Watson Supply Chain Ideas

Submit new product ideas for Watson Supply Chain solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed.

Connect with users and IBM experts on the B2B Collaboration Community

Submit ideas for other Watson Customer Engagement Products:

Watson Marketing
Watson Campaign Automation
Watson Commerce

Encrypted storage and obscured entry of HSM partition password

The new HSM connectivity process within Sterling Integrator v5.2.6 leaves the HSM partition password stored in clear text.
RBS Security rules require the following
1) The partition password must be input in two parts (the password is only released to two separate people, both of whom have signed declarations that they will not disclose their part to the other bearer)
2) The input of the password must be obscured. No part of the password can be viewed during the input process
3) The password must be encrypted at rest. Currently this is in clear text within the new hsm.properties file.

I have been advised to raise this PMR by our IBM consultants (Keith Marsh and Lee Wilson. I will additionally be raising an RfE stating the same requirements.

This requirement is urgent (which is why I have given it severity 2), as our existing Luna4 HSMs are beyond end of life, and the upgrade programme we are currently running (moving from ISBI v5.2.1 to ISBI v5.2.6.3) needs to complete this quarter in order to allow the bank to comply with the SWIFTNet 7.2 programme for FileAct before the November end date

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Aug 4 2018
  • Needs review
How will this idea be used?

Protection of the HSM Partition password, ensuring security of certificates stored on the HSM partition

What is your industry? Banking
What is the idea priority? Urgent
DeveloperWorks ID
Link to original RFE
  • Attach files