IBM announced the availability of encryption software and plans for enhanced encryption security for Automatic Teller Machines.
Encryption Facility for z/OS version 1.1 supports encryption and decryption of certain file formats on z/OS, the IBM mainframe's flagship operating system. The company announced the feature's availability Friday.
It leverages the centralized key management capabilities provided by functions of z/OS and features of the IBM System z9 mainframe and zSeries to encrypt data stored on external taps and disk arrays. That will allow companies to share data without compromising it.
Encryption Facility for z/OS runs on all currently supported versions of z/OS. It includes Encryption Services Feature for Tape Transfer, which allows partners to remotely decode encrypted data stored on mainframe tapes. The tape transfer encryption software can run on 64-bit zSeries or System z9 mainframes with z/OS and zOS,e releases from 1.4 to 1.7. IBM offers a Java-based program to allow partners lacking z/OS on their mainframes to decrypt and receive as well as encrypt and send data. Those features are immediately available.
A DFSMSdss Encryption Feature for Archival Dump Data Storage, which allows customers using data-to-tape utility options in z/OS to encrypt large amounts of files for archiving, will be available Dec. 2. Customers will also be able to compress the data. The encryption for archiving runs on z/OS 1.4 to 1.7.
IBM said it is already shipping the System z9 -109 model S54, though it had intended to wait at least until next week, because of high demand. The model delivers nearly twice the capacity, logical partitions and memory of the earlier IBM zSeries 990.
IBM is scheduled to roll out an enhancement to System z9 Crypto Express2 feature for ATMs, Point of Sale terminals and other similar devices in 2006. That is expected to allow remote loading of initial keys so distributed keys are protected using public-key cryptography. This is expected to lower costs and increase security while providing improved methods for exchanging Data Encryption Standard and Triple-DES keys with non-IBM cryptographic systems.