Dino-Protect is as set of encryption subroutines that allow a programmer to easily encrypt VSAM or non-VSAM data on z/OS or z/VSE. Although the programmer has full control over which fields are encrypted, they do not have to have any knowledge of encryption methods. They don’t even need to know the full key used to encrypt the data, just a secondary record level key. Dino-Protect provides an enhancement to the BACKUP/RESTORE feature of VSE/VSAM to allow a VSE customer to create encrypted backups for off-site storage.
Dino-Protect addresses multiple security issues:
With wide-spread TCP/IP connectivity to computer on which PII data is stored, these laws and policies suggest or even require the encryption of all PII data stored on accessible storage (DASD). Think of the consequences of someone breaking into your machines FTP server and downloading that credit card activity log? Or even worse, your customer master database.
Also, consider the exposure of an FTP transmission being sent over the public Internet.
Consider the recent media reports of “lost” backups. Should someone “acquire” your backup tapes that were created using Dino-Protect, no PII would be exposed.
TEI provides a series of custom subroutines that can be called by any programming language or utility that uses standard s/390 linkage methods. (Cobol, Assembler, RPG, Sort, etc.). These custom modules are unique to each organization and will not be provided to any other organizations. Each module contains a 128bit company password seed (common to all your modules) and a second 128bit module password seed (unique to each module). These two password seeds are only known to TEI to protect an organization from exposure due to a disgruntled employee. In addition, each time the program calls an encryption module, it can optionally pass a third 128bit, record level password.
These custom modules are the property of the organization and can be used as needed in perpetuity. In other words, TEI will not hold any organization's data hostage. There is NO annual fee to use these modules. They belong to the organization to use as it wishes.
TEI provides multiple modules so that an organization can share a module with a business partner that they are trading data with. The number of modules are determined by each organization's needs and how many modules they contract to purchase. To make it easy to send your VSE VSAM master files to a MVS business partner, the modules run on either VSE or MVS. Since the file is already encrypted on the local DASD device, the data can be FTPed “as-is” to a business partner. Then an organization can send them the decryption module. (Remember, they must store the original organization's data on their DASD in an encrypted format also.)
For our VSE customers, a special version of IDCAMS is provided that will allow IDCAMS BACKUP jobs to specify an “ENCRYPT” option. Creating encrypted backups is as easy as including our run-time library in the IDCAMS LIBDEF and adding the new “ENCRYPT” option to your jobstream.