friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcco4758.htm

187 lines
12 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="4764 and 4758 Cryptographic Coprocessors" />
<meta name="abstract" content="IBM offers two Cryptographic Coprocessors, which are available on a variety of server models." />
<meta name="description" content="IBM offers two Cryptographic Coprocessors, which are available on a variety of server models." />
<meta name="DC.Relation" scheme="URI" content="rzajcoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajchwconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcfeatures.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcscen4758.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcplan4758.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcsetup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcmigrate4758.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcworking.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcconcepts.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajcco4758" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>4764 and 4758 Cryptographic Coprocessors</title>
</head>
<body id="rzajcco4758"><a name="rzajcco4758"><!-- --></a>
<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">4764 and 4758 Cryptographic Coprocessors</h1>
<div><p>IBM<sup>®</sup> offers
two Cryptographic Coprocessors, which are available on a variety of server
models.</p>
<div class="p">The IBM 4764
Cryptographic Coprocessor is available on eServer™ i5 models as hardware feature
code 4806. Depending on the model of server you have, the following table
shows the maximum number of Cryptographic Coprocessors supported:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Supported
number of 4764 Cryptographic Coprocessors</caption><thead align="left"><tr><th align="center" valign="top" id="d0e37"> server models</th>
<th align="center" valign="top" id="d0e39">Maximum per server</th>
<th align="center" valign="top" id="d0e41">Maximum per partition</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e37 ">eServer i5 Models 570 8/12/16W, 595</td>
<td align="center" valign="top" headers="d0e39 ">32</td>
<td align="center" valign="top" headers="d0e41 ">8</td>
</tr>
<tr><td valign="top" headers="d0e37 ">eServer i5 Models 520, 550, 570 2/4W</td>
<td align="center" valign="top" headers="d0e39 ">8</td>
<td align="center" valign="top" headers="d0e41 ">8</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="p">The IBM 4758-023
Cryptographic Coprocessor is available on eServer i5 servers as hardware feature
code 4801. Depending on the model of server you have, the following number
of Cryptographic Coprocessors are supported:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. Supported number
of 4758 Cryptographic Coprocessors</caption><thead align="left"><tr><th align="center" valign="top" width="32.996632996633%" id="d0e79"> server models</th>
<th align="center" valign="top" width="33.670033670033675%" id="d0e81">Maximum per server</th>
<th align="center" valign="top" width="33.33333333333333%" id="d0e83">Maximum per partition</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer Models 840, 870, 890 and eServer i5
Models 570 8/12/16W, 595</td>
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">32</td>
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">8</td>
</tr>
<tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer Models 810, 820, 825, 830 and eServer i5
Models 520, 550, 570 2/4W</td>
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">8</td>
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">8</td>
</tr>
<tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer i5 Model 800</td>
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">4</td>
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">4</td>
</tr>
<tr><td valign="top" width="32.996632996633%" headers="d0e79 ">eServer i5 Model 270</td>
<td align="center" valign="top" width="33.670033670033675%" headers="d0e81 ">3</td>
<td align="center" valign="top" width="33.33333333333333%" headers="d0e83 ">3</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="p">The Cryptographic Coprocessors can be used to augment your server in the
following ways:<ul><li>You can use a Cryptographic Coprocessor to implement a broad range of i5/OS™ based
applications. Examples are applications for performing financial PIN transactions,
bank-to-clearing-house transactions, EMV transactions for integrated circuit
(chip) based credit cards, and basic SET™ block processing. To do this, you or
an applications provider must write an application program, using a security
programming interface (SAPI) to access the security services of your Cryptographic
Coprocessor. The SAPI for the Cryptographic Coprocessor conforms to IBMs
Common Cryptographic Architecture (CCA). The SAPI is contained in the CCA
Cryptographic Service Provider (CCA CSP) which is delivered as i5/OS Option
35.<p>To meet capacity and availability requirements, an application can control
up to eight Coprocessors. The application must control access to individual
Coprocessor by using the Cryptographic_Resource_Allocate (CSUACRA) and Cryptographic_Resource_Deallocate
(CSUACRD) CCA APIs.</p>
</li>
<li>You can use a Cryptographic Coprocessor along with DCM to generate and
store private keys associated with SSL digital certificates. A Cryptographic
Coprocessor provides a performance assist enhancement by handling SSL private
key processing during SSL session establishment.</li>
<li>When using multiple Coprocessors, DCM configuration gives you the following
options for using hardware to generate and store the private key associated
with a digital certificate.<ol><li>Private key generated in hardware and stored (i.e., retained) in hardware.
With this option the private key never leaves the Coprocessor, and thus the
private key cannot be used or shared with another Coprocessor. This means
that you and your application have to manage multiple private keys and certificates.</li>
<li>Private key generated in hardware and stored in software (i.e., stored
in a key store file). This option allows a single private key to be shared
amongst multiple Coprocessors. A requirement is that each Coprocessor must
share the same master key—you can use “Clone master keys” to set up your Coprocessors
to have the same master key. The private key is generated in one of the Coprocessors
and is then saved in the key store file, encrypted under the master key of
that Coprocessor. Any Coprocessor with an identical master key can use that
private key.</li>
</ol>
</li>
</ul>
See “Manage multiple Cryptographic Coprocessors” on page 175 for more
information regarding the management of multiple cryptographic coprocessors.
[Links to related pages here:]<ul><li>Features: Cryptographic Coprocessors contain hardware engines, which perform
cryptographic operations used by i5/OS application programs and i5/OS SSL transactions.
Each IBM Cryptographic
Coprocessor contains a tamper-resistant hardware security module (HSM) which
provides secure storage for store master keys. The HSM is designed to meet
FIPS 140 security requirements. To meet your capacity and high availability
needs, multiple Cryptographic Coprocessors are supported. The features information
describes in greater detail what the Cryptographic Coprocessors and CCA CSP
have to offer.</li>
<li>Requirements: Your server must meet some requirements before you can install
and use a Cryptographic Coprocessor. Use the requirements page to determine
whether you are ready to install and use a Cryptographic Coprocessor on your
server.</li>
<li>Cryptography concepts: Depending on your familiarity with cryptography,
you may need more information about a term or concept. This page introduces
you to some basic cryptographic concepts.</li>
<li>Related information: See Related information for additional sources of
cryptography information recommended by IBM.</li>
</ul>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzajchwconcepts.htm">Cryptographic hardware concepts</a></strong><br />
To better understand how to maximize your usage of cryptography and cryptographic hardware options with your system, read these basic concepts regarding cryptographic hardware.</li>
<li class="ulchildlink"><strong><a href="rzajcfeatures.htm">Features</a></strong><br />
Cryptographic Coprocessors provide cryptographic processing capability
and a means to securely store cryptographic keys. Cryptographic functions
supported include encryption for keeping data confidential, message digests
and message authentication codes for ensuring that data has not been changed,
and digital signature generation and verification. In addition, the Coprocessors
provide a rich set of basic services for financial PIN, EMV, and SET applications.</li>
<li class="ulchildlink"><strong><a href="rzajcscen4758.htm">Cryptographic Coprocessor scenarios</a></strong><br />
To give you some ideas of how you can use this cryptographic hardware with your system, read these usage scenarios.</li>
<li class="ulchildlink"><strong><a href="rzajcplan4758.htm">Plan for the Cryptographic Coprocessor</a></strong><br />
This information is pertinent to those planning to install an IBM Cryptographic
Coprocessor in their server.</li>
<li class="ulchildlink"><strong><a href="rzajcsetup.htm">Configure the Cryptographic Coprocessor</a></strong><br />
Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations.</li>
<li class="ulchildlink"><strong><a href="rzajcmigrate4758.htm">Migrate to the Cryptographic Coprocessor</a></strong><br />
If you have worked with cryptography before, you may have a requirement to migrate from a previous cryptography product to the 4764 or 4758 Cryptographic Coprocessor.</li>
<li class="ulchildlink"><strong><a href="rzajcworking.htm">Manage the Cryptographic Coprocessor</a></strong><br />
After you set up your Cryptographic Coprocessor, you can begin writing programs to make use of your Cryptographic Coprocessor's cryptographic functions.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcoverview.htm" title="IBM offers cryptography solutions for customers who require a high level of security.">Cryptography</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajcconcepts.htm" title="This article provides a basic understanding of cryptographic function and an overview of the server's cryptographic services">Cryptography concepts</a></div>
</div>
</div>
<img src="./deltaend.gif" alt="End of change" /></body>
</html>
Reference in New Issue View Git Blame Copy Permalink