Data security

Encryption is the process of transforming data so that it cannot be understood by anyone but the intended recipient. Decryption is the process of transforming encrypted data so that it can be understood again. Encryption and decryption allow two communicating parties to disguise data that they send to each other. The sender encrypts, or scrambles, the data before sending it. The receiver decrypts, or unscrambles, the data after receiving it. While in transit, the encrypted data is not understood by an intruder.

The TPF Operations Server protects messages that flow between clients and servers. In normal operation, the data that is sent between the server and the client is plaintext data, which is data that is not encrypted. This means that anyone who is able to access the network between the server and the client could view this data without restriction, which may present security risks, especially if authentication credentials are passed from the client to the server. To decrease this possibility, you can use the data encryption user exit, which allows you to define custom encryption and decryption routines. You can activate this user exit on the client or server from the console or through the C++, Java™, and REXX APIs to encrypt and decrypt messages, commands, and authentication data that is sent over the network.

Figure 1 provides an overview of how the data encryption user exit is used.