Skip to main content

Hitachi ID certification

Product Sites

Use of Encryption in Hitachi ID Identity and Access Management Suite

Encryption is used to protect stored Hitachi ID Identity and Access Management Suite data as follows:

Data stored on the Hitachi ID Identity and Access Management Suite server
Data Algorithm Key
Privileged passwords, used to log into target systems 128-bit AES 128-bit random
Answers to security questions 128-bit AES 128-bit random
User old password history SHA-1 64-bit random salt

 

(1)Data transmitted to and from Hitachi ID Identity and Access Management Suite on the network is cryptographically protected, as illustrated by the following examples:

Data transmitted to/from the Hitachi ID Identity and Access Management Suite server
To/From Algorithm Key length
Interactive sessions    
User browser SSL (varies) 128 bits.
Trigger password synchronization    
From Win2K/2K3 AD DC 128-bit AES 128-bit shared secret.
From z/OS    
From Unix    
From LDAP server    
Set passwords, Create/update users    
To SSH scripted target SSH Varies by SSH configuration
To Unix agent 128-bit AES 128-bit shared secret.
To z/OS task    
To RSA Authentication Manager    
To proxy server    
API Session - socket    
From calling system / IVR 128-bit AES 128-bit shared secret.
API Session - web services    
From calling system / IVR HTTPS 128 bits.
Set passwords, Create/update users    
To target system native Varies. Use proxy server when native protocol is inadequate.

 



Hitachi ID Identity and Access Management Suite uses encryption as follows:

  • Administrator credentials -- both those of Hitachi ID Identity and Access Management Suite itself, and those which it periodically randomizes, are encrypted using AES. Also used to connect to AD and to network resources.
  • Communication between the main Hitachi ID Identity and Access Management Suite server and Hitachi ID Identity and Access Management Suite proxy servers is via TCP/IP, protected using AES, encrypted using a shared key.
  • Communication between the main Hitachi ID Identity and Access Management Suite server and local agents on Unix and OS390/zOS target systems is via TCP/IP, protected using AES, encrypted using a shared key.
  • Communication between multiple Hitachi ID Identity and Access Management Suite servers, to replicate data and support high availability and load balancing, is protected using AES, encrypted using a shared key.
  • Communication between IT staff, using web browsers and the Hitachi ID Identity and Access Management Suite web user interface is using HTTP over SSL (HTTPS).
page top page top