Cryptographic services ensure that IBM Cognos 8 communications and sensitive data are secure. Encryption is used to secure
static data
temporary data
transient data
Two categories of encryption strength are available for IBM Cognos 8. Basic encryption is the standard IBM Cognos cryptographic service included with IBM Cognos 8. If an assessment of your security risks indicates a need for stronger cryptographic services, you can replace the standard IBM Cognos cryptographic services with one of the enhanced encryption modules.
For more information, see Configuring the Cryptographic Environment.
IBM Cognos 8 relies on the functionality of a certificate authority (CA) to provide cryptographic services. By default, IBM Cognos 8 provides a simple built-in CA. You may choose to disable it and use a third-party CA. You can use any third-party CA that generates Base-64 encoded X.509 certificates. For more information, see the Installation and Configuration Guide.
The IBM Cognos standard cryptographic provider, which uses Standard OpenSSL, is included with IBM Cognos 8. It includes the following:
secure sockets layer (SSL) services
The SSL protocol is used to secure communication between IBM Cognos 8 components installed on the same computer or on different computers.
trusted requests on BI bus messages
Signatures are used to digitally sign some messages to ensure that they come from a recognized IBM Cognos 8 service.
encryption of the deployment process
Symmetric algorithms are used to encrypt and decrypt data in the export and import processes.
encryption of temporary files
Symmetric algorithms are used to encrypt and decrypt temporary files.
Data stored in the database depends on database security to protect it.
The standard IBM Cognos cryptographic provider uses an encryption mechanism with keys up to 56 bits. Use it either with the built-in certificate authority (CA), or with a third-party CA.
If you require stronger security, you can replace the standard IBM Cognos cryptographic provider with a module that provides enhanced encryption.
Enhanced encryption modules are available. They are packaged separately to adhere to government regulations controlling the export of cryptographic software.
You can add enhanced encryption after you start using IBM Cognos 8 with standard encryption. However, after you install enhanced encryption and configure IBM Cognos 8 to use it, you cannot return to standard encryption.
This module uses encryption algorithms with a key size up to 168 bits for symmetric encryption operations.
You can use the Enhanced Encryption Module for OpenSSL either with the built-in IBM Cognos 8 certificate authority (CA) or with a supported third-party CA. To use a third-party CA, you must purchase and install appropriate software before you install and configure the Enhanced Encryption Module for OpenSSL.
This module uses encryption algorithms with a key size up to 168 bits for symmetric encryption operations.
If you choose the Enhanced Entrust encryption provider, you must purchase and install an Entrust Public Key Infrastructure (PKI), which includes its own CA. The PKI must be available before you install and configure the Enhanced Encryption Module for Entrust.