The Integrated Cryptographic Service Facility protects data from unauthorized disclosure or modification. ICSF protects data stored within a system, stored in a file off a system on magnetic tape, and sent between systems. ICSF also authenticates the identity of customers in the financial industry and authenticates messages from originator to receiver. It uses cryptography to accomplish these functions.

ICSF provides access to cryptographic functions through callable services. A callable service is a routine that receives control using a CALL statement in an application language. Each callable service performs one or more cryptographic functions, including:

• Generating and managing cryptographic keys
• Enciphering and deciphering data with encrypted keys using the U.S. National Institute of Standards and Technology (NIST) Data Encryption Standard (DES), Advanced Encryption Standard (AES) or the Commercial Data Masking Facility (CDMF)
• Enciphering and deciphering data with clear keys using either the NIST Data Encryption Standard (DES), or Advanced Encryption Standard (AES)
• Transforming a CDMF DATA key to a transformed shortened DES key
• Reenciphering text from encryption under one key to encryption under another key
• Encoding and decoding data with clear keys
• Generating random numbers
• Ensuring data integrity and verifying message authentication
• Generating, verifying, and translating personal identification numbers (PINs) that identify a customer on a financial system

This topic provides an overview of the symmetric key cryptographic functions provided in ICSF, explains the functions of the cryptographic keys, and introduces the topic of building key tokens. Many services have hardware requirements. See each service for details.