IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

Encrypt and Decrypt data in COBOL


IBM Mainframe Forums -> COBOL Programming
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
murugan_mf

Active User


Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India

PostPosted: Tue Jul 10, 2012 1:50 pm
Reply with quote

Hi All,
We have a task where we need to mask some account numbers in a
dataset. Actually we thought of writing a program to encrypt and
decrypt.
I wanted to know if is there any other way this can be done?

Soliciting thougths.
Back to top
View user's profile Send private message
Bill Woodger

Moderator Emeritus


Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix

PostPosted: Tue Jul 10, 2012 1:54 pm
Reply with quote

You want to encrypt? Or you want to garble so that live client data cannot reasonably be revealed?
Back to top
View user's profile Send private message
murugan_mf

Active User


Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India

PostPosted: Tue Jul 10, 2012 2:14 pm
Reply with quote

we Prefer to encrypt the data
Back to top
View user's profile Send private message
Bill Woodger

Moderator Emeritus


Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix

PostPosted: Tue Jul 10, 2012 2:21 pm
Reply with quote

Talk to your technical support to see what is available at your site.

If nothing already, your best bet would be to buy something in. Or allocate a lot of time/money to implement and test it yourselves.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8651
Location: Dubuque, Iowa, USA

PostPosted: Tue Jul 10, 2012 2:34 pm
Reply with quote

If your goal is to meet PCI standards, your site needs to buy something to do the encryption. Implementing an acceptable (under PCI) encryption method is not a simple task.
Back to top
View user's profile Send private message
murugan_mf

Active User


Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India

PostPosted: Tue Jul 10, 2012 2:52 pm
Reply with quote

Thsi we are doing it internally and not required to met PCI standards.
Back to top
View user's profile Send private message
Bill Woodger

Moderator Emeritus


Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix

PostPosted: Tue Jul 10, 2012 2:54 pm
Reply with quote

If you use a very simple "encryption" it won't be very secure but won't cost as much in resources.

But really, why do you want to encrypt but not do it properly?
Back to top
View user's profile Send private message
murugan_mf

Active User


Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India

PostPosted: Tue Jul 10, 2012 3:03 pm
Reply with quote

We dont want to let users to see some confidential information and that is reason we planning to write a program to do that..but before we define our own rules to write a program, i am just want to know will this can be done in any other way.
Back to top
View user's profile Send private message
Bill Woodger

Moderator Emeritus


Joined: 09 Mar 2011
Posts: 7309
Location: Inside the Matrix

PostPosted: Tue Jul 10, 2012 3:06 pm
Reply with quote

Really? How are they getting to see the data? They have TSO/ISPF access?

Even so, why would you need the decrypt? For what you've said, either don't show it to them, or garble it.

Explain further, please.
Back to top
View user's profile Send private message
murugan_mf

Active User


Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India

PostPosted: Tue Jul 10, 2012 3:29 pm
Reply with quote

Yes, some users will have.
First of all we dont want to open up with all the available account numbers.
after analysing the data(only a/c no will be encrypted) and any discrepencies found with the record then they will come back to us asking the account number.
During that instance we need to decrypt the record alone and give back to them.
Back to top
View user's profile Send private message
Nic Clouston

Global Moderator


Joined: 10 May 2007
Posts: 2455
Location: Hampshire, UK

PostPosted: Tue Jul 10, 2012 4:57 pm
Reply with quote

If they are going to have acces anyway when they come across an anomolie why not just give them the access to start with and save all the hassle? Either they are authorised or they are not. If not then have the security software stop them from looking at the data. If you still want to mask the account numbers then look in the DFSort forum - someone was doing that the other month.
Back to top
View user's profile Send private message
Anuj Dhawan

Superior Member


Joined: 22 Apr 2006
Posts: 6250
Location: Mumbai, India

PostPosted: Tue Jul 10, 2012 6:43 pm
Reply with quote

It might sound rude but - before one attempts to do what you say, one need to understand the basic difference between encryption and garble-the-data. There are commercially available products that do field level encryption; use one of them to encrypt the data as you copy from one place to another -- commercial products are available in market, because this is a serious business and not done using some home grown utility. Having said that, I agree will Bill on this, as you talk about account numbers, garble-the-data is what you need.

Just my .02$...
Back to top
View user's profile Send private message
Jose Mateo

Active User


Joined: 29 Oct 2010
Posts: 121
Location: Puerto Rico

PostPosted: Tue Jul 10, 2012 7:57 pm
Reply with quote

Good day to all!

I have a solid background on Encryption/Decryption. First with ATM software and then with HSM (Hardware Security Module), I just finish implementing PCI standard at the bank where I work at. One thing I could tell you is that encryption/decryption is not a easy task first of all, if you decide to encrypt the account number then you need to modify all the programs that reference the account number plus the account number will not be displayable unless you decrypt it back to displayable format. IBM has callable encryption/decryption module which you could use. Now if you want to make it simple and just mask the account number using a masking table then all you will do is use the account digit as a subcript to the masking table replacing the account digit with the offset digit of the masking table. Now I will let you decide and think of the rest of the process. Good luck!!
Back to top
View user's profile Send private message
enrico-sorichetti

Superior Member


Joined: 14 Mar 2007
Posts: 10833
Location: italy

PostPosted: Tue Jul 10, 2012 8:39 pm
Reply with quote

Quote:
We have a task where we need to mask some account numbers in a
dataset.


then all of it falls under PCI or similar compliancy,

even if You are not a financial institution, Your CEO and CIO are still responsible for the protection and access of <sensitive> data.

before worrying about the lowly technicalities better worry about the organizational and legal issues.
Back to top
View user's profile Send private message
murugan_mf

Active User


Joined: 31 Jan 2008
Posts: 148
Location: Chennai, India

PostPosted: Wed Jul 11, 2012 9:59 am
Reply with quote

Thank you all for your valuable comments.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> COBOL Programming

 


Similar Topics
Topic Forum Replies
No new posts Cobol prog to put an indicator on the... JCL & VSAM 1
No new posts COBOL Ascending and descending sort n... COBOL Programming 5
No new posts COBOL program logic for comparisipn o... COBOL Programming 2
No new posts Split a record with data in a differe... DFSORT/ICETOOL 8
No new posts COBOL - create and write to output fi... COBOL Programming 0
Search our Forums:

Back to Top