Responding to demands from several of its largest customers, IBM Corp. on March 25 unveiled a new version of its zOS mainframe operating system that allows users to create and manage millions of digital certificates, thereby making e-businesses more secure.
By embedding this ability tightly into Release 3 of zOS, users now have more flexibility and control to both issue and revoke their own digital certificates instead of having to rely on those from third parties, company officials said.
As an example of the advantage being able to create certificates from a host-based system offers, an insurance company can manage the entire lifecycle of its digital certificates, including adding revising and removing certificates for its policy holders, agents, and other trusted parties. This helps to ensure greater autonomy and efficiency.
This capability is possible through the PKI (Public Key Infrastructure) support built into Release 3 of zOS, something IBM started working on some time ago.
“The effort to create a public key infrastructure into zOS started several years ago when I was bombarded by users, mostly financial and government agencies, who said if we were to build PKI, we should do it at the zSeries level,” said Linda Distel, program director for IBM’s eServer Security. “So now we are shipping pretty much an out-of-the-box ability to actually request and receive back digital certificates to large amounts of end-users,” she said.
Security vendors pushing PKI technology, such as Entrust Technologies Inc., Baltimore Technologies PLC, and RSA Security Inc., have discovered user apathy and confusion toward implementing PKI as an add-on component and are exploring ways to embed the technology within security architectures from the beginning, according to security analysts.
“IBM has made a big step forward here in putting security in the hands of the end-user,” said Richard Ptak, an Amherst, N.H.-based industry consultant. “Before you had to go through a process [to issue and verify digital certificates]. I think [zOS mainframe] will make PKI easier to control and manageable and immediately pay a return to the user. It certainly overcomes a barrier to use.”
Last January IBM said it would combine its Tivoli Policy Director solution with VeriSign Inc. technology in an effort to bolster Web single sign-on and authorization services for both enterprise application integration and back-end identity infrastructure. By partnering with and ensuring digital certificate behemoth VeriSign runs on its hardware, IBM has positioned itself as a tough opponent in the secure transaction and identity management space, analysts say.
Along with increased control, the advantage of embedding digital certification into a host-based operating system instead of adding it in separately on lower-level applications is performance and scalability.
“In talking to a lot of state and federal government agencies, they [want] to give out digital certificates to citizens to be able to do business online. So the fact that ours can scale up to some very large number means a state or the post office or very large multinational bank can use this to deals with lots of users,” Distel said.
Other security features added to Release 3 include support for AES (Advanced Encryption Standard), a high-level data encryption cryptographic standard that is replacing DES (Data Encryption Standard).
The new version also has support for DUKPT (Derived Unique Key Per Transaction), an encryption technique that is commonly used among point-of-sale terminals.
Release 3 is expected to be widely available by March 29.