ICSF provides the Field Level Encipher (CSNBFLE) and Field Level Decipher (CSNBFLD) callable services to encrypt payment related data using format preserving encryption algorithms. With APAR OA51102, the key_identifier parameter has been enhanced to accept encrypted DES or AES DATA keys supplied as key tokens rather referenced by key label. This allows applications that store keys outside of the CKDS to take advantage of ICSF's protected key support for the FLE/FLD services. Additionally, ICSF has added support for a CSF-PROTECTED-KEY-TOKEN resource in the CSFKEYS class, which can be used to control whether a key token that is not stored in the CKDS can be used in a protected key operation.

Support is available on HCR77B1 and HCR77C0 via APAR OA51102.