TEI/Dino-Protect

 

 

What is Dino-Protect?

• Dino-Protect is as set of encryption subroutines that allow a programmer to easily encrypt VSAM or non-VSAM data on z/OS or z/VSE. Although the programmer has full control over which fields are encrypted, they do not have to have any knowledge of encryption methods. They don’t even need to know the full key used to encrypt the data, just a secondary record level key.
• Dino-Protect provides an enhancement to the BACKUP/RESTORE feature of VSE/VSAM to allow a VSE customer to create encrypted backups for off-site storage.

 

Why use Dino-Protect?

·          Regulatory

·          Sarbanes Oxley Act (SOX) - 2002

·          Data Protection/ Privacy Laws

·          Federal laws

·          Gramm-Leach-Bliley Act – 1999

·          CAN SPAM Act – 2003

·          Health Insurance Portability and Accountability Act - 1996

·          Fair Credit Reporting Act, and more ...

·          State Laws

·          California Online Privacy Protection Act (OPPA) – 2003

·          Restrictions on Social Security Numbers

·          Business Requirements

·          VISA-CISP, MasterCard, Discover, AMEX

 

What must be protected:

·          Personally Identifiable Information (PII)

·          PII is any information that in itself or as part of a unique combination recognizes an individual by unique descriptors and/or identifiers

·          Name, Address, SSN, Credit Card Number, Birth Date, Phone Number, Driver's License Number, Mother's Maiden Name, Passport Number, Email Address, Fax Number, Bank Account Numbers, Online Identifiers and Birth Certificate Number.

·          Sensitive Data

·          Sensitive data is a subcategory of PII, which requires heightened scrutiny and special treatment under the law. All personnel collecting and/or processing Sensitive Data must be aware of the sensitive and highly confidential nature of the Data and handle it with the appropriate level of protection required by law

·          Racial/Ethnic Origin, Political Affiliation, Financial Information, Religious Beliefs/affiliation, Health – Physical and Mental, Sexual Preferences, Criminal Record, Age, Marital or Family Status, Census Records, Bank and Credit Card Numbers, Educational History, Juvenile Criminal Proceedings, Adoption records, Welfare and Social Service records, Benefit records, and Inheritable characteristics.

 

How does Dino-Protect help?

 

Dino-Protect addresses two areas:

• Application and System Security
• Encryption and Decryption of Personal Information
• Backup Security (VSE only)
• Encrypted backup tapes.
• Network Security
• Transmission of Personal Information in bulk-file processes

 

With wide-spread TCP/IP connectivity to computer on which PII data is stored, these laws and policies suggest or even require the encryption of all PII data stored on accessible storage (DASD). Think of the consequences of someone breaking into your machines FTP server and downloading that credit card activity log? Or even worse, your customer master database.

 

Also, consider the exposure of an FTP transmission being sent over the public Internet.

 

Consider the recent media reports of  “lost”  backups. Should someone “acquire” your backup tapes that were created using Dino-Protect, no PII would be exposed.

 

How does Dino-Protect operate?

 

TEI provides a series of custom subroutines that can be called by any programming language or utility that uses standard s/390 linkage methods. (Cobol, Assembler, RPG, Sort, etc.). These custom modules are unique to each organization and will not be provided to any other organizations. Each module contains a 128bit company password seed (common to all your modules) and a second 128bit module password seed (unique to each module). These two password seeds are only known to TEI to protect an organization from exposure due to a disgruntled employee. In addition, each time the program calls an encryption module, it can optionally pass a third 128bit, record level password.

 

These custom modules are the property of the organization and can be used as needed in perpetuity. In other words, TEI will not hold any organization's data hostage. There is NO annual fee to use these modules. They belong to the organization to use as it wishes.

 

TEI provides multiple modules so that an organization can share a module with a business partner that they are trading data with. The number of modules are determined by each organization's needs and how many modules they contract to purchase.  To make it easy to send your VSE VSAM master files to a MVS business partner, the modules run on either VSE or MVS. Since the file is already encrypted on the local DASD device, the data can be FTPed “as-is” to a business partner. Then an organization can send them the decryption module. (Remember, they must store the original organization's data on their DASD in an encrypted format also.)

 

For our VSE customers, a special version of IDCAMS is provided that will allow IDCAMS BACKUP jobs to specify an “ENCRYPT” option. Creating encrypted backups is as easy as including our run-time library in the IDCAMS LIBDEF and adding the new “ENCRYPT” option to your jobstream.

 

For more information:

 

Contact Teri at:

            407-323-4773

            bsisales@bsiopti.com

 

Dino-Protect is distributed by Barnard Software, Inc. (BSI)

Dino-Protect is a product developed by Thigpen Enterprises, Inc. (TEI)