You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration


Illustration courtesy of Shutterstock

OS Architecture

IBM AIX Cryptographic Services provides a new architectural layer within the AIX OS (Figure 1). The goal of this new layer is two-fold: to provide a consistent set of interfaces for exploiting and managing cryptography system-wide and to enable hardware assistance and high security (FIPS 140) transparently to applications using these interfaces.

The API is provided via an IBM PKCS 11 software implementation. This industry-standard API from RSA Laboratories provides a feature-rich cryptographic suite and system-wide view of cryptographic components, keys and digital certificates.

Software running in the user space accesses these services via an IBM PKCS 11 library, whereas kernel subsystems and device drivers call directly into the kernel via PKCS 11 entry points. The PKCS 11 utilities expose even greater flexibility and control for the architecture by providing administrative management and manipulation of key stores, trust stores, performance tuning and per-algorithm hardware assistance.

IBM AIX Cryptographic Services can be enhanced by optionally adding supported cryptographic hardware modules. The AIX OS abstracts any hardware modules available and allows for administrative control over their utilization. This provides unprecedented flexibility allowing for tailored solutions tuned for performance and high-security FIPS 140 environments. When this hardware is present, encryption algorithms such as the Triple Data Encryption Standard, the Advanced Encryption Standard, and Rivest-Shamir-Adlemancan (RSA) can be transparently accelerated for applications. In addition, sensitive data and keys can be protected in the FIPS 140 tamper-resistant and/or tamper-reactive storage provided by available hardware modules.

 

Chris Lita currently serves as lead cryptography engineer for the AIX Security Team. He is an expert software engineer, who has worked in a diverse set of technology areas within IBM.

Jason Jaramillo is a security software engineer for IBM AIX, specializing in Kerberos, OpenSSL, and Public Key Cryptography Standards 11.

Lucas McLane, CISSP, is an information assurance/software engineer for IBM AIX.

Ravi Shankar is an architect for AIX and PowerHA. He joined IBM 14 years ago and has specialized in wide set of technologies from reliability, availability and serviceability, to AIX security to business resiliency. With more than 19 years of experience in IT, he’s an expert in real-time systems, OS internals and overall system architecture.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters