IBM System i Security: Protecting i5/OS Data with Encryption
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 24 July 2008
ISBN-10: 0738485373
ISBN-13: 9780738485379
IBM Form #: SG24-7399-00
Authors: Yessong Johng, Beth Hagemeister, John Concini, Milan Kalabis and Robin Tatam
Regulatory and industry-specific requirements, such as SOX, Visa PCI, HIPAA, and so on, require that sensitive data must be stored securely and protected against unauthorized access or modifications. Several of the requirements state that data must be encrypted.
IBM® i5/OS® offers several options that allow customers to encrypt data in the database tables. However, encryption is not a trivial task. Careful planning is essential for successful implementation of data encryption project. In the worst case, you would not be able to retrieve clear text information from encrypted data.
This IBM Redbooks® publication is designed to help planners, implementers, and programmers by providing three key pieces of information:
Part 1, "Introduction to data encryption" on page 1, introduces key concepts, terminology, algorithms, and key management. Understanding these is important to follow the rest of the book.
If you are already familiar with the general concepts of cryptography and the data encryption aspect of it, you may skip this part.
Part 2, "Planning for data encryption" on page 37, provides critical information for planning a data encryption project on i5/OS.
Part 3, "Implementation of data encryption" on page 113, provides various implementation scenarios with a step-by-step guide.
Part 1. Introduction to data encryption
Chapter 1. Data encryption: the big picture
Chapter 2. Algorithms, operations, and System i implementations
Chapter 3. Key management concepts
Part 2. Planning for data encryption
Chapter 4. Analyzing needs and defining scope
Chapter 5. Managing keys on System i
Chapter 6. Choosing a data encryption method
Chapter 7. Database considerations
Chapter 8. Application considerations
Chapter 9. Backup considerations
Part 3. Implementation of data encryption
Chapter 10. SQL method
Chapter 11. Cryptographic Services APIs method
Chapter 12. HW-based method
Appendix A. Additional material