Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Encrypting passwords and user data

User data and passwords are not passed in encrypted form on connections between UTM application and trusted clients (i.e. clients generated trusted clients; see point 3 in chapter "System access control").

Passwords from (non-trusted) UPIC clients are always encrypted and then passed to the UTM application in openUTM if the client as well as the server supports encryption. Passwords are also encrypted in this case if no encryption was agreed to for the connection.

BS2000 systems

Passwords are only passed in encrypted form on connections between UTM applications on BS2000 systems and VTSU partners if encryption was agreed to for the connection or if the password was entered in a blanked-out field.

The encryption of user data is optional. This is negotiated between the client and the server when a UPIC conversation or connection to a VTSU partner is established.

  • The client can force encryption.
    The ENCRYPTION-LEVEL keyword in the Side Information file and the Set_Encryption_Level function call are available for a UPIC client for this purpose.

    BS2000 systems

    The encryption level is defined on the host for VTSU partners. Various encryption levels can be specified, from unconditional encryption for all applications through the encryption of individual messages that the user himself has selected.

  • A UTM application can request encryption for a certain service or a certain partner.

If one of the partners requests encryption, then the request for encryption is either accepted by the other side or the conversation/connection between the partners is not established.

Encryption is always negotiated on a conversation-to-conversation or connection-to-connection basis. Message-specific encryption via the program interface is not possible.

You can assign every client and every service an encryption level in the configuration of the UTM application. The encryption level specified whether or not messages from the client must be encrypted. The encryption levels are defined with the KDCDEF option ENCRYPTION-LEVEL in the TAC, PTERM and TPOOL statements.

The encryption levels can be used by openUTM to control the access of clients as well as the access to certain services.

Powered by Atlassian Confluence and Scroll Viewport.