AES Encryption for the IBM i (AS/400)

Encryption that is Optimized for Performance

Alliance AES/400 encryption APIs are capable of encrypting 1 million credit card numbers in less than one CPU second. They are highly optimized for performance, and perform up to 100X faster than equivalent IBM APIs on the IBM i platform.

Automated Encryption and Decryption on the IBM i

Alliance AES/400 supports the FIELDPROC exit point in the latest release of OS/400, v7r1.  Encrypt and decrypt fields that store data such as credit card numbers, SSN, birth dates, address, account numbers and other PII instantly without impacting applications. Alliance AES/400 FIELDPROC support will protect access to the data without changing your database or your applications. There is need to no reformat your database, or expand field sizes.

Easily Control Access to Sensitive Data with Data Masking

Automatically mask all but Last 4 or First 6 characters of credit card and social security numbers on decryption. Replace sensitive names, addresses, phone numbers, and other information with non-sensitive information. For organizations that automatically encrypt data on IBM V7R1, automatic encryption and decryption on the IBM i works for all users and applications. Administrators cannot rely on native IBM i object, or user authorities to control access to encrypted data. AES/400 helps enforce user access control with a built in data masking capability.  Security administrators can easily define the users who should have access to all of the data, and then define a default policy that masks critical data for other users.

Meet compliance requirements with NIST certified encryption

Alliance AES/400 is the only NIST Certified AES database encryption solution for IBM i V7R1 (and all supported IBM i releases). AES/400 uses certified 256-bit AES encryption for FIELDPROC data protection.

 

Externally Manage Encryption Keys for Regulatory Compliance

Meet PCI and HIPAA/HITECH compliance requirements using Townsend’s FIPS 140-2 certified encryption key manager.  Administrators can enforce separation of duties and maintain dual control over encryption keys and the encrypted data.  Key Manager automates all encryption key management processes including key rotation, retrieval and change to save time and money.

Spooled File Report Encryption

Capture and encrypt spooled file reports automatically in real time or on a daily schedule. Encrypted reports are maintained on-line with view and reprint capability. User controls and automation are fully supported.

IFS File Encryption

Encrypt and decrypt files in any IFS directory. Files can be encrypted on the IBM i platform and decrypted on Windows and Linux.

Save File Encryption

Encrypt and decrypt any save file to an on-line archive. Encrypted save files can be moved to off-line storage or transferred to another IBM i platform for decryption.

Self-Decrypting Archives

Encrypt IBM i files to a Windows self-decrypting archive executable program. Self-decrypting archives can be transferred to a Windows user and decrypted without the requirement for additional software. This facility is ideal for the secure distribution of small files.

Compliance Logging

Compliance logging is integrated into all configuration and key management activities. Encryption and decryption logging can be implemented by policy or at the API level. Full support for IBM Security Audit journal QAUDJRN. Optional Alliance LogAgent product collects all security events for transfer to log collection server or SIEM solution.

 

Key sizes

128-bit Symmetric keys

192-bit Symmetric keys

256-bit Symmetric keys

Algorithms

FIPS-197 compliant and NIST certified Advanced Encryption Standard (AES)

Encryption modes

Electronic Codebook (ECB)

Cipherblock Chaining (CBC)

Counter (CTR)

Output Feeback (OFB)

Cipher Feedback (CFB1, CFB8, CFB128)