Encryption and Decryption within RVI

Until recently, the decision to encrypt images and/or data has been a choice made by IT Managers, Human Resource Managers, customer service managers, security professionals, et al.  More times than not, that decision had to be made based on the risk of the images and/or data being compromised, the cost of encryption (hardware and/or software), processing overhead, the unwieldiness of the encryption process, and the possibility that the encryption/decryption keys could be lost or stolen. The latter risk of losing the keys to decrypt the information would likely result in the images and/or data being lost or inaccessible. These collective risks would usually result in a decision against encryption.

However, criminal acts such as stolen identities, the hacking of credit card databases, etc. have forced lawmakers and corporate entities to rethink the idea of encryption. Legislation requiring encryption of stored information, coupled with the sheer necessity of protecting private information and resources, has led the IT world into an entirely new realm of security measures, whether information is stored on traditional storage media (internal disk drives) or on portable devices (external storage appliances). With the proliferation of low cost external storage appliances, the exposure of data is of concern, particularly when the data on the storage device is accessible to the internet or local networks that are in turn accessible from the internet.

In order to meet the requirements of encrypting image and report files that are stored on external media and/or storage appliances, RVI has developed an optional encryption/decryption system based on IBM’s encryption and decryption Application Programming Interfaces (API). The API’s use the 256-bit Advanced Encryption Standard (AES). AES is a commonly used encryption and decryption standard used by federal agencies of the United States government, the Department of Defense, and many companies in the private sector. This encryption and decryption standard is approved by the Federal Information Processing Standards Publication 197 (FIPS 197) by the United States Department of Commerce.

The RVI Encryption and Decryption System encrypts image and spool data as it is moved to storage (the RVI “burn” process). When capturing spool reports, there is an optional post-capture program that can be deployed that will automatically encrypt and burn the spool data to storage. Then, when the images or spool data is retrieved for viewing or other processing, the data is decrypted.

In addition to the encryption and decryption of image and spool data, there are RVI API’s for encrypting and decrypting strings of data. These API’s are useful for the encryption of information included in web browsers Universal Resource Locators (URL). For example, you could email a link to your IBM i and encrypt information such as account numbers or other identifying information. Your HTTP server software can then take that URL and decrypt the encrypted part of the URL and then act on the information provided.

The RVI Encryption and Decryption System does not encode and decode communications across networks, such as the communications that take place between web browsers and web servers. Communications encryption and decryption is better suited to a secure communications layers such as Hypertext Transport Protocol Secure (HTTPS). HTTP Strict Transport Security is recommended to be used in conjunction with HTTPS. IBM has a Software Technical Document (380575235) on configuring HTTPS with the IBM HTTP Server for IBM i and IBM WebSphere Application Server 6.0.

This RVI feature requires an operating system of V5R4 or higher. It is recommended that your IBM i be at current cumulative PTF levels.

 Mike Miller