Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM Z Dataset Encryption: How does the mechanism encryption function?

Published byFrauke Bruhn Modified over 6 years ago

Similar presentations

Presentation on theme: "IBM Z Dataset Encryption: How does the mechanism encryption function?"— Presentation transcript:

1 IBM Z Dataset Encryption: How does the mechanism encryption function?
IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation November 10,

2 A video of this presentation is available at:
IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 10, page 2

3 Data encryption Something encrypted
Crypto Express Card (Hardware Security Modul) Hardware Storage Area CPACF (for CPU) & HSA (memory) wrapping key AES key label F Data encryption IPL Domain 1 data key AES data key AES wrapping key DES master key AES Domain 2 data key in protected mode master key AES master key DES Domain 3 CPACF (for CPU) & HSA (memory) master key DES master key AES master key RSA Crypto Express Card ICSF address space master key DES master key ECC master key RSA key label F decrypt key label F key label F master key ECC master key RSA data key AES data key AES - F data key AES data key AES dataset: DATA.** master key ECC protected flag data key in protected mode data key in protected mode CKDS data key DES A key label A RACF data key AES B encrypted by: secure, secure (protected flag) or clear key data key DES key label B call of key label associated data key AES key label E Creation of dataset DATA.** Cryptographic Key Dataset DFSMS symmetric key data key HMAC E data key HMAC key label F JCL: DSKeyLbl data key AES ICSF: To generate all type of keys. data key AES F AES: advanced encryption standard DEA: Data Encryption Algorithm MSA: message security assist CPACF: CP assist for crypto functions DES: data encryption standard HMAC: hashing CCA: common cryptographic architecture SHA: secure hash algorithm MAC: message authentication code PRNG: pseudo random number generator PCKMO: perform cryptographic key management p60: The z10 GA3 microcode introduces wrapping keys , which are created each time that an LPAR undergoes a System z clear/reset operat ion. This operation is normally performed each time that the z/OS system is IPLed. The wrapping keys are held in the HSA and are specific to each LPAR. PKDS TKDS key label C Certificate: Name I + public key key label I data key RSA C encrypted by: secure or clear key data key RSA key label D encrypted by: secure or clear key certificate token Something encrypted asymmetric key PKA Key Dataset Token Key Dataset data key RSA D data key RSA key label G key label H PKCS#11 H data key ECC PKCS#11 data key ECC G IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 10, page 3

4 Now, we will explain step by step!
IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 10, page 4

5 Data encryption Something encrypted
Crypto Express Card (Hardware Security Modul) Hardware Storage Area CPACF (for CPU) & HSA (memory) wrapping key AES key label F Data encryption IPL Domain 1 data key AES data key AES wrapping key DES master key AES Domain 2 data key in protected mode master key AES master key DES Domain 3 CPACF (for CPU) & HSA (memory) master key DES master key AES master key RSA Crypto Express Card ICSF address space master key DES master key ECC master key RSA key label F decrypt key label F key label F master key ECC master key RSA data key AES data key AES - F data key AES data key AES dataset: DATA.** master key ECC protected flag data key in protected mode data key in protected mode CKDS data key DES A key label A RACF data key AES B encrypted by: secure, secure (protected flag) or clear key data key DES key label B call of key label associated data key AES key label E Creation of dataset DATA.** Cryptographic Key Dataset DFSMS symmetric key data key HMAC E data key HMAC key label F JCL: DSKeyLbl data key AES ICSF: To generate all type of keys. data key AES F AES: advanced encryption standard DEA: Data Encryption Algorithm MSA: message security assist CPACF: CP assist for crypto functions DES: data encryption standard HMAC: hashing CCA: common cryptographic architecture SHA: secure hash algorithm MAC: message authentication code PRNG: pseudo random number generator PCKMO: perform cryptographic key management p60: The z10 GA3 microcode introduces wrapping keys , which are created each time that an LPAR undergoes a System z clear/reset operat ion. This operation is normally performed each time that the z/OS system is IPLed. The wrapping keys are held in the HSA and are specific to each LPAR. PKDS TKDS key label C Certificate: Name I + public key key label I data key RSA C encrypted by: secure or clear key data key RSA key label D encrypted by: secure or clear key certificate token Something encrypted asymmetric key PKA Key Dataset Token Key Dataset data key RSA D data key RSA key label G key label H PKCS#11 H data key ECC PKCS#11 data key ECC G IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 10, page 5

Download ppt "IBM Z Dataset Encryption: How does the mechanism encryption function?"

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |

GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Key Management Workshop November 1-2, 2001. 3. Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Advanced Windows 8 Apps Using JavaScript Jump Start 70-482 Exam Prep M5: Data, Files, and Encryption Michael Palermo Microsoft Technical Evangelist Jeremy.

Advanced Windows 8 Apps Using JavaScript Jump Start Exam Prep M5: Data, Files, and Encryption Michael Palermo Microsoft Technical Evangelist Jeremy.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.

Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.
A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall 2009 18739A: Foundations of Security and Privacy.

A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
Exam 1 Review CS461/ECE422 Fall 2010. Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.

Exam 1 Review CS461/ECE422 Fall Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.

Similar presentations

Ads by Google