121
Other / Re: Data Encryption CMOD MP and DB2
« on: December 19, 2011, 02:45:16 AM »
Hi Steve,
I don't have an experience with Vormetric. But I have experience with the developement of a PCI complient client server application to decrypt and encrypt card numbers. This application is very quickly: about 1000 transactions / second (Z/OS, AIX, Windows environment). So I know it's possible to optimize encription logic.
Regarding CMOD I think the following would help. The logic structure (regarding CMOD) keeps unencrypted (p.e. printer control characters / CR / LF). The data itself will be encrypted. If needed (part) of the indexes will be encrypted. Doing it like this arsmaint is not affected because it doesn't know that it works with encrypted data. But you need additional logic implemented in input, index and preview exits and the frontend. You can use the open ssl library or ICSF in Z/OS to implement such a logic.
This looks very complex. But with a good modular design this challenge can be met.
regards
Egon
I don't have an experience with Vormetric. But I have experience with the developement of a PCI complient client server application to decrypt and encrypt card numbers. This application is very quickly: about 1000 transactions / second (Z/OS, AIX, Windows environment). So I know it's possible to optimize encription logic.
Regarding CMOD I think the following would help. The logic structure (regarding CMOD) keeps unencrypted (p.e. printer control characters / CR / LF). The data itself will be encrypted. If needed (part) of the indexes will be encrypted. Doing it like this arsmaint is not affected because it doesn't know that it works with encrypted data. But you need additional logic implemented in input, index and preview exits and the frontend. You can use the open ssl library or ICSF in Z/OS to implement such a logic.
This looks very complex. But with a good modular design this challenge can be met.
regards
Egon