By embedding this ability into Release 3 of zOS, users now have more flexibility and control to both issue and revoke their own digital certificates instead of having to rely on those from third parties, company officials said.
Being able to create certificates from a host-based system offers an insurance company, for example, the ability to manage the entire lifecycle of its digital certificates, including revising and removing certificates for its policy holders, agents, and other trusted parties. This helps to ensure greater autonomy and efficiency.
This capability is possible through the PKI (Public Key Infrastructure) support built into Release 3 of zOS, something IBM started working on some time ago.
"The effort to create a public key infrastructure into zOS started several years ago when I was bombarded by users, mostly financial and government agencies, who said if we were to build PKI, we should do it at the zSeries level," Linda Distel, program director for IBM's eServer Security, said. "So now we are shipping pretty much an out-of-the-box ability to actually request and receive back digital certificates to large amounts of end-users," she said.
Security vendors pushing PKI technology, such as Entrust Technologies, Baltimore Technologies and RSA Security have discovered user apathy and confusion toward implementing PKI as an add-on component and are exploring ways to embed the technology within security architectures, according to security analysts.
"IBM has made a big step forward here in putting security in the hands of the end-user," said Richard Ptak, an industry consultant. "Before you had to go through a process [to issue and verify digital certificates]. I think [zOS mainframe] will make PKI easier to control and manageable and immediately pay a return to the user. It certainly overcomes a barrier to use."
Other security features added to Release 3 include support for AES (Advanced Encryption Standard), a high-level data encryption cryptographic standard that is replacing DES (Data Encryption Standard).
The new version also has support for DUKPT (Derived Unique Key Per Transaction), an encryption technique that is commonly used among point-of-sale terminals.
Release 3 is expected to be widely available by March 29.