History


History

1984/85 - VORGESCHICHTE (VOR DER WIEDERVEREINIGUNG)

A real-time backup network was to be set up between Berlin and Frankfurt for the West Berlin branches of a major German bank. Due to the mass of data/files and the network speeds at the time, this was difficult or even impossible. This gave rise to the idea of compressing this data before transmission. The methods known at the time were impractical in terms of the resources required (CPU time, RAM, etc.) and their consequences (paging, elapsed time, interference with other processes, etc.).

Since 1984/85 – BACKSTORY (BEFORE THE REUNIFICATION)

For the West Berlin branches of a German major bank, a real-time backup network between Berlin and Frankfurt was to be set up. Due to the volume of data/files and the network speeds at the time, this was difficult to impossible. This led to the idea of compressing the data before transmission. The methods known at the time were not feasible in terms of resource requirements (CPU time, RAM, etc.) and their consequences (paging, elapsed time, impact on other processes, etc.).



1985 – SENSATIONELLE K-EFFEKTE – EXTREME PERFORMANCE

Tests showed that typical data from payment transactions at that time could be compressed by up to 95%, in industry parts lists even by up to 98.5%. In the case of measurement data with a wide spread of (binary) measurement values (possibly even floating point values plus mantissa), over 65% was still achieved, e.g. in the weather service. The method can be implemented extremely efficiently as a software solution for data of this type, especially for the mainframe version coded in assembler.

1985 – SENSATIONAL K-EFFECTS AND EXTREME PERFORMANCE

Tests showed that typical data in payment transactions at the time could be compressed by up to 95%, and in the industry, part lists even by up to 98.5%. For measurement data with a high variation in (binary) measurement values (possibly even floating-point values plus mantissa), over 65% compression was still achieved, e.g., in weather services. This method is highly efficient as a software solution for such data types, particularly for the mainframe version coded in Assembler.



Januar 1986 – VERTRAGSABSCHLUSS MIT EINER DER GRÖSSTEN BANKEN

The bank had more than 40 data centers with different platforms and database systems. Compression software was essential for the nightly synchronization of changes in these databases. This order still exists today. The range of applications within the Group has grown and continues to grow.

January 1986 – CONTRACT WITH ONE OF THE LARGEST BANKS

The bank had more than 40 data centers with different platforms and database systems. A compression software was essential for the nightly synchronization of changes in these databases. This contract remains in effect to this day. The scope of applications within the group grew and continues to grow steadily.



SEIT 1986 – KOMPATIBLE FLAM-VERSIONEN FÜR 60 PLATTFORMEN – LFD. ENTWICKLUNG

From 1986 to the present day, FLAM has been implemented for 60 compatible platforms. This has made it possible to declare FLAM the standard in various data exchange procedures, e.g. in clearing procedures. A large number of conversion problems had to be solved in order to ensure the compatibility of characters, fields, formats etc. as well as a transmission-compatible format of the FLAMFILE for the respective FT product/procedure. In payment transactions, this also included a format that remains printable despite compression and can be converted as a text file for file transfer (EBCDIC <=> ASCII).

In addition to the very many platforms required for the standard in payment transactions, switching systems (switches) in global mobile networks were added for the backup (local) and transmission of measurement data to central IT systems for the international clearing of measurement and billing data (billing records) from network operators and providers as well as their platforms for further processing, making FLAM the standard in the GSM network as well. FLAM quickly became widespread in the banking industry, not only among institutions, their associations and publishers, but also among service providers associated with the banking, stock exchange and credit sectors. The clearing of card operators and the handling of cards for orders and authentication were added to this.

FLAM users no longer need to know which computer system the “reader” has or will have in order to process a FLAMFILE created with FLAM. This means that FLAMFILEs can also be decompressed that were created on a system that no longer exists. When decompressing, FLAM uses the character encoding and data formatting that are standard for the respective system. It is also possible to control a converted output according to your own specifications. This also applies to archived original files from the “past of the IT world”, which are merely converted with FLAM.

SINCE 1986 – COMPATIBLE FLAM VERSIONS FOR 60 PLATFORMS – ONGOING DEVELOPMENT

From 1986 to today, FLAM has been implemented to be compatible with 60 platforms. This made it possible to establish FLAM as a standard in various data exchange processes, e.g., in clearing processes. A multitude of conversion issues had to be resolved to ensure the compatibility of characters, fields, formats, etc., as well as a transmission-ready format for FLAMFILE tailored to the respective FT product/process. In payment transactions, this also included a format that remains printable and convertible into a text file for file transfer despite compression (EBCDIC <=> ASCII).

In addition to the numerous platforms required for the payment transaction standard, there were also mediation systems (switches) in global mobile networks for securing (locally) and transmitting measurement data to central IT systems for the international clearing of measurement and billing data (billing records) of network operators and providers, as well as their platforms for further processing. This made FLAM a standard in GSM networks as well. FLAM quickly spread in the financial sector, not only among institutions, their associations, and publishers but also among service providers related to banking, stock exchange, and credit industries. This included the clearing of card operators and the handling of cards for orders and authentications.

FLAM users no longer need to know which computer system the "reader" has or will have to process a FLAMFILE created with FLAM. Thus, FLAMFILEs created on systems that no longer exist can still be decompressed. FLAM aligns its decompression with the character encoding and data formatting standards of the respective system. It is also possible to control a converted output according to custom specifications. This also applies to archived original files from the "past of the IT world" that are simply converted using FLAM.



SEIT 1992 – FLAM ALS SUBSYSTEM FÜR MVS (IBM MAINFRAME) – AB VERSION V2.X

To simplify the integration of FLAM into applications and make it completely transparent, a subsystem for accessing the DMS (Data Management System) of the MVS has been developed so that FLAM can be integrated like an I/O driver between the application and MVS (additional product). The parameter “SUBSYS=FLAM” in the DD statement is sufficient. Integration can take place in applications with sequential as well as index-sequential processing.

A major customer immediately used this for the daily processing of mass data - in the form of hundreds of VSAM files. In the process, some fundamental VSAM problems were solved en passant in favor of this access method. The effects in terms of saving CPU time, disk space and latency in a complex process were and are sensational. This is solely due to the fact that compression takes place in self-sufficient units (matrices), whereby even variable-length records are permitted. FLAM works with its own, highly optimized VSAM key management, which also allows repetitions in the application's original key.

SINCE 1992 – FLAM AS A SUBSYSTEM FOR MVS (IBM MAINFRAME) – FROM VERSION V2.X

To simplify and make the integration of FLAM into applications completely transparent, a subsystem was developed for accessing the DMS (Data Management System) of MVS. This allows FLAM to be integrated as an I/O driver between the application and MVS (add-on product). The parameter "SUBSYS=FLAM" in the DD statement is sufficient. The integration can be used for both sequential and indexed sequential processing in applications.

A major customer immediately used this for the daily processing of mass data – in the form of hundreds of VSAM files. In the process, several fundamental VSAM issues were solved in favor of this access method. The effects regarding savings in CPU time, disk space, and latency in a complex process were and still are sensational. This is solely due to the compression in self-contained units (matrices), even allowing records with variable lengths. FLAM works with its own, highly optimized VSAM key management, which also allows repetitions in the original key of the application.



SEIT 1993 – DURCH FLAM KANN MAN IM BACKUP-RESTART-MODE ARBEITEN

A special application for encrypted data exchange required a solution in which the file to be transmitted, of any size, would not require the entire transmission to be repeated in the event of interruptions due to faults, as a fully integrable process including compression and encryption. By forming self-sufficient units, this was no problem with FLAM. You can fall back on such a self-sufficient unit that has already been compressed and encrypted and simply repeat the entire process.

SINCE 1993 – FLAM ENABLES WORK IN BACKUP-RESTART MODE

A specific application for encrypted data exchange required a solution where the transmission of a large file, interrupted by disruptions, would not require repeating the entire transfer. This had to be implemented as a fully integrated process, including compression and encryption. By creating self-contained units, this was no problem for FLAM. One can rely on such a self-contained unit that has already been compressed and encrypted and only repeat the interrupted process completely.



SEIT 2000 – SERIELLES UND PARALLELES SPLITTING

In order to limit the amount of data to be transferred at once for large files and to make better use of parallel transmission paths, parallel and serial splitting of FLAMFILES was introduced at the customer's request when they were created.

SINCE 2000 – SERIAL AND PARALLEL SPLITTING

To limit the amount of data to be transferred at once for large files or to better utilize parallel transmission paths, parallel and serial splitting of FLAMFILES was introduced at the request of customers during their creation.



SEIT 2005 – ÖFFNUNG ZU JEDEM KEY MANAGEMENT ÜBER FKME – AB VERSION 4.1

It is possible to easily adapt any encryption method and key management system. The FKME (FLAM Key Management Extension) is used for this purpose. This also makes it possible to link FLAM with an existing HSM (Hardware Security Module) in the respective system. If the user needs to change the key and/or the encryption method, it is sufficient to restrict the change to the header of the FLAMFILE. The encrypted segments/members including MACs only need to be copied. A PCIDSS-compliant solution for ordering debit and credit cards, for example, was created via this service provider interface and is now in use worldwide.

SINCE 2005 – OPENING TO ANY KEY MANAGEMENT VIA FKME – FROM VERSION 4.1

It is possible to adapt any encryption methods and key management systems easily. The FKME (FLAM Key Management Extension) is used for this purpose. This also allows FLAM to be linked with an HSM (Hardware Security Module) present in the respective system. If the user needs to change the key and/or encryption method, it is sufficient to limit the changes to the header of the FLAMFILE. The encrypted segments/members, including MACs, only need to be copied. Through this service provider interface, a PCI DSS-compliant solution for ordering debit and credit cards was created, which is now used worldwide.



SEIT 2012 – INTEGRATION DER VERSCHLÜSSELUNGSTECHNIK IN FLAM-SUB – AB VERSION V4.4

This procedure can be integrated into an application via the FLAM subsystem on z/OS, for example; FLAM offers the corresponding interfaces on other platforms. This provides a perfect solution that ensures that plain text data does not leave the respective application when it is created and is also not decrypted outside an application. It is therefore only ever necessary to decrypt and decompress when the plaintext data is actually needed within the respective application, without the application being aware of this. This is the most secure solution for end-to-end security. The user thus (over)fulfills the requirements of the PCIDSS (Payment Card Industry Data Security Standard).

SINCE 2012 – INTEGRATION OF ENCRYPTION TECHNOLOGY INTO FLAM-SUB – FROM VERSION V4.4

This method can, for example, be integrated into an application on z/OS via the FLAM subsystem; on other platforms, FLAM offers the appropriate interfaces. This provides a perfect solution to ensure that plaintext data does not leave the application at the time of its creation, nor is it decrypted outside the application. Decryption and decompression only occur when the plaintext data is actually needed within the respective application, without the application being aware of it. This is the most secure solution for end-to-end security. The user meets (or even exceeds) the requirements of the PCI DSS (Payment Card Industry Data Security Standard).



SEIT 2025 – NEUE FLAM5 ARCHIVE MIT INSERT, UPDATE, DELETE AND SEARCH – AB VERSION 5.2

With our new FLAM5 archives, we have integrated the previous full-access solution with FLAM into our archive format. The new format now represents its own incremental file system (each change leads to a new version) that works with three different keys. This allows for the separation of access to the table of contents, the index of individual members (search), and the actual data. An additional parameter string can be used to restrict access to members, formats, and columns, allowing for different views of the data. This feature facilitates secure third-party use of the data in the cloud by anonymizing certain columns with sensitive data (credit card number, personal data)..

Die neuen Archive erlauben den vollen Zugriff mit Insert, Update, Delete und Select auf einzelne Datensätze bzw. deren Spalten. Die gesamte Lösung wurde für den Einsatz in und mit der Cloud entwickelt und sichert damit den zukünftigen Nutzen von FLAM für unsere Kunden, indem wir wie bisher die Datenmengen und Datenzugriffe reduzieren, die Sicherheit erhöhen, uns nahtlos integrieren und damit die Kosten massiv senken.

SINCE 2025 – NEW FLAM5 ARCHIVES WITH INSERT, UPDATE, DELETE, AND SEARCH – FROM VERSION 5.2

With our new FLAM5 archives, we integrate the previous full-access solution with FLAM into our archive format, which now represents its own incremental file system (each change leads to a new version) that works with 3 different keys. This makes it possible to separate access to the table of contents, the index of individual members (search), and the actual data. Using an additional parameter string that can restrict access to members, formats, and columns, various views of the data can be implemented. This serves, for example, to enable secure third-party use of data in the cloud by anonymizing certain columns with sensitive data (credit card numbers, personal data).

The new archives allow full access with insert, update, delete, and select operations on individual records or their columns. The entire solution was developed for use in and with the cloud and ensures the future utility of FLAM for our customers by continuing to reduce data volumes and data access, increasing security, integrating seamlessly, and thereby massively reducing costs.



1985 - IDEE/ERFINDUNG

A patent application has been filed for a technique for vertical (lossless) compression of statically structured data using run-length compression in columns (bytes) on the basis of self-sufficient units/matrices that are filled with data (records) of different formats (fixed/variable length). This is a method of data compression that was previously unknown in commercial IT and in various technical processes. The process is also efficient in scientific areas if the data is structured and has sufficient vertical redundancies, e.g. measurement data, data in the food industry (data due to verification obligations), etc.

1985 – IDEA/INVENTION

A technique for vertical (lossless) compression of statically structured data using run-length compression in columns (bytes) was patented. It is based on self-contained units/matrices filled with data (records) of varying formats (fixed/variable length). This is a data compression method that was previously unknown in commercial IT and various technical processes. The method is also efficient in scientific fields when the data is structured and has sufficient vertical redundancies, such as measurement data, data in the food industry (e.g., for compliance requirements), etc.



1985 – GRÜNDUNG DER LIMES DATENTECHNIK GMBH – START DER ENTWICKLUNG VON FLAM

In 1985, a company was founded at Bad Homburg v.d.H. AG to convert the patent into a marketable software product - initially for mainframe users (IBM, Siemens). The software product is given the name FLAM: Frankenstein-Limes-Access-Method. A prototype is created for presentation purposes: FLAM Version V1.0 for MVS and BS2000. This made it possible to “flambé” or “deflambé” data. All subsequent versions of the prototype FLAM Version V1.0 are fully downward compatible.

1985 – FOUNDATION OF LIMES DATENTECHNIK GMBH – BEGINNING OF FLAM DEVELOPMENT

In 1985, a company was founded at the AG Bad Homburg v.d.H. to transform the patent into a market-ready software product – initially for mainframe users (IBM, Siemens). The software product was named FLAM: Frankenstein-Limes-Access-Method. A prototype was developed for presentation purposes: FLAM Version V1.0 for MVS and BS2000. This made it possible to "flambieren" (compress) and "deflambieren" (decompress) data. All subsequent versions of the FLAM Version V1.0 prototype are fully backward compatible.



JANUAR 1986 – DIE ERSTE OFFIZIELLE FLAM-VERSION V2.0 – MIT ZUGRIFFSMETHODEN

A universal version has been released that can be ported to all systems based on structured data records (measurement, financial and administrative data as well as print, parts and address lists, job logs, etc.). A data record interface that can be integrated into applications has been created to open FLAM as an access method for sequential and index-sequential files (e.g. ISAM, VSAM). From this version onwards, FLAM can also be used as a subroutine or replacement for I/O.

JANUARY 1986 – THE FIRST OFFICIAL FLAM VERSION V2.0 – WITH ACCESS METHODS

A universal version was released that could be ported to all systems based on structured datasets (measurement, financial, administrative data as well as print, part, address lists, job logs, etc.). To enable its use as an access method for sequential and indexed sequential files (e.g., ISAM, VSAM), a dataset interface was created that could be integrated into applications. From this version onward, FLAM could also be used as a subroutine or a replacement for I/O.



SEIT 1987 – ERGÄNZUNG VON FLAM DURCH USER-EXITS – AB VERSION V2.X

User exits have been added to FLAM at the request of users. This makes it possible to access and individually influence the data at the points where input/output takes place. It is therefore not necessary to integrate FLAM into an application. Today, it is our various service provider interfaces that we offer our customers for optimum integration of FLAM here.

SINCE 1987 – EXTENSION OF FLAM WITH USER EXITS – FROM VERSION V2.X

At the request of users, FLAM was extended with user exits. This makes it possible to access data and customize it at the points where input/output occurs. It is therefore not necessary to integrate FLAM into an application. Today, we offer various service provider interfaces to our customers to ensure optimal integration of FLAM.



SEIT 1993 – KONKATENIEREN VON FLAMFILES – AB VERSION V2.X

FLAM can link any number of files (like members in a library) to a FLAMFILE during compression. Of course, not only can each individual member be accessed, but also specific self-contained units (segments/data records) within a member. When transferring data (e.g. via FTP, RVS, FTAM), only individual files can usually be transferred. Thanks to this function in FLAM, it was and is possible to combine any number of small files into one file when creating the compressed FLAMFILE.

For example, one customer has easily compressed more than 16,000 files from an old archive with FLAM and concatenated them into a FLAMFILE that can be read compatibly on all systems/platforms supported by FLAM. This makes file transfer extremely efficient if several files are to be sent to one or more addresses at the same time.

It works automatically “end-to-end”, i.e. the client system of the sender is connected to that of the receiver. Functions such as decompression/compression in the FT/server can be suppressed. The receiver therefore only has to decompress the individual member “on demand”. It can use conversion functions for this. - Encryption/decryption was added later with AES (standard).

SINCE 1993 – CONCATENATION OF FLAMFILES – FROM VERSION V2.X

FLAM can concatenate any number of files (like members in a library) into a single FLAMFILE during compression. Naturally, it is possible not only to access each individual member but also to specifically target self-contained units (segments/records) within a member. In data transfer (e.g., via FTP, RVS, FTAM), typically only individual files can be transferred. With this function in FLAM, it has become possible to combine any number of small files into a single compressed FLAMFILE.

For example, a customer easily compressed and concatenated more than 16,000 files from an old archive into a FLAMFILE that can be read compatibly on all systems/platforms supported by FLAM. This makes file transfer extremely efficient when multiple files need to be sent simultaneously to one or more addresses.

It works automatically in an "end-to-end" manner, meaning the sender's client system is connected to the receiver's system. Functions such as de-/compression in the FT/server can be suppressed. The receiver only needs to decompress the individual member "on demand." Conversion functions can also be used in this process. Later, encryption/decryption with AES (standard) was added.



SEIT 1999 – HOCH EFFIZIENTE, DYNAMISCHE KOMPRIMIERUNG – AB VERSION V3.X

After several years of research and development work, a highly efficient compression method MODE=ADC (Advanced Data Compression) for self-sufficient segments filled with any data (max. 64 KB net) was released, which enables compression in one step (straight forward). This is very important if such algorithms are to be integrated into access procedures.

Building on this, the access techniques were expanded to include a very efficient search procedure, so that compressed data can be searched without decompressing it. A bank uses these possibilities, for example, to select individual postings from a huge archive compressed with FLAM (recently even with SEPA transactions in XML format), whereby only different parts (field contents) of a posting need to be known for the search call. For DTA files (old format from German payment transactions), this bank already had a special solution with which it was possible to search very efficiently for postings in the archive created with FLAM on magnetic tapes. This was still vertically compressed and not yet encrypted with AES.

SINCE 1999 – HIGHLY EFFICIENT, DYNAMIC COMPRESSION – FROM VERSION V3.X

After several years of research and development, a highly efficient compression method called MODE=ADC (Advanced Data Compression) was released. It processes self-contained segments filled with arbitrary data (up to 64 KB net) and enables straightforward compression in a single step. This is particularly important when integrating such algorithms into access methods.

Building on this, access techniques were expanded with a very efficient search method that allows searching within compressed data without decompression. For example, a bank uses these capabilities to select individual transactions from a vast archive compressed with FLAM (now even with SEPA transactions in XML format), where only certain parts (field contents) of a transaction need to be known for the search. For DTA files (an old format from German payment transactions), the bank already had a specialized solution that enabled highly efficient searches within a FLAM-compressed archive on magnetic tapes. At that time, vertical compression was used, and AES encryption was not yet applied.



SEIT 2004 – INTEGRATION VON AES – AB VERSION 4.0

The standard AES encryption was integrated into FLAM The self-sufficient segments are encrypted with derived keys in such a way that such segments can be specifically accessed, decrypted and decompressed despite encryption as with index-sequential processing Various checks are carried out, e.g. via MACs (cryptographic checksums) The input data can also be transferred 1:1 to such a segment if the user only wants to encrypt it Members of a concatenated FLAMFILE can be handled in the same way Search procedures can also be used in such a way that decrypted (clear) segments are not used.

SINCE 2004 – INTEGRATION OF AES – FROM VERSION 4.0

The standard AES encryption was integrated into FLAM. The self-contained segments are encrypted with derived keys in such a way that, despite encryption, targeted access, decryption, and decompression of these segments are possible, similar to indexed sequential processing. Various checks are performed, e.g., via MACs (cryptographic checksums). The input data can also be transferred 1:1 into such a segment if the user only wants to encrypt it. Members of a concatenated FLAMFILE can be treated analogously. Search methods can also be applied without working with decrypted (plain text) segments.



SEIT 2006 – FKMS (FLAM KEY MANAGEMENT SYSTEM) – VERSION V1.0

The FKMS add-on product was developed to solve the problems of key generation, management and distribution (authentication) for customers who do not operate their own cryptographic infrastructure. The FKMS provides the keys for a specific FKME on the basis of a simple role concept.

SINCE 2006 – FKMS (FLAM KEY MANAGEMENT SYSTEM) – VERSION V1.0

The FKMS add-on product was developed to address the challenges of key generation, management, and distribution (authentication) for customers who do not operate their own cryptographic infrastructure. FKMS provides keys for a specific FKME based on a simple role concept.



SEIT 2014 – LOGISCHE ELEMENTE, NETZWERKFÄHIGKEIT, KOMPONENTEN UND OFFENE STANDARDS – AB VERSION 5.0/1

By generalizing the access method to elements, FLAM makes it possible  to understand logical data formats (XML, ASN1, SWIFT, etc.) for the first time - as well as physical file formats. It also becomes possible to search for elements such as a bank sort code in FLAM data or to convert between logical formats (SEPA, SWIFT, DTA). The network capability separates local compression and/or encryption from the remote storage of data in FLAM archives (secure cloud). The component model enables the rapid exchange of procedures (suites), reading from different sources (files, streams, databases), transmission via different networks (IP, SSL/TLS, MQ) and the storage of FLAM data in different repositories (file, cluster, database).

By supporting open standards such as UNICODE, GZIP, OpenPGP and Base64 for the original data, FLAM5 can read and write significantly more data formats than before. In addition to the various I/O methods, any number of different conversions can be combined with a final formatting of the data. For example, in one job step under z/OS it is possible to read a file block-oriented locally from the USS or remotely via SSH from another system, convert the data from Base64 to a binary representation, decrypt it with OpenPGP, decompress it with BZIP2, change the character set from UTF-16LE to IBM1141 and have the whole thing written with ASA control characters to a VBA or FBA file under MVS. FLAM does not require a temporary file and takes each byte/character only once, which saves a lot of computing time and temporary memory and at the same time increases security.

With the FLUC-FS, we offer all these conversion options transparently for use as a file system in user space, even on the small platforms under Unix, where you can edit the data clearly at a mount point and physically, but e.g. PGP files are written to the disk, which can be managed normally in this physical directory.

SINCE 2014 – LOGICAL ELEMENTS, NETWORK CAPABILITY, COMPONENTS, AND OPEN STANDARDS – FROM VERSION 5.0/1

By generalizing the access method to elements, FLAM makes it possible for the first time to understand not only physical file formats but also logical data formats (XML, ASN1, SWIFT, etc.) and, for example, to search for elements like a bank code in FLAM data or to convert between logical formats (SEPA, SWIFT, DTA). The network capability separates local compression and/or encryption from remote storage of the data in FLAM archives (secure cloud). The component model enables the rapid exchange of methods (suites), reading from various sources (files, streams, databases), transferring data over different networks (IP, SSL/TLS, MQ), and storing FLAM data in different repositories (file, cluster, database).

With the support of open standards such as UNICODE, GZIP, OpenPGP, and Base64 for original data, FLAM5 can read and write significantly more data formats than before. Furthermore, multiple conversions can be applied alongside various I/O methods, with final formatting of the data. For example, in a single job step under z/OS, a file can be read block-oriented locally from the USS or remotely via SSH from another system, converted from Base64 to binary representation, decrypted with OpenPGP, decompressed with BZIP2, the character set changed from UTF-16LE to IBM1141, and written with ASA control characters into a VBA or FBA file under MVS. FLAM does not require any temporary files and processes every byte/character only once, saving computing time and temporary storage while increasing security.

With FLUC-FS, we offer all these conversion options transparently for use as a file system in the user space, even on small platforms under Unix, where data can be managed clearly at a mount point. The data is processed physically but, for example, PGP files are written to the disk, which can be managed like any normal file in this physical directory.




 1984/85

Back story (before German Reunification)

A real-time backup network was to be established between Berlin and Frankfurt for the West Berlin branches of a prominent German bank. However, due to the substantial volume of data and files, as well as the network speeds at the time, this proved challenging or even unfeasible. This led to the concept of compressing the data prior to transmission. However, the methods available at the time were impractical due to the significant resources required (CPU time, RAM, etc.) and their adverse consequences (paging, elapsed time, interference with other processes, etc.).

1985

Finding the Idea

A patent application has been filed for a technique for vertical (lossless) compression of statically structured data using run-length compression in columns (bytes) on the basis of self-sufficient units/matrices that are filled with data (records) of different formats (fixed/variable length). This is a method of data compression that was previously unknown in commercial IT and in various technical processes. The process is also efficient in scientific areas if the data is structured and has sufficient vertical redundancies, e.g. measurement data, data in the food industry (data due to verification obligations), etc.

SENSATIONAL K-EFFECTS AND EXTREME PERFORMANCE

Tests showed that typical data from payment transactions at that time could be compressed by up to 95%, in industry parts lists even by up to 98.5%. In the case of measurement data with a wide spread of (binary) measurement values (possibly even floating point values plus mantissa), over 65% was still achieved, e.g. in the weather service. The method can be implemented extremely efficiently as a software solution for data of this type, especially for the mainframe version coded in assembler.

1985​

FOUNDATION OF LIMES DATENTECHNIK GMBH - START OF THE DEVELOPMENT OF FLAM (1985)

In 1985, a company was founded at Bad Homburg v.d.H. AG to convert the patent into a marketable software product - initially for mainframe users (IBM, Siemens). The software product is given the name FLAM: Frankenstein-Limes-Access-Method. A prototype is created for presentation purposes: FLAM Version V1.0 for MVS and BS2000. This made it possible to “flambé” or “deflambé” data. All subsequent versions of the prototype FLAM Version V1.0 are fully downward compatible.

JANUAR 1986

THE FIRST OFFICIAL FLAM VERSION V2.0 - WITH ACCESS METHODS

A universal version has been released that can be ported to all systems based on structured data records (measurement, financial and administrative data as well as print, parts and address lists, job logs, etc.). A data record interface that can be integrated into applications has been created to open FLAM as an access method for sequential and index-sequential files (e.g. ISAM, VSAM). From this version onwards, FLAM can also be used as a subroutine or replacement for I/O.

CONTRACT SIGNED WITH ONE OF THE LARGEST BANKS

The bank had more than 40 data centers with different platforms and database systems. Compression software was essential for the nightly synchronization of changes in these databases. This order still exists today. The range of applications within the Group has grown and continues to grow.

Since 1986

COMPATIBLE FLAM VERSIONS FOR 60 PLATFORMS - ONGOING DEVELOPMENT (SINCE 1986)

From 1986 to the present day, FLAM has been implemented for 60 compatible platforms. This has made it possible to declare FLAM the standard in various data exchange procedures, e.g. in clearing procedures. A large number of conversion problems had to be solved in order to ensure the compatibility of characters, fields, formats etc. as well as a transmission-compatible format of the FLAMFILE for the respective FT product/procedure. In payment transactions, this also included a format that remains printable despite compression and can be converted as a text file for file transfer (EBCDIC <=> ASCII).

In addition to the very many platforms required for the standard in payment transactions, switching systems (switches) in global mobile networks were added for the backup (local) and transmission of measurement data to central IT systems for the international clearing of measurement and billing data (billing records) from network operators and providers as well as their platforms for further processing, making FLAM the standard in the GSM network as well. FLAM quickly became widespread in the banking industry, not only among institutions, their associations and publishers, but also among service providers associated with the banking, stock exchange and credit sectors. The clearing of card operators and the handling of cards for orders and authentication were added to this.

FLAM users no longer need to know which computer system the “reader” has or will have in order to process a FLAMFILE created with FLAM. This means that FLAMFILEs can also be decompressed that were created on a system that no longer exists. When decompressing, FLAM uses the character encoding and data formatting that are standard for the respective system. It is also possible to control a converted output according to your own specifications. This also applies to archived original files from the “past of the IT world”, which are merely converted with FLAM.

Since 1987

SUPPLEMENTING FLAM WITH USER EXITS – FROM VERSION V2.X

User exits have been added to FLAM at the request of users. This makes it possible to access and individually influence the data at the points where input/output takes place. It is therefore not necessary to integrate FLAM into an application. Today, it is our various service provider interfaces that we offer our customers for optimum integration of FLAM here.

 Since 1992 

FLAM AS A SUBSYSTEM FOR MVS (IBM MAINFRAME) – FROM VERSION V2.X

To simplify the integration of FLAM into applications and make it completely transparent, a subsystem for accessing the DMS (Data Management System) of the MVS has been developed so that FLAM can be integrated like an I/O driver between the application and MVS (additional product). The parameter “SUBSYS=FLAM” in the DD statement is sufficient. Integration can take place in applications with sequential as well as index-sequential processing.

A major customer immediately used this for the daily processing of mass data - in the form of hundreds of VSAM files. In the process, some fundamental VSAM problems were solved en passant in favor of this access method. The effects in terms of saving CPU time, disk space and latency in a complex process were and are sensational. This is solely due to the fact that compression takes place in self-sufficient units (matrices), whereby even variable-length records are permitted. FLAM works with its own, highly optimized VSAM key management, which also allows repetitions in the application's original key.

Since 1993

CONCATENATING FLAMFILES – FROM VERSION V2.X

FLAM can link any number of files (like members in a library) to a FLAMFILE during compression. Of course, not only can each individual member be accessed, but also specific self-contained units (segments/data records) within a member. When transferring data (e.g. via FTP, RVS, FTAM), only individual files can usually be transferred. Thanks to this function in FLAM, it was and is possible to combine any number of small files into one file when creating the compressed FLAMFILE.

For example, one customer has easily compressed more than 16,000 files from an old archive with FLAM and concatenated them into a FLAMFILE that can be read compatibly on all systems/platforms supported by FLAM. This makes file transfer extremely efficient if several files are to be sent to one or more addresses at the same time.

It works automatically “end-to-end”, i.e. the client system of the sender is connected to that of the receiver. Functions such as decompression/compression in the FT/server can be suppressed. The receiver therefore only has to decompress the individual member “on demand”. It can use conversion functions for this. - Encryption/decryption was added later with AES (standard).

FLAM allows working IN BACKUP-RESTART MODE

A special application for encrypted data exchange required a solution in which the file to be transmitted, of any size, would not require the entire transmission to be repeated in the event of interruptions due to faults, as a fully integrable process including compression and encryption. By forming self-sufficient units, this was no problem with FLAM. You can fall back on such a self-sufficient unit that has already been compressed and encrypted and simply repeat the entire process.

Since 1999

HIGHLY EFFICIENT DYNAMIC COMPRESSION – FROM VERSION V3.X

After several years of research and development work, a highly efficient compression method MODE=ADC (Advanced Data Compression) for self-sufficient segments filled with any data (max. 64 KB net) was released, which enables compression in one step (straight forward). This is very important if such algorithms are to be integrated into access procedures.

Building on this, the access techniques were expanded to include a very efficient search procedure, so that compressed data can be searched without decompressing it. A bank uses these possibilities, for example, to select individual postings from a huge archive compressed with FLAM (recently even with SEPA transactions in XML format), whereby only different parts (field contents) of a posting need to be known for the search call. For DTA files (old format from German payment transactions), this bank already had a special solution with which it was possible to search very efficiently for postings in the archive created with FLAM on magnetic tapes. This was still vertically compressed and not yet encrypted with AES.

Since 2000

SERIAL AND PARALLEL SPLITTING

In order to limit the amount of data to be transferred at once for large files and to make better use of parallel transmission paths, parallel and serial splitting of FLAMFILES was introduced at the customer's request when they were created.

Since 2004

INTEGRATION OF AES – FROM VERSION 4.0 ​

AES encryption has been integrated into FLAM by default. In this process, the self-contained segments are encrypted with derived keys in such a way that, despite the encryption, the segments can be accessed, decrypted and decompressed - just like you would with index-sequential processing. Various checks are performed, for example using MACs (cryptographic checksums). The input data can also be copied 1:1 into such a segment if the user wishes to merely encrypt. Members of a concatenated FLAMFILE can be treated analogously. Search procedures can also be applied in such a way that decrypted (clear) segments are not used.

Since 2005

ACCESSIBLE TO EVERY KEY MANAGEMENT VIA FKME – STARTING WITH VERSION 4.1

It is possible to easily adapt any encryption method and key management system. The FKME (FLAM Key Management Extension) is used for this purpose. This also makes it possible to link FLAM with an existing HSM (Hardware Security Module) in the respective system. If the user needs to change the key and/or the encryption method, it is sufficient to restrict the change to the header of the FLAMFILE. The encrypted segments/members including MACs only need to be copied. A PCIDSS-compliant solution for ordering debit and credit cards, for example, was created via this service provider interface and is now in use worldwide.

Since 2006

FKMS (FLAM KEY MANAGEMENT SYSTEM) – VERSION V1.0

The FKMS add-on product was developed to solve the problems of key generation, management and distribution (authentication) for customers who do not operate their own cryptographic infrastructure. The FKMS provides the keys for a specific FKME on the basis of a simple role concept.

Since 2012

INTEGRATION OF ENCRYPTION TECHNOLOGY IN FLAM-SUB – FROM VERSION V4.4

This procedure can be integrated into an application via the FLAM subsystem on z/OS, for example; FLAM offers the corresponding interfaces on other platforms. This provides a perfect solution that ensures that plain text data does not leave the respective application when it is created and is also not decrypted outside an application. It is therefore only ever necessary to decrypt and decompress when the plaintext data is actually needed within the respective application, without the application being aware of this. This is the most secure solution for end-to-end security. The user thus (over)fulfills the requirements of the PCIDSS (Payment Card Industry Data Security Standard).

Since 2014

LOGICAL ELEMENTS, NETWORK CAPABILITY, COMPONENTS AND OPEN STANDARDS – FROM VERSION 5.0/1​

By generalizing the access method to elements, FLAM makes it possible  to understand logical data formats (XML, ASN1, SWIFT, etc.) for the first time - as well as physical file formats. It also becomes possible to search for elements such as a bank sort code in FLAM data or to convert between logical formats (SEPA, SWIFT, DTA). The network capability separates local compression and/or encryption from the remote storage of data in FLAM archives (secure cloud). The component model enables the rapid exchange of procedures (suites), reading from different sources (files, streams, databases), transmission via different networks (IP, SSL/TLS, MQ) and the storage of FLAM data in different repositories (file, cluster, database).

By supporting open standards such as UNICODE, GZIP, OpenPGP and Base64 for the original data, FLAM5 can read and write significantly more data formats than before. In addition to the various I/O methods, any number of different conversions can be combined with a final formatting of the data. For example, in one job step under z/OS it is possible to read a file block-oriented locally from the USS or remotely via SSH from another system, convert the data from Base64 to a binary representation, decrypt it with OpenPGP, decompress it with BZIP2, change the character set from UTF-16LE to IBM1141 and have the whole thing written with ASA control characters to a VBA or FBA file under MVS. FLAM does not require a temporary file and takes each byte/character only once, which saves a lot of computing time and temporary memory and at the same time increases security.

With the FLUC-FS, we offer all these conversion options transparently for use as a file system in user space, even on the small platforms under Unix, where you can edit the data clearly at a mount point and physically, but e.g. PGP files are written to the disk, which can be managed normally in this physical directory.

Since 2025

NEW FLAM5 ARCHIVES WITH INSERT, UPDATE, DELETE AND SEARCH – FROM VERSION 5.2 1​

With our new FLAM5 archives, we have integrated the previous full-access solution with FLAM into our archive format. The new format now represents its own incremental file system (each change leads to a new version) that works with three different keys. This allows for the separation of access to the table of contents, the index of individual members (search), and the actual data. An additional parameter string can be used to restrict access to members, formats, and columns, allowing for different views of the data. This feature facilitates secure third-party use of the data in the cloud by anonymizing certain columns with sensitive data (credit card number, personal data)..

The new archives provide full access for insert, update, delete, and select operations on individual records and their columns.The entire solution has been developed for use in and with the cloud, ensuring the continued benefits of FLAM for our customers.We continue to reduce data volumes and data access, increase security, integrate seamlessly, and significantly reduce costs.

In conclusion

The basis of all these developments is and remains the use of autarke Einheit, which started it all in 1985, because vertical (column-wise) compression of structured data would otherwise not have been practicable.