Deliver Your News to the World

IBM Delivers Advanced Encryption Software Designed to Help Organizations Protect Data and Adhere to Compliance Laws


IBM Mainframe Momentum Continues With the Availability of New Encryption Software, the Early Shipment of the High-Capacity System z9, and a Statement of Direction on Encryption Software for ATMs

ARMONK, NY -- 10/28/2005 -- IBM today announced the availability of its advanced encryption software designed to help transport data tapes more securely to partners and remote sites, and help prevent security breaches caused by lost tapes or hacking. IBM also made announcements on the availability of its high capacity System z9 and a statement of direction on new security functionality for ATMs.

Encryption Facility for z/OS version 1.1 supports encryption and decryption of certain file formats on z/OS, the IBM mainframe’s flagship operating system. The new feature leverages the centralized key management capabilities provided by functions of z/OS and features of the IBM System z9 mainframe and zSeries to encrypt data stored on external tapes and disk arrays, which can be critical as companies need to share data with partners in a protected method.

Federal regulations may require organizations to encrypt data at rest or data passing to or from the mainframe in certain situations.

“Encryption is playing an increasing role in protecting a company’s confidential data, adhering to a myriad of laws and serving as a bulwark for its reputation,” said Erich Clementi, general manager, IBM System z9. “Once mainly the concern of financial services firms and the government, now the privacy of data is a front-burner issue for healthcare, retail, e-commerce, and many other types of organizations.”

IBM Encryption Facility for z/OS runs on all currently supported versions of z/OS, and includes two software features that leverage IBM mainframe hardware capabilities:

1) The Encryption Services Feature for Tape Transfer -- This feature

supports encrypting and decrypting data onto data tapes so companies

can share the tapes with partners. Using Public Key Infrastructure

(PKI), partners can remotely decode encrypted data stored on mainframe

tapes. To share encrypted data with partners who don’t have z/OS on a

mainframe, IBM offers a Java-based program, which allows partners whose

systems run Java programs to decrypt data on tapes coming from the

mainframe, and encrypt data to send back to the z/OS mainframe system.

2) The DFSMSdss Encryption Feature for Archival Dump Data Storage --

For customers using the “data-to-tape” utility option in z/OS called

DFSMSdss, IBM plans to make this feature available to enable customers

to encrypt large numbers of files for archival storage. In addition to

encrypting the data, customers will also be able to compress the data,

which can result in fewer tape cartridges to store and manage.

“Building on 15 years of mainframe key management innovation, IBM’s new encryption software delivers another major mainframe differentiator in addressing the core business issues that keep CIOs and CEOs awake at night,” said Clementi. “IBM sees key management and encryption as critical tools in a company’s overall security strategy.”

Shipment of the High-Capacity System z9

Due to customer demand, the high-capacity System z9 -109 model S54 is shipping now, earlier than its original planned availability for November 2005. The S54 delivers nearly twice the capacity, twice the logical partitions, and twice the memory of its predecessor, the IBM zSeries 990.

Statement of Direction on Upcoming Security Features

IBM plans to provide an enhancement to the IBM System z9 Crypto Express2 feature in 2006 that will be designed to enable remote loading of initial keys for Automatic Teller Machines (ATMs), Point of Sale terminals, and other similar devices in which the distributed keys are protected using public-key cryptographic techniques. Remote loading of these keys may help provide a more secure and cost effective alternative to local loading of keys by couriers. This enhancement is planned to support public-key based distribution of initial cryptographic keys, which is intended to be similar to that which is expected to be defined in the new ANSI X9.24-2 standard currently under development. In addition, the enhancement is planned to provide improved methods for exchanging Data Encryption Standard (DES) and Triple-DES keys with non-IBM cryptographic systems.


The Encryption Services feature for tape transfer feature can run on 64-bit zSeries or System z9 mainframes with z/OS and z/OS.e releases ranging from 1.4 to 1.7, and is available today. In addition, IBM is also making available today a free downloadable program -- Java-based Encryption Facility for z/OS -- which can run on platforms that support Java. The DFSMSdss Encryption feature also runs on z/OS 1.4 to 1.7 and is planned to be available on December 2.

About the IBM Mainframe

Designed from the ground up to include intrusion detection features, the IBM mainframe has evolved over the last four decades as a leading server with advanced security features, according to government and industry certifications. The mainframe long has been valued for its security. Financial institutions and other business and government operations rely on its hefty processing power for sensitive or critical data. IBM started shipping most versions of its newest, most sophisticated mainframe, the System z9, on Sept. 16, 2005.

About IBM

IBM is the world’s largest information technology company, with 80 years of leadership in helping businesses innovate. Drawing on resources from across IBM and key IBM Business Partners, IBM offers a wide range of services, solutions and technologies that enable customers, large and small, to take full advantage of the new era of on demand business. For more information about IBM, visit

IBM, eServer, System z9, zSeries and the IBM e-business logo are trademarks or registered trademarks of International Business Machines Corporation. For a list of additional IBM trademarks, please see

All other company/product names and service marks may be trademarks or registered trademarks of their respective companies.


This news content was configured by WebWire editorial staff. Linking is permitted.

News Release Distribution and Press Release Distribution Services Provided by WebWire.