IBM has announced that its mainframe operating system z/OS now includes a newly certified data encryption feature that may allow companies to further secure confidential data and transactions within global networks.

The Public Key Infrastructure (PKI) encryption technology within the IBM eServer zSeries mainframe operating system, z/OS Version 1 Release 5 (V1R5) and higher, has been certified as Identrus-compliant. Identrus is a company that issues and manages identity credentials based on global industry, banking and technology standards.
The PKI services in z/OS allows IBM clients — including retailers, bankers, credit-card issuers — to act as their own digital certificate authority. This may help to remove the typical process of a “middle man” certifier for banks, which can incur “per transaction” charges. For businesses with thousands of transactions conducted daily worldwide, this approach has the potential to translate into significant savings. Also it may reduce the number of places that confidential data passes through, allowing more control to the banks that hold and process the data.
“By using digital certificates regularly, banks may enable more effective risk management against loss of data or fraud,” said June Felix, general manager, IBM Global Banking. “IBM anticipates that more banks will tap the PKI capability of encryption, which may allow a greater number of highly secure financial transactions globally. Once again, z/OS offers customers security features and value at the time when our financial services firms demand it the most.”
By using the built-in PKI cryptographic security services feature in z/OS version 1.5 and higher, companies can manage the lifecycle of digital certificates on behalf of their business and in accordance with their security policy. This may allow banks that become part of the Identrus network to efficiently issue or revoke digital certificates as new risks are identified or changes in the global financial landscape emerge.
The Identrus identity system for banking can also be applied to other industries that depend on private and secure data transfer. Since IBM z/OS is used by retailers, pharmaceutical manufacturers and insurance companies, its application potential is broad.
“From banking to e-commerce to healthcare, we anticipate that using global identities to exchange data will be an expected and required process for online data transfer,” said Karen Wendel, CEO, Identrus. “As more and more financial institutions are faced with breaches in physical security such as lost data tapes, having a solution of distributing data through digital identities is exactly what consumers and businesses are demanding.”
In PKI cryptography each bank uses an algorithm to create a unique public/private key pair. The root certificate authority — Identrus in this case — certifies the authenticity of the public key by issuing the bank a digital certificate. The requesting bank then publishes the public key certificate in a public directory. When the requesting bank wants to transfer money to another member bank, it finds the recipient’s public key in the directory and sends the transaction encrypted with the recipient’s public key and signed with its own private key. Only the correct recipient bank will be able to decrypt the transaction with its own private key. This security-rich process allows encrypting messages for privacy and authentication so the receiving bank can verify the source.