ENCRYPTION & TOKENIZATION
Alliance AES Encryption for IBM i Evaluation Guide
Use This Guide to Evaluate Encryption for Your IBM i The following guide is provided to help you evaluate the features of an IBM System i data encryption product. Townsdend Security products undergo periodic enhancement – if you have a question about a feature that is not in the following list please contact us for more information.
About Townsend Security Townsend Security provides data encryption & tokenization, key management, secure communications, and compliance logging solutions to Enterprise customers on a variety of server platforms including IBM i, IBM z, Windows, Linux, and UNIX. The company can be reached on the web at www.townsendsecurity.com, or (800) 357-1019.
www.townsendsecurity.com
724 Columbia Street NW, Suite 400, Olympia, WA 98501 | 800 357 1019 +1 360 359 4400 Fax 360.357.9047
Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature
Alliance AES/400 Alternative Solution
Encryption AES encryption (FIPS-197 compliant)
Yes
AES encryption (FIPS-197 compliant)
Yes
Cipher Block Chaining (CBC) mode
Yes
Counter (CTR) mode
Yes
Output Feed Back (OFB) mode
Yes
Cipher Feed Back (CFB) mode (CFB1, CFB8, CFB128, and all intermediate Yes bit sizes) 128-bit encryption key support
Yes
192-bit encryption key support
Yes
256-bit encryption key support
Yes
NIST AES Validation
Yes, all key sizes and modes for both encryption and decryption
Cross-Platform Support IBM System i (iSeries, AS/400) Microsoft Windows NT/2000/2003/ XP/2008 and SharePoint Linux (SUSE, Red Hat; 32-bit Intel and 64-bit POWER)
Yes Yes Yes
Sun Solaris
Yes
IBM AIX
Yes
IBM System z z/OS (zSeries, Mainframe)
Yes
Creates self-decrypting archives for Windows
Yes
Windows whole file encrypt / decrypt
Yes
Linux whole file encrypt / decrypt
Yes
Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature
Alliance AES/400 Alternative Solution
Field Encryption API support for ILE applications with service program API support for OPM applications with callable interface
Yes Yes
SQL view, trigger and UDF support
Yes
Requires field expansion
No (CTR mode)
Requires shadow file
No
Encrypt data areas, data queues, MQSeries
Yes
Encrypt System/36 type fields
Yes
Compliance audit trails
Yes
Integrated key management
Yes
Integrated key server
Yes
Utilities Data masking (hide significant numbers) Yes Data masking (substitution) including credit card number, social security number, drivers license, address, city, state, zip/postal, and birth date Base64 and Base 16 (hex) encode/decode
Yes
Yes
ASCII / EBCDIC data conversion
Yes
SHA hash
Yes
Compression with encryption
Yes
PKCS5 padding
Yes
Initialization vector and counter generation
Yes
Zip/Unzip
Yes
Hex to binary data conversion
Yes
Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature
Alliance AES/400 Alternative Solution
Key Management Integrated secure key management
Yes
Encryption server with secure SSL/TLS Yes communications Key server with secure SSL TLS key reYes trieval Create symmetric keys
Yes
Dual knowledge split key support
Yes
Import / export keys
Yes
Automatic key change (rollover)
Yes
Diffie-Hellman key generation
Yes
Cryptographically secure PRNG key genYes eration Regulatory audit compliance
Yes
Role based access control
Yes
Mirror keys to separate iSeries with iTera, Vision, MIMIX, etc. Windows key retrieval from .NET, VBNET, C#, Java Linux / UNIX key retrieval from C, C++, Java
Yes Yes Yes
System i key retrieval from RPG, Cobol
Yes
System z key retrieval from z/OS, MQSeries
Yes
Applications Tape encryption
Yes
Save file (SAVF) encryption
Yes
IFS / Windows Network / NFS file encryption
Yes
DB2 whole file encryption
Yes
Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature
Alliance AES/400 Alternative Solution
Applications (continued) Spooled file encryption, archival, and reYes trieval Encrypted spool file user access control Yes Create self-decrypting archives
Yes
Third-Party Integration PowerTech PowerLock integration
Yes
IBM security audit journal
Yes
Performance Encrypt 1 million credit cards under 1 secYes ond Cached local key retrieval
Yes
Cached remote key retrieval
Yes
Discovery and Assesment User library discovery
Yes
User file discovery
Yes
Database analysis for sensitive data
Yes
Program analysis and cross-reference
Yes
User-defined criteria
Yes
Assessment reports
Yes
Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature
Alliance AES/400 Alternative Solution
Compliance Logging and Reporting Selective encryption logging
Yes
Selective decryption logging
Yes
IBM security journal QAUDJRN logging
Yes
Compliance reports
Yes
System log collection and consolidation
Available
Monitor and Alert System audit journal (QAUDJRN)
Yes
SMTP email notification
Yes
QSYSOPR message queue
Yes
SNMP trap messages
Yes
Access Controls Role based application access
Yes
User access control to commands
Yes
User access control to APIs
Yes
Access controls to key management
Yes
Compliance audit report
Yes
Biometric control option
Available
Alliance AES Encryption for IBM i Evaluation Guide by Townsend Security Feature
Alliance AES/400 Alternative Solution
Documentation User reference manual
Yes
API reference guide
Yes
On-line panel help
Yes
On-line command help
Yes
Quick start guides
Yes
Sample source code
Yes
Notes: