 |
 |
 |
Application Integration
Application Integration allows sensitive data to be brought directly into and out of applications without staging unprotected data to disk.
|
|
 |
 |
System Integration
Provides direct access to read or write files on Windows® or UNIX® servers by the z/OS® operating environment. It reduces the number of steps needed to create and extract archives, reducing the total elapsed processing time significantly. |
|
|
|
Integration with IBM® ICSF hardware and software encryption
Leverage your investment in IBM Cryptographic Services Facility to protect sensitive data in significantly shorter elapsed times, while ensuring cross-platform portability provided by the ZIP standard.
|
|
|
Support for IBM’s Protected Key
PKWARE SecureZIP support and exploits IBM’s Protected Key. By utilizing Protected Key, customers are utilizing a more secure encryption solution over clear key and a more efficient/less resource intensive solution than Secure Key.
|
|
|
|
FIPS 140-2 Compliancy
SecureZIP operates using only FIPS 140 validated cryptographic modules, in support of compliance mandated by most Federal government agencies for data security.
|
|
|
|
Enhanced tape processing
Significantly reduce the time needed to write files to and extract files from tape media. Files are written directly to tape media, bypassing the need to stage them to disk first.
|
|
|
|
File name encryption
File name encryption masks file name, file size, and other information to further protect data if it is intercepted in transit or improperly accessed.
|
|
|
|
Industry-leading PKZIP® compression
While most encryption solutions make files larger, SecureZIP® includes PKZIP’s powerful compression algorithms to reduce file size by as much as 95 percent — dramatically reducing CPU cycle, DASD, tape, and bandwidth consumption.
|
|
|
Hardware accelerated compression
PKZIP exploits the z/OS compression features, which enables file reduction to 50 – 70% of their original size. Since it is built into the hardware, customers can save on CPU overhead, which can be utilized to process other workloads with greater efficiency.
|
|
|
Dynamic and static compression dictionaries
Programmers can enable better compression ratios by customizing static dictionaries to your business data. This results in greater storage savings and smaller files spanning your network.
|
|
|
|
ISPF panel integration
Integration with IBM’s Interactive System Productivity Facility (ISPF) allows system operators to initiate PKZIP actions ad hoc, using 3270 screen menus and displays.
|
|
|
|
Encryption via passphrases, digital certificates, or both
SecureZIP® accommodates differing security environments, including those who have PKI and those that do not by enabling encryption and decryption via passphrases, public key/private key pairs, or both at the same time depending on the access requirements of each intended recipient. Recipients can then decrypt files by presenting the correct passphrase or private key.
SecureZIP supports X.509 RSA v3 certificates issued from recognized certificate authorities such as VeriSign®, Entrust®, and Microsoft®.
|
 |
|
|
Digital signatures to verify documents have not been altered
SecureZIP® enables users to sign files with their unique digital certificates. Recipients of signed files can validate the signature to ensure the sender is who they claim to be, and verify that the document has not been altered or tampered with since it was signed. In addition, digital signatures offer non-repudiation — in other words, the signer cannot later claim that the signature is not valid
|
|
|
|
Secure private key store
SecureZIP® Advanced Encryption Module includes a secure private key store that is compliant with major mainframe access control systems such as RACF®, ACF2®, and Top Secret®.
|
|
|
|
Automatic access to public keys in directories
SecureZIP offers an optional interface that integrates with Lightweight Directory Access Protocol (LDAP) compliant directories, such as Sun® iPlanet, Novell® NetWare®, and Microsoft® Active Directory®. LDAP integration makes it easy to locate, retrieve, and apply the public keys for certificate-based encryption.
|
|
|
|
Easy recovery of encrypted files
Improperly used encryption can effectively lock an organization out of its own data. This can put intellectual property in jeopardy of insider theft, and place the entire business at risk if a critical audit requires immediate access to protected data. SecureZIP®’s contingency key capabilities ensure organizations are always able to quickly and easily access documents encrypted by their employees.
|
|
|
|
SAF Enhanced Key Stores
- Protection of private keys used for signing & decryption, located in Security Server Key Rings
- Support for managing and using private keys in IBM’s SAF-controlled ICSF CKDS (Cryptographic Key Data Set)
- Improved key management – shared keys across multiple enterprise applications from an industry standard key store
|
|
|
|
SAF-Secured Passphrase Management
- Improved operational security with the elimination of exposed cryptographic passphrases
- SecureKey operations for algorithms supported by installed cryptographic coprocessors
- Passphrase management isolated from job execution
|
|
|
|
Hardened Policy Lockdown
- Establish security controls strictly enforced using SAF
- Separate resource control from product installation and job execution
- SAF enforcement of Contingency Key processing for encrypted data recovery and oversight
Security audit trail with SMF (System Management Facility) records |
|
|
 |