IBM decided in 1971 to develope its own encryption algorithm. It became DES. IBM has since provided many very strong encryption products for commercial use, and has, of course, a great experience today with a Cryptographic Competence Centre placed in Copenhagen..

IBM is still focusing very much on encryption products, both in hardware and software. Hardware provides a better protection of encryption keys etc., and normally a better performance than software, which on the other hand has the advantage of flexibility.

IBM encryption Products - overview

Software:

¤ First Secure ¤

¤ Key Works ¤

¤ Lotus Notes ¤

¤ WebSphere ¤

¤ Crypto Based Transactions ¤

¤ Distributed Key Management System ¤

¤ OS/390 HTTP Security Server ¤

¤ Open Cryptographic Services Facility ¤

 

IBM 4758 PCI Cryptographic Coprocessor

A Crypto Coprocessor for PCI bus machines such as PC's, IBM Netfinity, RS/6000, and AS/400 providing encryption, MACing, PIN, Digital Signature functions:

  1. Users: Designed for corporate users, but can also be used by private users
  1. Application: SET, application encryption, web, EDI, SSL etc.
  1. Security level: Up to 168 bit TripleDES, 1028 RSA key management, 2048 RSA digital signature. SHA-1 and MD5 Hashing.
  1. Standards: Model 001: Highest security certification given: Federal Information Processing Standards on Computer Security (FIPS) 140-1 level 4.

Model 013: FIPS 140-1 level 3. Level 4 provides very secure Tamper Resistant protection.

  1. Security standards: Complies to the normal encryption standards.
  1. Distribution: Can be distributed uninitialised and be initialised automaticly from central site ( via DKMS, ref later).
  1. Price level: Model 001: D.Kr.15.300. Model 013: D.Kr. 13.300.
  1. More information: http://www.ibm.com/security/cryptocards/

 

IBM S/390 Cryptographic Coprocessor Facility

High performance Cryptographic Coprocessor integrated on the S/390 internal bus. It provides

  1. Users: Designed for corporate users, but can also be used by private users
  1. Application: application encryption, web, EDI, SSL etc.
  1. Security level: 128 and 192 bit master keys. Up to 168 bit TripleDES, 1028 RSA key management, 1024 RSA/DSS digital signature. SHA-1, MD5, MDC-2, MDC-4 Hashing.
  1. Standards: Model 001: Highest security certification given: Federal Information Processing Standards on Computer Security (FIPS) 140-1 level 4.

Security standards: Complies to the normal encryption standards.

  1. Distribution: Included in S/390. Appropiate software included in OS/390.
  1. Price level: Included in S/390. Price for appropiate software included in OS/390.
  1. More information: http://www.ibm.com/security/products/prod_cryp.html

IBM First Secure

An extensive IBM Security software product. Regarding encryption it provides

IBM SecureWay Toolbox containing toolkits for SSL (java), PKIX, Authorisation API, and LDAP. Software for Certification Authority (CA) is included as well (Trusted Authority). Encryption on the transport layer (Virtual Private Network) is provided in two ways: Traditional VPN 'firewall-to-firewall encryption' and also 'user-to-application VPN encryption'.

  1. Users: Designed for all kind of users.
  1. Application: application encryption, web, SSL, EDI etc.
  1. Security level: Up to 128 bit TripleDES, 1028 RSA key management, 1024 RSA digital signature.
  1. Standards: CDSA v2 encryption API. PKIX. Appropiate PKCS standards. X509.v3 certificates.

Security standards: Complies to the normal encryption standards.

  1. Distribution: Download.
  1. Price level: D.kr. 600 per user. This price includes in addition to the encryption facilities Contents scanning, Intrusion Detection, Antivirus, and Policy Director.
  1. More information: http://www-4.ibm.com/software/secureway/

Trusted Authority can also be sold individually as well as Vault Registry. Both are for CA's.

IBM Key Works

An individual part of First Secure. CDSA v2 encryption interface to the hardware above or its own software based crypto. Price level: D.Kr. 14 per run time module.

Open Cryptographic Services Facility

Is Key Works on OS/390. Concerning price: Is included in OS/390.

Crypto Based Transactions

An end-to-end security solution providing application-to-application encryption as well as digital signatures for non-repudiation, authentication, and data integrity. Can also use SSL encryption. Can run with or without certificates, and with or without smartcards. Supports the encryption hardware above, also the CCF on S/390.

  1. Users: Designed corporate users and their customers/vendors.
  1. Application: application encryption, web, SSL, etc.
  1. Security level: Up to 128 bit TripleDES, 1028 RSA key management, 1024 RSA digital signature.
  1. Standards: HTTP protocol. PKCS #7, 10, 11, and 12 standards. X509.v3 certificates.

Security standards: Complies to the normal encryption standards.

  1. Distribution: Download. Client portion is in Java.
  1. Price level: From D.kr. 350.000. This price includes up to 1000 users.

Distributed Key Management System

An advanced Key Mangement System primarily for symmetric keys (DES) providing a proprietary high level encryption API, benefiting of the crypto facilities on the hardware above. Mainly designed for the banks for their Automatic Teller Machiens, Point of sales terminals, secure PIN processing, interbanking network etc.

Lotus Notes - Lotus Domino.

Ensure e-mails and other messages over the net.

  1. Users: Designed for all kind of users
  1. Application: e-mail, SSL.
  1. Security level: 56 bit Des and 64 bit RC2/RC4 encryption without any 'Work reduction Factor'. Can encrypt up to 128 bit TripleDES. 1028 RSA key management, 1024 RSA digital signature.
  1. Standards: S/MIME, SSL.

Security standards: Complies to ISO 8730, 8731, and 9564 enncryption standards.

  1. Distribution: Lotus Notes requires installation of the client part. Lotus Domino does not.
  1. Price level: About D.Kr. 17.000 per server including a Lotus CA part. About D.kr. 450 per client.