Overview of Latest Features for IBM Ported Tools

by

Sdsusa.com

IBM Ported Tools for z/OS is a program product to deliver applications and tools for z/OS platform and it is supported on z/OS 1.10 and above. OpenSSH is a ported application provided by IBM Ported Tools for z/OS and it provides secure encryption for both remote login and file transfer.

The latest features for IBM Ported Tools for z/OS include MAC algorithms of OpenSSH and the new z/OS extensions ICSF ciphers. As an update now OpenSSH can be set up to use Integrated Cryptographic Service Facility (ICSF) to implement Message Authentication Code (MAC) algorithms and certain ciphers. This extension is provided by PTF for APAR OA37278. It enables OpenSSH to use hardware support.

Allowing ICSF in OpenSSH helps minimizing the CPU time consumed by SSH sessions on z/OS resulting in increased data transfer. This support applies to all the client and server commands ssh, scp, sftp, sshd and sftp-server. ICSF enables the use of cryptographic function CPACF (CP Assist for Cryptographic Function) hardware support. This new feature addresses the following requirements

Eliminate unnecessary SMF error messages

Added internal serviceability improvements

Modified buffer relocation to minimize heap fragmentation

The rapid data processing automation enables the businesses to transmit sensitive data on open communication networks and store confidential data offline, increasing the potential threat of the sensitive data being accessed by unauthorized persons. To make a distributed computing environment secure, a combination of elements must work together. According to International Organization for Standardization (ISO) standard 7498-2 the security functions are as follows

Identification and authentication of the user

Access control for resources

Data confidentiality

Data integrity

Security management and

Non-repudiation

To provide data confidentiality and identity authentication and in turn protect the business commerce on Internet, cryptographic services are mandatory.

Cryptography represents a set of techniques for disguising data. The encrypted data is only available to the authorized persons who can readily restore the data to its original form. The growth of distributed systems and the vast use of Internet have resulted in increased data security needs and cryptography efficiently solves this purpose by maintaining data confidentiality and verifying data integrity. The common processes dealt by Cryptography are

Enciphering or encrypting the plain text

Deciphering or decrypting the cipher text

Condensing a long message into a compact bit string called hashing and

Generating and verifying digital signatures

ICSF supports IBM\’s Common Cryptographic Architecture (CCA), which is based on the ANSI Data Encryption Algorithm (DEA) and the Advanced Encryption Standard (AES). In these cryptographic systems secret keys are shared in between two parties to protect data and keys that are exchanged on the network and establish and secured communications channel. ICSF uses triple DES encryption for data privacy and AES for encrypting and decrypting using 128-bit, 192-bit and 256-bit secure and clear keys. For public key cryptography, ICSF supports both NIST Digital Signature Standard algorithm and Rivest-Shamir-Adelman algorithm, where each party establishes a pair of public key and private key. The public keys are published in a reliable information source and private keys are maintained in secure storage.

Apart from encryption and decryption of data, ICSF provides application programs for the following tasks

Generate, verify and translate Personal Identification Number (PIN)

Ensure data integrity by using Message Authentication Codes (MACs), digital signatures, hashing algorithms or VISA card / Master card Verification Code

Provide enhanced key management for Crypto Assist instructions

Provide remote key loading for Automated Teller Machines (ATMs)

Develop Secure Electronic Transaction (SET) applications and acquire payment gateway

PKA-encrypt and PKA-decrypt symmetric key data

Develop EMV ICC applications using CSNBSKY, CSNBPCU, CSNBDKG and CSNBSPN callable services

Since 1982, Software Diversified Services is providing first-quality software and technical support for IBM mainframes and VM, VSE, zos ftp and other systems. SDS offers VNAC, an ideal

Netview replacement

, improving most-used components of

NetView mainframe

software like simple, precise filtering for system logs and session data; robust Netview REXX scripting support.

Article Source:

ArticleRich.com