iSecurity Field Encryption for IBM i

First Way to Secure Your Data


Encryption is the process of encoding information. Encryption is vital for protecting confidential information and expediting compliance with PCI-DSS, GDPR, HIPAA, SOX, other government regulations and state privacy laws.

Restricting access is sometimes sufficient, but encryption is stronger

What's Field Encryption used for?

Information that usually needs to be encrypted:

  • Credit Card Numbers
  • Personal Information, Medical information
  • Account numbers, ID numbers
  • Passwords

Segregate the way data is displayed:

  • Clear text 5201 1234 5554 0830
  • Masked **** **** **** 0830
  • No data —————————-

Field Encryption supports a single Key Manager / single Token Manager for multiple Data Managers

iSecurity Field Encryption at a Glance

Compliance and Encryption

Encryption is also the way to ensure that sensitive data is presented in the way that suits the user, and the circumstances.

Those who are entitled to access your data will see the data in clear text, masked, scrambled, or not see it at all, as appropriate. PCI-DSS, HIPAA, GDPR and other regulatory bodies require encrypting sensitive parts of the data.

Our Solution

The iSecurity Field Encryption solution, part of the iSecurity suite, allows you to fully protect all sensitive data without modifying your software. A change that is done externally without changing the Level-Check of your file (i.e. Files remain intact), but is reflected in:

  • Your programs, regardless of whether they use SQL or Native IO
  • Any system utility including FTP, Query, DFU
  • DB-Journal

IBM i 7.1 introduced the database exit program FIELDPROC. Using this feature for encryption makes it part of the database capabilities and eliminates use of additional files. iSecurity Encryption was designed after the FIELDPROC announcement and does not need to have backward capability with outdated technology – providing efficiency and simplicity.

Key Features

  • Files are never locked; they are available for application use even when encryption keys are refreshed.
  • Supports all types of data: Character, Zoned Decimal, Packed Decimal, CLOB and BLOB. Supports null-capable data as well as non-null-capable data.
  • Comprehensive Find Sensitive Fields system provides superior quality in searching based on iterations over partial estimation of size, type, name, text, etc.
  • Works on a wrapper program, so does not require the program source.
  • Optimized for data masking and consumes no CPU for decryption in such cases.
  • KEK (Key encrypting Keys) as well as Data Keys can be automatically changed, unattended.
  • In a multi-site environment, a single key manager can be set to support all sites, centralizing all key-related activity.
  • Key Manager, Data Manager, and Token Manager can optionally be installed on different IBM i LPARs.
  • Supports both Encryption and Tokenization.
  • Policy driven security and limitation of capabilities ensures Separation of Duties.
  • Comprehensive logs for tracing of activities.
  • Full journaling system guarantees that any change in parameters is logged.
  • Uses NIST encryption standards.
  • Adheres to both GDPR, PCI and COBIT standards.
  • 128-bit, 192-bit, and 256-bit AES encryption supported.
  • Based on IBM Native APIs.

Related Products


IFS virus checks and scans, Native Object Integrity checks, alert by email and by Syslog.


Detects and prevents attacks by WannaCry, Petya and other similar malware.

PGP Encryption

Private and Public key technology for encrypting data files end-to-end.


Network security, controlling Exit Points, Open DB’s and SSH. Rule Wizards and graphical BI.