The Internet Protocol TCP/IP (Transmission Control Protocol) has been the standard protocol for sending data across continental, system, and platform boundaries for almost two decades. The effectiveness and simplicity of the protocol are certainly the reason for its worldwide successful use.
This transport layer protocol segments the data and ensures that it is sent in the correct order and to the correct host at the end of the transfer.
However, the data encapsulated by a TCP segment is not secure. This means that any intruder on the network can read and understand the data portion.
However, this is a major problem when sensitive company data, credit card information, or basically any data that should not be seen by others is shared.
For this purpose, the data must be transmitted over a secure connection.
The encryption protocol SSL (Secure Sockets Layer) was already developed and presented in the mid-1990s but was replaced by Transport Layer Security (TLS) at the beginning of the 21st century.
Due to the growing importance of the Internet and the ever-increasing amount of data, the requirements for data security also increased.
The IBM already brought with the z9 Enterprise/Business class with the Crypto Express2 an adapter on the market, which was an asynchronous cryptographic coprocessor or accelerator. The adapter contained two cryptographic engines, which can be configured independently of each other as coprocessor or accelerator.
The latest version is the Crypto Express6. It contains one cryptographic engine that can be configured either as a coprocessor or accelerator.
On the software side, the component ICSF (Integrated Cryptographic Service Facility) is available in z/OS.
ICSF is a software component of the z/OS operating system. According to IBM documentation, ICSF "works with the hardware cryptographic features and the Security Server (RACF element) to provide secure, high-speed cryptographic services in the z/OS environment."
Cryptographic services can be requested from applications via programming interfaces. The encryption functions are carried out either by an own hardware (cryptographic co-processor) or by the operating system itself.
In the field of cryptography, certain standards of the United States also apply. These are the Federal Information Processing Standard (FIPS).
FIPS are regularly included in the technical terms of delivery of all governmental organizations in the United States as a basis for tenders. In this way, they have a considerable influence on information technology, because manufacturers strive to meet these standards with their products in order to obtain public contracts.
Two of these standards are worth mentioning: FIPS 140-2 (security requirement for cryptographic modules and FIPS 186-3 (standard for digital signatures).
BOS also supports these globally recognized standards.
On the workstation side, tcVISION supports the version of OpenSSL implemented by the respective customer.
On the mainframe side, the requirements of Cryptographic Services System Secure Sockets Layer programming are supported.
For the z/OS user, the use of cryptographic functions is completely transparent. Depending on the implementation, cryptography is performed either by a separate cryptographic coprocessor (if installed) or by the operating system.
The use of digital certificates is also fully supported. Thus, it is possible that within a tcVISION network an individually protected tcVISION Manager or Agents can communicate with a tcVISION Controlboard or Dashboard.
The first goal of BOS is to always be up to date with the latest technical developments.
Practical application experiences at the customer's site are available. tcVISION already supports all strategically important systems and applications for data replication in the environment of hybrid IT architecture. More will follow in the future.
An overview of all supported input and output targets can be found here.