ENCRYPTION & TOKENIZATION

Alliance AES Encryption for IBM i Evaluation Guide

Use This Guide to Evaluate Encryption for Your IBM i The following guide is provided to help you evaluate the features of an IBM System i data encryption product. Townsdend Security products undergo periodic enhancement – if you have a question about a feature that is not in the following list please contact us for more information.

About Townsend Security Townsend Security provides data encryption & tokenization, key management, secure communications, and compliance logging solutions to Enterprise customers on a variety of server platforms including IBM i, IBM z, Windows, Linux, and UNIX. The company can be reached on the web at www.townsendsecurity.com, or (800) 357-1019.

www.townsendsecurity.com

724 Columbia Street NW, Suite 400, Olympia, WA 98501 | 800 357 1019 +1 360 359 4400 Fax 360.357.9047

Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature

Alliance AES/400 Alternative Solution

Encryption AES encryption (FIPS-197 compliant)

Yes

AES encryption (FIPS-197 compliant)

Yes

Cipher Block Chaining (CBC) mode

Yes

Counter (CTR) mode

Yes

Output Feed Back (OFB) mode

Yes

Cipher Feed Back (CFB) mode (CFB1, CFB8, CFB128, and all intermediate Yes bit sizes) 128-bit encryption key support

Yes

192-bit encryption key support

Yes

256-bit encryption key support

Yes

NIST AES Validation

Yes, all key sizes and modes for both encryption and decryption

Cross-Platform Support IBM System i (iSeries, AS/400) Microsoft Windows NT/2000/2003/ XP/2008 and SharePoint Linux (SUSE, Red Hat; 32-bit Intel and 64-bit POWER)

Yes Yes Yes

Sun Solaris

Yes

IBM AIX

Yes

IBM System z z/OS (zSeries, Mainframe)

Yes

Creates self-decrypting archives for Windows

Yes

Windows whole file encrypt / decrypt

Yes

Linux whole file encrypt / decrypt

Yes

Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature

Alliance AES/400 Alternative Solution

Field Encryption API support for ILE applications with service program API support for OPM applications with callable interface

Yes Yes

SQL view, trigger and UDF support

Yes

Requires field expansion

No (CTR mode)

Requires shadow file

No

Encrypt data areas, data queues, MQSeries

Yes

Encrypt System/36 type fields

Yes

Compliance audit trails

Yes

Integrated key management

Yes

Integrated key server

Yes

Utilities Data masking (hide significant numbers) Yes Data masking (substitution) including credit card number, social security number, drivers license, address, city, state, zip/postal, and birth date Base64 and Base 16 (hex) encode/decode

Yes

Yes

ASCII / EBCDIC data conversion

Yes

SHA hash

Yes

Compression with encryption

Yes

PKCS5 padding

Yes

Initialization vector and counter generation

Yes

Zip/Unzip

Yes

Hex to binary data conversion

Yes

Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature

Alliance AES/400 Alternative Solution

Key Management Integrated secure key management

Yes

Encryption server with secure SSL/TLS Yes communications Key server with secure SSL TLS key reYes trieval Create symmetric keys

Yes

Dual knowledge split key support

Yes

Import / export keys

Yes

Automatic key change (rollover)

Yes

Diffie-Hellman key generation

Yes

Cryptographically secure PRNG key genYes eration Regulatory audit compliance

Yes

Role based access control

Yes

Mirror keys to separate iSeries with iTera, Vision, MIMIX, etc. Windows key retrieval from .NET, VBNET, C#, Java Linux / UNIX key retrieval from C, C++, Java

Yes Yes Yes

System i key retrieval from RPG, Cobol

Yes

System z key retrieval from z/OS, MQSeries

Yes

Applications Tape encryption

Yes

Save file (SAVF) encryption

Yes

IFS / Windows Network / NFS file encryption

Yes

DB2 whole file encryption

Yes

Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature

Alliance AES/400 Alternative Solution

Applications (continued) Spooled file encryption, archival, and reYes trieval Encrypted spool file user access control Yes Create self-decrypting archives

Yes

Third-Party Integration PowerTech PowerLock integration

Yes

IBM security audit journal

Yes

Performance Encrypt 1 million credit cards under 1 secYes ond Cached local key retrieval

Yes

Cached remote key retrieval

Yes

Discovery and Assesment User library discovery

Yes

User file discovery

Yes

Database analysis for sensitive data

Yes

Program analysis and cross-reference

Yes

User-defined criteria

Yes

Assessment reports

Yes

Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature

Alliance AES/400 Alternative Solution

Compliance Logging and Reporting Selective encryption logging

Yes

Selective decryption logging

Yes

IBM security journal QAUDJRN logging

Yes

Compliance reports

Yes

System log collection and consolidation

Available

Monitor and Alert System audit journal (QAUDJRN)

Yes

SMTP email notification

Yes

QSYSOPR message queue

Yes

SNMP trap messages

Yes

Access Controls Role based application access

Yes

User access control to commands

Yes

User access control to APIs

Yes

Access controls to key management

Yes

Compliance audit report

Yes

Biometric control option

Available

Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature

Alliance AES/400 Alternative Solution

Documentation User reference manual

Yes

API reference guide

Yes

On-line panel help

Yes

On-line command help

Yes

Quick start guides

Yes

Sample source code

Yes

Notes: