IBM Updates z/OS

Native PKI Support

• By Chris McConnell
• 03/25/2002

IBM Corp. will release the third version of its mainframe operating system z/OS, it said Monday. The new version, which includes additional security features, should ship Friday.

z/OS release 3 includes embedded Public Key Infrastructure (PKI), allowing enterprises to use the mainframe as a PKI server. PKI assigns digital certificates to users in order to authenticate their identities for secure transactions. Integrating a PKI infrastructure into an enterprise is often characterized as difficult.

“It’s a huge digital certificate system with PKI capability,” says Linda Distel, IBM’s program director for eServer security, of the new OS capabilities. The operating system now features a repository for storing and managing certificates and an API so applications can take advantage of the new feature.

Distel says IBM implemented the feature in response to customer requests. She says many customers wanted to assign certificates to each of their customers, creating the need for a system that can handle millions of unique certificates – a task suited to IBM mainframes.

One vertical market particularly interested in the feature was financial services, which is often required by law to encrypt all transactions. Moving applications and PKI to the mainframe can ensure no unencrypted data is on the wire. “You really have total privacy until you get to the server,” Distel says.

z/OS release 3 also adds native support for the Advanced Encryption Standard (AES). AES is a new encryption standard endorsed by the US government based on the Rijndael algorithm. DUKPT support, which is often used in point of sale terminals, is also included.

Native security features are nothing new for IBM mainframes. Distel points to IBM’s inclusion of hardware encryption. IBM has shipped mainframes with the 4758 dedicated encryption processor for some time and markets other encryption processors overseas.