Linoma is Ready for New Automated Encryption Feature in i/OS 7.1
April 27, 2010 Alex Woodie
Linoma Software last week announced that its i/OS encryption software, called Crypto Complete, is now available to support the new SQL Field Procedures encryption mechanism that IBM built into i/OS 7.1. Linoma is one of only two third-party software vendors that have committed to supporting the new feature, which is expected to eliminate the need to modify application source code to enable encryption in DB2/400.
Support for column-level encryption via the new SQL Field Procedures exit point is one of the biggest enhancements to DB2/400 with i/OS 7.1, the other being native support for XML. Industry regulations like PCI are driving a big surge in adoption of encryption technology among the System i installed base, but there have been steep barriers to entry. The new encryption capability should dramatically lower these barriers and allow many more System i shops to encrypt their data.
Prior to this release, customers often needed to modify their application source code to enable encryption in their existing i/OS applications. Customers could do this themselves, using APIs and programming advice from IBM, but this could only be done by the most experienced programmers. Instead, many customers would use a third party like Linoma to supply the expertise, as well as algorithms and key management tools.
But even vendors like Linoma had their hands tied to some extent under the previous encryption paradigm. If customers did not have access to source code, it put them at a decided disadvantage. Vendors like Linoma could often find ways around to enable encryption even without source code. But if the data was of numeric in nature, such as packed decimal, signed decimal and integer data types, it would require the data to be stored in a separate file. Overall it was just not as easy as it could be.
That should all change now with the new SQL Field Procedures capability in DB2/400. IBM has supplied an API to activate the new exit point, which enables encryption and decryption routines to be called whenever data is read from, inserted into, or updated into a DB2/400 database field. Best of all, it does not require source code changes.
Linoma says the new Field Procedures function is similar to the database trigger method it previously used to enable encryption in DB2/400, but with several benefits, including the capability to decrypt the field before it’s sent back to the application during a read operation, and the elimination of the need for separate file for numeric data.
“We utilize database column triggers in Crypto Complete to automatically encrypt fields on prior versions of IBM i,” states Bob Luebbe, chief architect for Linoma. “With Field Procedures and our new version of Crypto Complete, data can also be automatically decrypted without having to make application changes. This is a huge benefit for customers that are running canned packages and don’t want to change their source code.”
Linoma says it worked closely with IBM and an early beta version of i/OS 7.1 to ensure Crypto Complete works with the new column-level encryption capability. Testing confirms the new version of Crypto Complete is compatible with the new operating system, the vendor says.
Linoma is holding a webinar on Thursday, May 13, at 11 a.m. CDT to discuss the new version of Crypto Complete. You can register for the webinar, which is called “Crypto Complete and SQL Field Procedures,” at Linoma’s Web site at www.linomasoftware.com.