of strong encryption defined by the California privacy notification act (SB1386) and similar notification laws. Lastly, AES encryption satisfies the data security requirements of the Health Insurance Portability and Accountability Act (HIPAA) for the medical industry.

Regulatory compliance audit trails
You can use special Alliance encryption APIs to automatically collect data access information into a history audit file. The file contains job, user, timestamp, file, field, and user information that you specify. You can even capture the encrypted data with key information to reconstruct the actual data that was accessed. These audit trails provide the information you need to satisfy data access audit trail requirements of Sarbanes-Oxley and other regulations.

DB2 field encryption
Alliance AES/400 includes special Application Program Interfaces (APIs) to enable encrypting and decrypting individual fields in a DB2 database file. This facility is ideal for encrypting credit card numbers, social security numbers, or other sensitive information in your database. The DB2 field encryption APIs interface with Alliance AES key management for secure key storage. There is no need to expand the field size in the DB2 file. You can easily use the Alliance APIs in your OPM and ILE RPG and Cobol applications.

Save file encryption
With Alliance AES/400  you can encrypt a save file of any size. The resulting encrypted file can be saved to tape, moved to off line storage, or transferred to another system. To use the Save file again Alliance can decrypt the file to the same or a different Save file. The resulting decrypted save file can be restored using standard IBM Save/Restore commands.  For business recovery purposes the Alliance AES/400 product can be restored to a backup system where the encryption keys can be used for the restore.

Tape encryption support
Alliance AES/400 can help you implement data security on your backup and archival tapes. If you have a small number of files with sensitive data, Alliance provides encryption commands that can encrypt the file in place. You can encrypt the file, save it to tape, and decrypt the file to make it available to business applications. For more extensive tape security you can encrypt the entire set of data being saved to tape. Alliance encrypts a Save file directly to tape without making any intermediate copies of the save file. The application is designed for rapid encryption and tape operation. To restore encrypted files from tape Alliance provides a command to decrypt directly to a Save file on the iSeries.

Database and IFS file encryption
Alliance AES/400 provides command interfaces to encrypt and decrypt AS/400 DB2 database files and AS/400 IFS stream files. You can encrypt files for delivery to another AS/400 platform, or for delivery to a Windows PC or Server platform. Alliance includes a Windows application that can be freely distributed to decrypt  files on the Windows platform. You can also encrypt files on a Windows platform and decrypt them on the AS/400. The encryption and decryption command interface with Alliance AES key management for secure key storage.

Alliance AES encryption for spool file reports
If you are using the Alliance AES encryption software with Alliance FTP Manager you can automatically distribute spool file reports in AES encrypted of AES self-decrypting archive format. You can define multiple output queues to the report distribution module in the product. You can also select reports in an output queue by spool file name, user name, spool file user data, and other selection criteria. With Alliance AES/400 you can automatically capture spool files to an encrypted archive on the AS/400 disk. Special user applications allow retrieval of the encrypted spool file for viewing or re-printing.  

Spool file report encryption and archival
With Alliance AES/400 you can define spool files to be encrypted and stored in a secure archive. Spool files can be saved as they become ready, or at a user-defined time of day. You can choose spool files for archival based on the spool file name, user name, job name, or spool file user data, or any combination of these attributes. Once archived you can access the secure archive to view or re-print the spool file report. The secure archive can be automatically purged based on the retention you specify.

Self decrypting archives
Alliance AES/400 can encrypt DB2 database files and IFS files into a self-decrypting archive. A self-decrypting archive is a Windows executable program. When a file has been encrypted as a self-decrypting archive and transferred to a Windows PC or Server, the recipient can run the program to decrypt and extract the file. The pass phrase for the encrypted file is validated before the file is extracted. The self-decrypting archives are created directly on the AS/400 and do not require an external server. The recipient of the self-decrypting archive does not need to install any third party software for decryption.

AES TCP services for encryption and decryption
Alliance AES/400 provides TCP sockets services for encryption and decryption. With these services you can enable your Windows, UNIX, and Linux applications to use Alliance encryption services over a standard Ethernet sockets connection. Alliance supports both standard TCP services and secure SSL TCP services. The Alliance server application scales to handle high volumes of encryption and decryption requests. You can use these services to deploy security in point of sale, data warehouse, and other applications.

AES key management
Alliance AES/400 includes a key management system for creating and storing AES keys and pass phrases is a secure manner. All of the Alliance APIs and commands provide the option of using a key in the key management facility. The key store is automatically protected with encryption, and backed up when new keys are created. For Enterprise key management Alliance AES/400 supports Protegrity Defiance DPS, nCipher keyAuthority, and RSA Key Manager.

Data masking
Alliance AES/400 includes a rich set of data masking functions that let you mask all but the last 4 digits in a credit card number; replace a credit card number with a random value; replace address, city, state, and zip code with random values; and perform other data masking functions. Data masking can be combined with decryption functions, or can be accessed directly from user applications.

Data utilities
To help support cross-platform data exchange, Alliance supports a number of data conversion utilities including ASCII / EBCDIC conversion, data encoding (Base64 and Base16 hex), initialization vector generation, and other utilities.

Discovery and assessment
In order to assist in the discovery and documentation of sensitive data, Alliance AES/400 can crawl your user libraries and files to discover the presence of sensitive data such as credit card numbers and social security numbers. The search criteria can be extended for user-defined search words. Once sensitive data is identified Alliance can cross-reference all applications that use the identified fields.

Cross platform support
Alliance AES encryption APIs are implemented on all Enterprise server platforms including Windows (2000/XP/2003), Linux (SUSE, Red Hat), UNIX (AIX, Solaris), and IBM System z (Mainframe). Securing data as it moves between server environments is important to avoid loss from unsecured network connections. Alliance provides a common encryption interface on all platforms.   

Secure query and Business Intelligence
Alliance AES/400 incorporates support for the New Generation Software NGS-IQ product to provide secure query and Business Intelligence. You can secure your sensitive data with Alliance AES/400 and still have access to intelligent query functions. NGS-IQ provides the field level access control you need to securely deploy a BI solution. Alliance AES/400 integrates with NGS-IQ to ensure that your sensitive data is decrypted to authorized users.

Command interfaces
To facilitate integration of AES encryption capabilities into your ERP and CRM applications, many Alliance AES encryption functions can be initiated via Alliance commands. All Alliance commands can be executed in batch and interactive environments. Context sensitive help is provided for all Alliance commands.

Sample code
Sample code is provided in the product library that demonstrates how to use Alliance APIs for DB2 field encryption and decryption. These examples are working applications and demonstrate  how to encrypt individual fields using the Alliance AES key management facility. There are also example CL programs that show how to use the Alliance AES encryption and decryption commands.

Alliance FTP Manager with AES encryption
Alliance AES encryption capabilities are also available with the Alliance FTP Manager product. When combined with the Alliance FTP Manager product an additional set of automation features are available. You can automatically encrypt and distribute spool file reports, database files, and other objects. The integration with FTP support means that you can easily combine encryption with automated delivery to your vendors, customers, and employees.