IBM Z10 EC TKE 5.3 workstation and support for Smart Card Reader, Enhancement with TKE 5.3 LIC

Page 37

TKE 5.3 workstation and continued support for Smart Card

Reader

The Trusted Key Entry (TKE) workstation and the TKE

5.3level of Licensed Internal Code are optional features on the System z10 EC. The TKE 5.3 Licensed Internal Code (LIC) is loaded on the TKE workstation prior to ship- ment. The TKE workstation offers security-rich local and remote key management, providing authorized persons a method of operational and master key entry, identifi cation, exchange, separation, and update. The TKE workstation supports connectivity to an Ethernet Local Area Network (LAN) operating at 10 or 100 Mbps. Up to ten TKE work- stations can be ordered.

Enhancement with TKE 5.3 LIC

The TKE 5.3 level of LIC includes support for the AES encryption algorithm, adds 256-bit master keys, and includes the master key management functions required to load or generate AES master keys to cryptographic copro- cessors in the host.

Also included is an imbedded screen capture utility to permit users to create and to transfer TKE master key entry instructions to diskette or DVD. Under ‘Service Manage- ment’ a “Manage Print Screen Files” utility will be available to all users.

The TKE workstation and TKE 5.3 LIC are available on the z10 EC, z10 BC, z9 EC, and z9 BC.

TKE 5.3 LIC has added the capability to store key parts on DVD-RAMs and continues to support the ability to store key parts on paper, or optionally on a smart card. TKE 5.3 LIC has limited the use of fl oppy diskettes to read-only. The TKE 5.3 LIC can remotely control host cryptographic coprocessors using a password-protected authority signa- ture key pair either in a binary fi le or on a smart card.

The Smart Card Reader, attached to a TKE workstation with the 5.3 level of LIC will support System z10 BC, z10 EC, z9 EC, and z9 BC. However, TKE workstations with 5.0, 5.1 and 5.2 LIC must be upgraded to TKE 5.3 LIC.

TKE additional smart cards

You have the capability to order Java-based blank smart cards which offers a highly effi cient cryptographic and data management application built-in to read-only memory for storage of keys, certifi cates, passwords, applications, and data. The TKE blank smart cards are compliant with FIPS 140-2 Level 2. When you place an order for a quantity of one, you are shipped 10 smart cards.

System z10 EC cryptographic migration:

Clients using a User Defi ned Extension (UDX) of the Common Cryptographic Architecture should contact their UDX provider for an application upgrade before order- ing a new System z10 EC machine; or before planning to migrate or activate a UDX application to fi rmware driver level 73 and higher.

Smart Card Reader

Support for an optional Smart Card Reader attached to the TKE 5.3 workstation allows for the use of smart cards that contain an embedded microprocessor and associated memory for data storage. Access to and the use of con-

dential data on the smart cards is protected by a user- defi ned Personal Identifi cation Number (PIN).

The Crypto Express2 feature is supported on the System z9 and can be carried forward on an upgrade to the System z10 EC

You may continue to use TKE workstations with 5.3 licensed internal code to control the System z10 EC

TKE 5.0 and 5.1 workstations may be used to control z9 EC, z9 BC, z890, and z990 servers

37

Page 36 Page 38
Image 37
Page 36 Page 38
Contents IBM System z10 Enterprise Class z10 EC Reference Guide Table of Contents IBM System z10 Enterprise Class z10 EC Overview Specialty engines offer an attractive alternative Just-in-time deployment of IT resourcesNumerical computing on the chip Order of introductionLiberating your assets with System z ArchitectureEvolving for your business Z10 EC ArchitecturePage Commitment to system integrity Page TPF VSELinux on System z Operating System ESA/390 Z10 ECPage Page Z10 EC Design and Technology Z10 EC Model Z10 EC Base and Sub-capacity Offerings Z10 EC model upgradesLarge System Performance Reference Z10 EC PerformanceCPU Measurement Facility System I/O Configuration Analyzer Z10 EC I/O SubsystemZ10 EC Channels and I/O Connectivity Ficon Express4 and Ficon Express2 Performance Concurrent UpdateSupport of Spanned Channels and Logical Partitions Modes of OperationFCP Channels Ficon Support for Cascaded DirectorsFCP increased performance for small block sizes FCP Full fabric connectivity Scsi IPL now a base functionFicon and FCP for connectivity to disk, tape, and printers Platform and name server registration in Ficon channelIt will register Program Directed re-IPL NPort ID VirtualizationOSA-Express3 Ethernet features Summary of benefits Feature Infrastructure Ports perPort density or granularity OSA-Express2 availability FeaturesPurpose/Traffic TypeOSA-Express3 Gigabit Ethernet LX OSA-Express3 10 Gigabit Ethernet SROSA-Express3 Gigabit Ethernet SX Four-port exploitation on OSA-Express3 GbE SX and LXDynamic LAN idle for z/OS Network Traffic AnalyzerLayer 2 transport mode When would it be used? Link aggregation for z/VM in Layer 2 modeOSA Layer 3 Virtual MAC for z/OS Direct Memory Access DMAHardware data router IBM Communication Controller for Linux CCLRemove L2/L3 LPAR-to-LPAR Restriction OSA Integrated Console ControllerOSA/SF Virtual MAC and Vlan id Display Capability HiperSockets HiperSockets Enhancement for zIIP Exploitation Can Do IT securely Security CryptographyCP Assist for Cryptographic Function Cpacf Configurable Crypto Express2 Secure Key AES Dynamically add crypto to a logical partitionEnhancement with TKE 5.3 LIC TKE 5.3 workstation and support for Smart Card ReaderTKE additional smart cards System z10 EC cryptographic migrationRemote Key Loading Benefits Remote Loading of Initial ATM KeysImproved Key Exchange With Non-CCA Cryptographic Systems Capacity on Demand Temporary Capacity On Demand CapabilitiesAmendment for CBU Tests Capacity Provisioning System z9 System z10 OS Capacity provisioning allows you to set up rulesRAS Design Focus Reliability, Availability, and Serviceability RASHardware System Area HSA Availability FunctionsEnhanced Book Availability Concurrent Physical Memory Replacement Concurrent Physical Memory UpgradeConcurrent Defective Book Replacement Enhanced Driver MaintenancePlan Ahead Memory Transparent SparingPower Monitoring Service EnhancementsPower Estimation Tool Environmental EnhancementsIBM Systems Director Active Energy Manager Parallel Sysplex Cluster TechnologyCoupling Facility Control Code Cfcc Level Improved service time with Coupling Facility DuplexSystem-Managed CF Structure Duplexing Coupling Facility Configuration AlternativesParallel Sysplex Coupling Connectivity Coupling Connectivity for Parallel Sysplex Introducing long reach InfiniBand coupling linksZ10 EC Max Z10 Coupling Link OptionsServer Time Protocol STP Time synchronization and time accuracy on z10 ECPreview Improved STP System Management with Continuous availability of NTP servers used as Exter Enhanced Network Time Protocol NTP client supportNTP server on Hardware Management Console HMC Enhanced STP recovery when Internal Battery FeatureApplication Programming Interface API to automate Internal Battery Feature Recommendation Family Machine Type HMC System SupportInternet Protocol, Version 6 IPv6 HMC/SE Console MessengerHMC z/VM Tower systems management enhancements Gdps Implementation Services for Parallel SysplexFiber Quick Connect for Ficon LX Environments Z10 EC Dimensions Z9 EC Number of Frames 2 Frame Z10 EC Physical Characteristics Z10 EC Configuration DetailZ10 EC Environmentals Model O Cage Model O CageOSA-Express3 and OSA-Express2 Features Min Max Processor Unit Features ModelCPs IFLs ICFsGeneral Information Z9 BC Coupling Facility CF Level of SupportStatement of Direction Following Redbook publications are available now PublicationsResource Link ZSO03018-USEN-02
Top Page Image Contents