z/OS Cryptographic Services ICSF Overview
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF

Message Authentication Codes (MACs)

z/OS Cryptographic Services ICSF Overview

MACs are used to authenticate and verify data that is transmitted over a network, stored on the system, or stored outside the system (for example, on removable media such as tape). The MAC is generated by using the data itself and a symmetric key. The MAC is sent or stored with the data. The MAC is verified when the data is received or retrieved from storage. The MAC verification process uses the data and the symmetric key.

MACs give you these benefits:

  • You can validate the authenticity of data that is transmitted over a network. You can also ensure that nothing has altered the data during transmission. For example, an active eavesdropper might tap into a transmission line, and either interject bogus messages or alter sensitive data that is being transmitted. Since the sender and the receiver share a secret key, the receiver can use a callable service to calculate a MAC on the received message. The application then compares the MAC it calculates to the MAC that was transmitted with the message. The message is accepted as genuine and unaltered only if the two MACs are identical.
  • Similarly, you can store a MAC with data on tape or DASD. Then, when the system retrieves the data, an application can generate a MAC and compare it with the original MAC to detect alterations.
  • In either data transmission or storage, you can use MACs in an anti-virus campaign. MACs help ensure that no unauthorized executable code has been inserted into your system.

Go to the previous page Go to the next page

Copyright IBM Corporation 1990, 2014