Crypto Complete - Field Level Encryption
Toll Free: (888) 682-5335
 Live Chat
 
Home » Software » iSeries » System i Security » Linoma Crypto Complete 
 
System i Security
 
 
1
Crypto Complete - Field Level Encryption
Protect your company's sensitive System i data with strong encryption (AES256, AES192, AES128 or Triple DES), integrated key management and auditing. Crypto Complete enables organizations to implement field encryption and backup encryption quickly and effectively. Encrypting sensitive libraries, objects and files is vital to PCI DSS, HIPAA, Sarbanes-Oxley compliance and state privacy laws. Crypto Complete can be installed within a few minutes and requires no source code changes for encryption.

Add to Cart
 
 
With Crypto Complete You Can:

  • Automatically encrypt database fields without changing applications
  • Protect credit card numbers, social security numbers, bank account numbers, wages, etc.
  • Encrypt System i libraries, objects and files (backup encryption)
  • Create, manage and protect Keys with Crypto Complete's integrated Key Manager
  • Rotate Keys without having to re-encrypt existing data or change applications
  • Encrypt using strong algorithms (AES256, AES192, AES128 or TDES)
  • Decrypt values only for authorized users (either the full value or masked value)
  • Produce comprehensive audit trails and reports

Main Features
Crypto Complete includes the comprehensive features needed to satisfy stringent requirements for encryption and key management. This proven solution is used in mission-critical environments to protect sensitive System i database fields and backups. Organizations depend on Crypto Complete to help secure confidential information from both external hackers and unauthorized internal users.

The primary capabilities of Crypto Complete are:

  • Automated encryption of database fields without changing applications
  • Encryption of System i files, objects and libraries (backup encryption)
  • Integrated Symmetric Key Management
  • Rotation of encryption keys without having to re-encrypt existing data
  • Encryption of small database fields without requiring field expansion
  • Encryption of both alphanumeric and numeric database fields
  • Decryption of fields as full values or masked values
  • Strong encryption with key lengths up to 256 bits
  • Support for AES (AES128, AES192, AES256) and TDES encryption algorithms
  • Intuitive i5/OS menus and commands with on-line help text
  • Program calls and ILE procedures for encrypting/decrypting data within native applications
  • Stored procedures and SQL functions for encrypting/decrypting data through SQL
  • Comprehensive audit trails and reporting
  • Support for multiple environments (data libraries)

Crypto Complete installs as a licensed program on the System i and utilizes less than 75Mb of disk space. It can typically be installed within a few minutes. The commands in Crypto Complete have comprehensive on-line help text and are accessible through intuitive native i5/OS menus.


Key Management
Symmetric Key Cryptology (also known as Secret Key or Private Key Cryptology) is a form of cryptology in which the same Key can be used to encrypt and decrypt data.
Symmetric Keys must be strong enough for the intended application. Because the strength of the Symmetric Key is determined by its length, the longer the key, the harder it is for high-speed computers to break the code. Within Crypto Complete, Symmetric Keys can be generated up to 256 bit lengths to provide a high level of protection.
The Symmetric Key values must be kept secret to prevent unauthorized decryption of sensitive data. Controls must therefore exist to protect the confidentiality and access to the Symmetric Keys. Crypto Complete provides an integrated and comprehensive Symmetric Key Management System to establish those controls.
iSeries_Encryption_Key_Management

Crypto Complete's Symmetric Key Management System allows organizations to:

  • Establish policy settings on how Symmetric Keys can be created and utilized
  • Indicate which users can create and manage Symmetric Keys
  • Randomly generate strong Symmetric Keys
  • Protect Symmetric Keys using Master Encryption Keys
  • Protect the recreation of a Master Encryption Key by requiring pass phrases from up to 8 users
  • Organize Symmetric Keys into one or more Key Stores
  • Restrict access to Key Stores using i5/OS object authority
  • Restrict the retrieval of the actual Symmetric Key values
  • Provide separation of duties (i.e. the creator of a Symmetric Key can be restricted from using the Key to encrypt and/or decrypt data)
  • Control which users can utilize Symmetric Keys to encrypt and decrypt data
  • Produce detailed audit logs

Field Encryption
Database field encryption has traditionally been very difficult and time-consuming to implement on the System i. In the past, major application changes would have to be made to expand database field sizes and implement complicated API calls to encrypt/decrypt data. The design of Crypto Complete allows organizations to encrypt fields quickly and effectively using intuitive screens and proven technology.

With Crypto Complete's innovative "Field Encryption Registry", you can simply indicate the database fields to encrypt within your database files. When a field is activated in the Registry, Crypto Complete will perform a mass encryption of the current values for that field. Crypto Complete can then automatically encrypt the field values on an ongoing basis as new database records are added and when existing field values are changed. This automated feature saves significant time and money for customers, since applications do not need to be changed for data encryption.

You can optionally modify your applications to encrypt data through program (API) calls to Crypto Complete's encryption procedures and programs. Crypto Complete also includes stored procedures and SQL functions which can be called from within native applications or other external clients (i.e. graphical or web-based front ends) for encryption/decryption.

System i database fields can be protected using the strong AES and TDES encryption algorithms. For AES encryption, you can choose between the key lengths of AES128, AES192 and AES256.

You can encrypt almost any System i database field with Crypto Complete. Field encryption examples:

  • Credit card numbers (PAN)
  • Social security numbers
  • Bank account numbers
  • Health-related information
  • Wages
  • Financial data

Backup Encryption
BRMS customers: Crypto Complete's backup encryption commands can be incorporated into IBM's BRMS package. Contact Linoma Software for the BRMS integration instructions.
Native System i (iSeries) commands are provided in Crypto Complete to encrypt and save (back up) libraries, objects and IFS files. Encrypted backups can be targeted to the IFS, a tape device and other physical and virtual backup devices.

Symmetric Keys or passwords can be used to protect the encrypted data. The AES encryption algorithm is implemented to provide strong protection for your backups. You can choose between key lengths of AES128, AES192 and AES256.

The System i backup encryption provided in Crypto Complete allows organizations to secure their backup media and comply with PCI DSS requirements and governmental regulations such as HIPAA and Sarbanes-Oxley.

Native commands are also provided to restore/decrypt libraries, objects and IFS files which were saved using Crypto Complete's backup commands.

Crypto Complete's backup and restore commands can be entered on the System i (i5/OS) command line, placed in CL programs, incorporated in BRMS and used in job schedulers on the System i.

System i Encryption Commands:

ENCLIB Encrypt Library
ENCOBJ Encrypt Object
ENCSAVF Encrypt Save File
ENCFIL Encrypt File
DECLIB Decrypt Library
DECOBJ Decrypt Object
DECSAVF Decrypt Save File
DECFIL Decrypt File

Example of ENCLIB command:
Crypto_Complete_Backup_Encryption

Audit Trails
Crypto Complete includes comprehensive auditing for meeting the most stringent security requirements. Audit log entries are stored in a secure IBM journal file. Detailed information is recorded in each audit entry, including the audit type, audit description, date, time, user, job name, job number, comments and other pertinent information.

Audit log entries are generated for the following events in Crypto Complete:

  • When any Key Policy settings are changed
  • When Key Officers are added, changed or removed
  • When Master Encryption Keys (MEKs) are loaded or set
  • When Key Stores are created or translated
  • When Data Encryption Keys (DEKs) are created, changed or deleted
  • When Field Encryption Registry entries are added, changed, removed, activated or deactivated
  • When any functions are denied due to improper authority
  • When data is encrypted or decrypted with a key that requires logging of those events

The audit log entries can be displayed and printed using a variety of selection criteria, including date/time range, user and audit type.

PCI Compliance
The Payment Card Industry (PCI) is a coalition of credit card companies including American Express, Discover, MasterCard and Visa. The PCI has created a Data Security Standard (PCI DSS) which details the security requirements for credit card merchants, service providers and processors. Any organization that stores, processes or transmits cardholder data is required to comply with the PCI DSS.

If cardholder data is accessed by unauthorized individuals, an organization may be subject to the following liabilities and fines associated with non-compliance with PCI DSS:

  • Punitive fines for non-compliance with PCI DSS.
  • All fraud losses incurred from the use of the compromised account numbers from the date of the compromise forward.
  • Cost of re-issuing cards associated with the compromise.
  • Cost of any additional fraud prevention/detection activities required.
  • Potentially the revocation of an organization's merchant account, resulting in their inability to process future credit card transactions.

Crypto Complete will help your organization to comply with the PCI DSS standards through its integrated key management solution and strong System i (iSeries) field encryption / backup encryption features. If you would like to review our White Paper on PCI Compliance specific to Crypto Complete, please send an email to solutions@midlandinfosys.com.

Technical Specs for the IBM iSeries

  • Operating System: V5R2 or higher
  • Disk Space: 75 MB
  • Encryption Algorithms: AES256, AES192, AES128, TDES
  • Key Generation: Random, Passphrase-based, Manual
  • Key Type: Symmetric
  • Master Encryption Keys (MEK): Yes
  • Data Encryption Keys (DEK): Yes
  • Number of Key Stores allowed: Unlimited quantity
  • Number of Keys allowed per Key Store: Unlimited quantity
  • Dual Control of Keys: Yes
  • Separation of Duties: Yes
  • Field Encryption Modes: Automatic or Manual
  • Backup Protection Methods: Symmetric Key or Password
  • Support for Multiple Environments: Yes
  • Audit Trails: Yes

Pricing
Crypto Complete's price is based on the size of your organization's System i or iSeries processor group and starts at $3,995.

OS400_Encryption

 
2130 Platinum Road, Apopka, FL 32703
Copyright © 2012. Midland Information System, Inc. All rights Reserved Terms of Use Privacy Policy Site Map