Alliance AES/400 Features

DB2 field encryption with Alliance AES
Encrypt and decrypt individual fields in AS/400 DB2 database files. Alliance APIs can be used in ILE RPG and Cobol applications as well as OPM RPG/400 and Cobol/400 applications. Alliance AES encryption for DB2 fields integrates with Alliance key management for the secure storage of AES keys.

DB2 file encryption with Alliance AES
Encrypt any DB2 database file with Alliance AES/400. You can specify that the data be converted to ASCII or retained in the original EBCDIC character set. You can also specify that the pass phrase should be converted to ASCII for decryption on an ASCII system such as Microsoft Windows. Alliance DB2 file encryption integrates with Alliance AES key management. Alliance DB2 file encryption includes the ability to encrypt an entire file in place without intermediate copies.

IFS file encryption with Alliance AES
You can encrypt and decrypt IFS (Integrated File System) files with Alliance AES encryption commands. Once encrypted files can be decrypted on an AS/400 or Windows PC or Server platform. You can also use the free Alliance Windows AES encryption application to encrypt files on a Windows platform for decryption on the AS/400. IFS file encryption integrates with Alliance AES key management for secure key storage.

Save file encryption
Alliance provides a complete set of Save file encryption and decryption commands. You can encrypt a save file to an IFS file for cross-platform transfer, or encrypt a save file directly to a new DB2 flat file. This minimizes the amount of temporary space required for the encryption process. Once a save file is encrypted you can move it to another platform for archival, or save the encrypted file directly to tape. When encrypting a save file to a DB2 flat file there is no limit to the size of the Save file to be processed.

Encrypt Save file direct to tape
Many AS/400 users save very large Save files to tape and do not have enough auxiliary storage available for intermediate copies of the file. Alliance provides commands to encrypt a Save file directly to tape. After encrypting directly to tape you can decrypt from tape directly to a Save file. This facility makes no intermediate copies of the Save file and conserves disk utilization. The tape operation is optimized for maximum tape performance and best encryption performance.

AES self-decrypting archives
Alliance AES/400 can encrypt files into a self-decrypting archive. A self-decrypting archive is a Windows executable program. You can run the self-decrypting archive, enter a pass phrase, and decrypt and extract the file. If run from a command line you can pass the program parameters for the decryption. This is helpful if you are automating the decryption process. If you run the self-decrypting archive program without parameters it presents a Windows GUI dialog for pass phrase and other decryption information.

Spool file report encryption and archival
With Alliance AES/400 you can define spool files to be encrypted and stored in a secure archive. Spool files can be saved as they become ready, or at a user-defined time of day. You can choose spool files for archival based on the spool file name, user name, job name, or spool file user data, or any combination of these attributes. Once archived you can access the secure archive to view or re-print the spool file report. The secure archive can be automatically purged based on the retention you specify.

AES TCP services for encryption and decryption
Alliance AES/400 provides TCP sockets services for encryption and decryption. With these services you can enable your Windows, UNIX, and Linux applications to use Alliance encryption services over a standard Ethernet sockets connection. Alliance supports both standard TCP services and secure SSL TCP services. The Alliance server application scales to handle high volumes of encryption and decryption requests. You can use these services to deploy security in point of sale, data warehouse, and other applications.

Report distribution with AES encryption
When Alliance AES encryption is used with the Alliance FTP Manager application you can automatically distribute reports in encrypted or self-decrypting archive format. Reports can be sent from one or more output queues, and reports can be selectively routed from the output queue.

AES key management
Alliance AES/400 includes a key management system for creating and storing AES keys and pass phrases is a secure manner. All of the Alliance APIs and commands provide the option of using a key in the key management facility. The key store is automatically protected with encryption, and backed up when new keys are created. For Enterprise key management Alliance AES/400 supports Protegrity Defiance DPS, nCipher keyAuthority, and RSA Key Manager.

Data masking
Alliance AES/400 includes a rich set of data masking functions that let you mask all but the last 4 digits in a credit card number; replace a credit card number with a random value; replace address, city, state, and zip code with random values; and perform other data masking functions. Data masking can be combined with decryption functions, or can be accessed directly from user applications.

Data utilities
To help support cross-platform data exchange, Alliance supports a number of data conversion utilities including ASCII / EBCDIC conversion, data encoding (Base64 and Base16 hex), initialization vector generation, and other utilities.

Discovery and assessment
In order to assist in the discovery and documentation of sensitive data, Alliance AES/400 can crawl your user libraries and files to discover the presence of sensitive data such as credit card numbers and social security numbers. The search criteria can be extended for user-defined search words. Once sensitive data is identified Alliance can cross-reference all applications that use the identified fields.

Cross platform support
Alliance AES encryption APIs are implemented on all Enterprise server platforms including Windows (2000/XP/2003), Linux (SUSE, Red Hat), UNIX (AIX, Solaris), and IBM System z (Mainframe). Securing data as it moves between server environments is important to avoid loss from unsecured network connections. Alliance provides a common encryption interface on all platforms.   

Regulatory compliance audit trails
You can use special Alliance encryption APIs to automatically collect data access information into a history audit file. The file contains job, user, timestamp, file, field, and user information that you specify. You can even capture the encrypted data with key information to reconstruct the actual data that was accessed. These audit trails provide the information you need to satisfy data access audit trail requirements of Sarbanes-Oxley and other regulations.

Windows encryption application
Alliance AES encryption includes a Windows application that you can freely distribute to provide encryption and decryption services. Files encrypted on a Windows platform with the Alliance application can be decrypted on the AS/400. Files encrypted on the AS/400 can be decrypted on the Windows platform.

Sample code
The Alliance AES/400 product includes sample RPG and ILE-RPG source code that demonstrate how to use the encryption APIs. There are also sample CL programs that show how to use the Alliance commands to encrypt and decrypt files, and create self-decrypting archives.

More information:
Patrick Townsend & Associates, Inc
406 Legion Way SE
Suite 300
Olympia, WA 98501
Voice: (360) 357-8971
Fax:   (360) 357-9047
Email: Info@patownsend.com
Web: www.patownsend.com