AES |
Advanced Encryption Standard |
A specification for the encryption of
electronic data established by the U.S. National Institute of Standards and
Technology (NIST) in 2001
|
|
Basic format sequential dataset |
A sequential dataset in the original
physical format, which can occupy up to 65,535 tracks on each volume
|
CPACF |
Central Processor Assist for Cryptographic
Function
|
A set of cryptographic instructions
available in hardware on every zSeries processor unit
|
|
Clear key |
An encryption key whose clear, unconcealed
value exists in memory, outside protected hardware (for example, Crypto
Express), while it is being used to encrypt or decrypt data
|
|
Crypto Express |
A family of hardware security modules from
IBM for high-security processing and cryptographic operations
|
|
Cryptography |
The practice and study of techniques for
secure communication in the presence of adversaries
|
DASD |
Direct-Access Storage Device |
A device providing persistent storage in
which each block (the smallest unit of an I/O operation) can be accessed
directly and quickly by specifying its location on the device; colloquially
also referred to as “disk”
|
DFSMS |
Data Facility Storage Management
Subsystem
|
A z/OS subsystem that automates and
centralizes the management of persistent storage (disks and tapes)
|
|
Encryption key |
A parameter for an cryptographic algorithm.
Must be kept secret in most applications (“secret key”), but some also work
with “public keys”
|
EXCP |
Execute Channel Program |
A low-level I/O interface |
|
Extended format sequential dataset |
A sequential dataset that can be striped,
encrypted or compressed, or any combination thereof
|
ICSF |
Integrated Cryptographic Service
Facility
|
A z/OS subsystem that creates and manages
cryptographic keys and performs crypto operations in software or
hardware
|
JCL |
Job Control Language |
The language of job control statements used
to specify jobs to the job entry subsystem (JES)
|
JES |
Job Entry Subsystem |
A subsystem used by z/OS to receive jobs
into the operating system, schedule jobs for processing, and control job output
processing
|
|
Key |
In the context of encryption, a shorthand
for encryption key
|
|
Key label |
A parameter to identify an encryption key,
used by ICSF as a handle to locate the encryption key and its associated
parameters
|
|
Large format sequential dataset |
A sequential dataset in an advanced
physical format, which can occupy up to 16,777,215 tracks on each
volume
|
|
Protected key |
A variation of secure key for
high-performance bulk encryption and decryption using the CPACF
instructions
|
RACF |
Resource Access Control Facility |
A component of the Security Server for
z/OS, used to identify and authenticate users, authorize users to access
protected resources, and record and report access attempts
|
|
Secure key |
An encryption key that has been encrypted
under another key and is used in a way that its clear value never leaves a
hardware security module (for example, Crypto Express)
|
SMS |
Storage Management Subsystem |
A shorthand for DFSMS, Data Facility
Storage Management Subsystem
|
XTS |
XOR-Encrypt-XOR Tweakable Block Cipher with
Ciphertext Stealing
|
A block cipher mode of operation used for
encrypting data on storage devices
|