Draft Document for Review April 7, 2004 6:15 pm

6947ch05.fm

Import and export of DES keys under an RSA key, up to 2048-bit

Public Key Encrypt (PKE)

Public Key Encrypt service is provided for the Mod_Raised_to Power (MRP) function. MRP is used to offload compute intensive portions of the Diffie-Hellman protocol onto the PCICA, or PCIXCC features of the z990

Public Key Decrypt (PKD)

Public Key Decrypt supports a zero-pad option for clear RSA private keys. PKD is used as an accelerator for raw RSA private operations, including the use of CRT format keys. The function may be exploited on Linux to allow use of the PCICC, and PCIXCC features of the z990 for improved performance of digital signature generation.

Derived Unique Key Per Transaction (DUKPT)

Service is provided to write applications that implement the DUKPT algorithms as defined by the ANSI X9.24 standard. DUKPT provides additional security for point-of-sale transactions that are standard in the retail industry. DUKPT algorithms are supported on the PCIXCC feature.

Europay Mastercard VISA (EMV) 2000 standard

Applications may be written to comply with the EMV 2000standard for financial transactions between heterogeneous hard- and software. Support for EMV 2000 applies only to the PCIXCC feature of the z990.

Other key functionality of the PCIXCC serve to enhance the security of public/private key encryption processing:

￿Retained key support (RSA private keys generated and kept stored within the secure hardware boundary)

￿Support for 4753 Network Security Processor migration

￿User Defined Extensions (UDX) support enhancements, including:

For Activate UDX requests:

Establish Owner

Relinquish Owner

Emergency Burn of Segment

Remote Burn of Segment

Import UDX File function

Reset UDX to IBM default function

Query UDX Level function

UDX allows the user to add customized operations to a cryptographic processor. User-Defined Extensions to the Common Cryptographic Architecture (CCA) support program that executes within the PCIX Cryptographic Coprocessor will be supported via an IBM Service Offering.

For unique customer applications, the PCIX Cryptographic Coprocessor will support the loading of customized cryptographic functions on z990. Support is available via ICSF and the z990 Cryptographic Support.

More information can be found in the publication IBM zSeries CCA User Defined Extensions Reference and Guide, available on the cryptocards Web site:

http://www.ibm.com/security/cryptocards

Chapter 5. Cryptography 121

Page 134 Page 136
Page 135
Image 135
IBM 990 manual Cryptography
Page 134 Page 136

990 specifications

The IBM 990 series, often referred to in the context of IBM's pioneering efforts in the realm of mainframe computing, represents a unique chapter in the history of information technology. Introduced in the late 1960s, the IBM 990 series was designed as a powerful tool for enterprise-level data processing and scientific calculations, showcasing the company's commitment to advancing computing capabilities.

One of the main features of the IBM 990 was its architecture, which was built to support a wide range of applications, from business processing to complex scientific computations. The system employed a 32-bit word length, which was advanced for its time, allowing for more flexible and efficient data handling. CPUs in the IBM 990 series supported multiple instructions per cycle, which contributed significantly to the overall efficiency and processing power of the machines.

The technology behind the IBM 990 was also notable for its use of solid-state technology. This provided a shift away from vacuum tube systems that were prevalent in earlier computing systems, enhancing the reliability and longevity of the hardware. The IBM 990 series utilized core memory, which was faster and more reliable than the magnetic drum memory systems that had been standard up to that point.

Another defining characteristic of the IBM 990 was its extensibility. Organizations could configure the machine to suit their specific needs by adding memory, storage, and peripheral devices as required. This modular approach facilitated the growth of systems alongside the technological and operational demands of the business environments they served.

In terms of software, the IBM 990 series was compatible with a variety of operating systems and programming environments, including FORTRAN and COBOL, enabling users to access a broader array of applications. This versatility was a significant advantage, making the IBM 990 an appealing choice for educational institutions, research facilities, and enterprises alike.

Moreover, the IBM 990 was engineered to support multiprocessing, which allowed multiple processes to run simultaneously, further increasing its effectiveness in tackling complex computing tasks.

In summary, the IBM 990 series represents a significant advancement in computing technology during the late 20th century. With a robust architecture, versatile configuration options, and a focus on solid-state technology, the IBM 990 facilitated substantial improvements in data processing capabilities, making it a cornerstone for many businesses and academic institutions of its time. Its impact can still be seen today in the continued evolution of mainframe computing.
Top Page Image Contents