187 lines
12 KiB
HTML
187 lines
12 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
<!DOCTYPE html
|
|||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
<meta name="security" content="public" />
|
|||
|
<meta name="Robots" content="index,follow" />
|
|||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
<meta name="DC.Type" content="concept" />
|
|||
|
<meta name="DC.Title" content="4764 and 4758 Cryptographic Coprocessors" />
|
|||
|
<meta name="abstract" content="IBM offers two Cryptographic Coprocessors, which are available on a variety of server models." />
|
|||
|
<meta name="description" content="IBM offers two Cryptographic Coprocessors, which are available on a variety of server models." />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcoverview.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajchwconcepts.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcfeatures.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcscen4758.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcplan4758.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcsetup.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcmigrate4758.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcworking.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzajcconcepts.htm" />
|
|||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
<meta name="DC.Identifier" content="rzajcco4758" />
|
|||
|
<meta name="DC.Language" content="en-us" />
|
|||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
<!-- US Government Users Restricted Rights -->
|
|||
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
<title>4764 and 4758 Cryptographic Coprocessors</title>
|
|||
|
</head>
|
|||
|
<body id="rzajcco4758"><a name="rzajcco4758"><!-- --></a>
|
|||
|
<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
<h1 class="topictitle1">4764 and 4758 Cryptographic Coprocessors</h1>
|
|||
|
<div><p>IBM<sup>®</sup> offers
|
|||
|
two Cryptographic Coprocessors, which are available on a variety of server
|
|||
|
models.</p>
|
|||
|
<div class="p">The IBM 4764
|
|||
|
Cryptographic Coprocessor is available on eServer™ i5 models as hardware feature
|
|||
|
code 4806. Depending on the model of server you have, the following table
|
|||
|
shows the maximum number of Cryptographic Coprocessors supported:
|
|||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Supported
|
|||
|
number of 4764 Cryptographic Coprocessors</caption><thead align="left"><tr><th align="center" valign="top" id="d0e37"> server models</th>
|
|||
|
<th align="center" valign="top" id="d0e39">Maximum per server</th>
|
|||
|
<th align="center" valign="top" id="d0e41">Maximum per partition</th>
|
|||
|
</tr>
|
|||
|
</thead>
|
|||
|
<tbody><tr><td valign="top" headers="d0e37 ">eServer i5 Models 570 8/12/16W, 595</td>
|
|||
|
<td align="center" valign="top" headers="d0e39 ">32</td>
|
|||
|
<td align="center" valign="top" headers="d0e41 ">8</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e37 ">eServer i5 Models 520, 550, 570 2/4W</td>
|
|||
|
<td align="center" valign="top" headers="d0e39 ">8</td>
|
|||
|
<td align="center" valign="top" headers="d0e41 ">8</td>
|
|||
|
</tr>
|
|||
|
</tbody>
|
|||
|
</table>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<div class="p">The IBM 4758-023
|
|||
|
Cryptographic Coprocessor is available on eServer i5 servers as hardware feature
|
|||
|
code 4801. Depending on the model of server you have, the following number
|
|||
|
of Cryptographic Coprocessors are supported:
|
|||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. Supported number
|
|||
|
of 4758 Cryptographic Coprocessors</caption><thead align="left"><tr><th align="center" valign="top" width="32.996632996633%" id="d0e79"> server models</th>
|
|||
|
<th align="center" valign="top" width="33.670033670033675%" id="d0e81">Maximum per server</th>
|
|||
|
<th align="center" valign="top" width="33.33333333333333%" id="d0e83">Maximum per partition</th>
|
|||
|
</tr>
|
|||
|
</thead>
|
|||
|
<tbody><tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer Models 840, 870, 890 and eServer i5
|
|||
|
Models 570 8/12/16W, 595</td>
|
|||
|
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">32</td>
|
|||
|
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">8</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer Models 810, 820, 825, 830 and eServer i5
|
|||
|
Models 520, 550, 570 2/4W</td>
|
|||
|
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">8</td>
|
|||
|
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">8</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer i5 Model 800</td>
|
|||
|
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">4</td>
|
|||
|
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">4</td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer i5 Model 270</td>
|
|||
|
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">3</td>
|
|||
|
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">3</td>
|
|||
|
</tr>
|
|||
|
</tbody>
|
|||
|
</table>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<div class="p">The Cryptographic Coprocessors can be used to augment your server in the
|
|||
|
following ways:<ul><li>You can use a Cryptographic Coprocessor to implement a broad range of i5/OS™ based
|
|||
|
applications. Examples are applications for performing financial PIN transactions,
|
|||
|
bank-to-clearing-house transactions, EMV transactions for integrated circuit
|
|||
|
(chip) based credit cards, and basic SET™ block processing. To do this, you or
|
|||
|
an applications provider must write an application program, using a security
|
|||
|
programming interface (SAPI) to access the security services of your Cryptographic
|
|||
|
Coprocessor. The SAPI for the Cryptographic Coprocessor conforms to IBM’s
|
|||
|
Common Cryptographic Architecture (CCA). The SAPI is contained in the CCA
|
|||
|
Cryptographic Service Provider (CCA CSP) which is delivered as i5/OS Option
|
|||
|
35.<p>To meet capacity and availability requirements, an application can control
|
|||
|
up to eight Coprocessors. The application must control access to individual
|
|||
|
Coprocessor by using the Cryptographic_Resource_Allocate (CSUACRA) and Cryptographic_Resource_Deallocate
|
|||
|
(CSUACRD) CCA APIs.</p>
|
|||
|
</li>
|
|||
|
<li>You can use a Cryptographic Coprocessor along with DCM to generate and
|
|||
|
store private keys associated with SSL digital certificates. A Cryptographic
|
|||
|
Coprocessor provides a performance assist enhancement by handling SSL private
|
|||
|
key processing during SSL session establishment.</li>
|
|||
|
<li>When using multiple Coprocessors, DCM configuration gives you the following
|
|||
|
options for using hardware to generate and store the private key associated
|
|||
|
with a digital certificate.<ol><li>Private key generated in hardware and stored (i.e., retained) in hardware.
|
|||
|
With this option the private key never leaves the Coprocessor, and thus the
|
|||
|
private key cannot be used or shared with another Coprocessor. This means
|
|||
|
that you and your application have to manage multiple private keys and certificates.</li>
|
|||
|
<li>Private key generated in hardware and stored in software (i.e., stored
|
|||
|
in a key store file). This option allows a single private key to be shared
|
|||
|
amongst multiple Coprocessors. A requirement is that each Coprocessor must
|
|||
|
share the same master key—you can use “Clone master keys” to set up your Coprocessors
|
|||
|
to have the same master key. The private key is generated in one of the Coprocessors
|
|||
|
and is then saved in the key store file, encrypted under the master key of
|
|||
|
that Coprocessor. Any Coprocessor with an identical master key can use that
|
|||
|
private key.</li>
|
|||
|
</ol>
|
|||
|
</li>
|
|||
|
</ul>
|
|||
|
See “Manage multiple Cryptographic Coprocessors” on page 175 for more
|
|||
|
information regarding the management of multiple cryptographic coprocessors.
|
|||
|
[Links to related pages here:]<ul><li>Features: Cryptographic Coprocessors contain hardware engines, which perform
|
|||
|
cryptographic operations used by i5/OS application programs and i5/OS SSL transactions.
|
|||
|
Each IBM Cryptographic
|
|||
|
Coprocessor contains a tamper-resistant hardware security module (HSM) which
|
|||
|
provides secure storage for store master keys. The HSM is designed to meet
|
|||
|
FIPS 140 security requirements. To meet your capacity and high availability
|
|||
|
needs, multiple Cryptographic Coprocessors are supported. The features information
|
|||
|
describes in greater detail what the Cryptographic Coprocessors and CCA CSP
|
|||
|
have to offer.</li>
|
|||
|
<li>Requirements: Your server must meet some requirements before you can install
|
|||
|
and use a Cryptographic Coprocessor. Use the requirements page to determine
|
|||
|
whether you are ready to install and use a Cryptographic Coprocessor on your
|
|||
|
server.</li>
|
|||
|
<li>Cryptography concepts: Depending on your familiarity with cryptography,
|
|||
|
you may need more information about a term or concept. This page introduces
|
|||
|
you to some basic cryptographic concepts.</li>
|
|||
|
<li>Related information: See Related information for additional sources of
|
|||
|
cryptography information recommended by IBM.</li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<div>
|
|||
|
<ul class="ullinks">
|
|||
|
<li class="ulchildlink"><strong><a href="rzajchwconcepts.htm">Cryptographic hardware concepts</a></strong><br />
|
|||
|
To better understand how to maximize your usage of cryptography and cryptographic hardware options with your system, read these basic concepts regarding cryptographic hardware.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcfeatures.htm">Features</a></strong><br />
|
|||
|
Cryptographic Coprocessors provide cryptographic processing capability
|
|||
|
and a means to securely store cryptographic keys. Cryptographic functions
|
|||
|
supported include encryption for keeping data confidential, message digests
|
|||
|
and message authentication codes for ensuring that data has not been changed,
|
|||
|
and digital signature generation and verification. In addition, the Coprocessors
|
|||
|
provide a rich set of basic services for financial PIN, EMV, and SET applications.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcscen4758.htm">Cryptographic Coprocessor scenarios</a></strong><br />
|
|||
|
To give you some ideas of how you can use this cryptographic hardware with your system, read these usage scenarios.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcplan4758.htm">Plan for the Cryptographic Coprocessor</a></strong><br />
|
|||
|
This information is pertinent to those planning to install an IBM Cryptographic
|
|||
|
Coprocessor in their server.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcsetup.htm">Configure the Cryptographic Coprocessor</a></strong><br />
|
|||
|
Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcmigrate4758.htm">Migrate to the Cryptographic Coprocessor</a></strong><br />
|
|||
|
If you have worked with cryptography before, you may have a requirement to migrate from a previous cryptography product to the 4764 or 4758 Cryptographic Coprocessor.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzajcworking.htm">Manage the Cryptographic Coprocessor</a></strong><br />
|
|||
|
After you set up your Cryptographic Coprocessor, you can begin writing programs to make use of your Cryptographic Coprocessor's cryptographic functions.</li>
|
|||
|
</ul>
|
|||
|
|
|||
|
<div class="familylinks">
|
|||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcoverview.htm" title="IBM offers cryptography solutions for customers who require a high level of security.">Cryptography</a></div>
|
|||
|
</div>
|
|||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|||
|
<div><a href="rzajcconcepts.htm" title="This article provides a basic understanding of cryptographic function and an overview of the server's cryptographic services">Cryptography concepts</a></div>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<img src="./deltaend.gif" alt="End of change" /></body>
|
|||
|
</html>
|