Draft Document for Review April 7, 2004 6:15 pm

6947ch05.fm

The CP Assist for Cryptographic Function complements but does not execute public key (PKA) functions and is a prerequisite for the secure cryptographic operations provided by the PCIX Cryptographic Coprocessor (PCIXCC) feature, and the PCI Cryptographic Accelerator (PCICA) feature. The CP Assist for Cryptographic Function runs at z990 processor speed, and since the facility is available on every CP in the system, there are no affinity issues as in earlier CMOS processors.

The functions of the CP Assist for Cryptographic Function must be enabled or disabled by the manufacturing process to conform to United States export requirements.

5.2.2 PCIX Cryptographic Coprocessor (PCIXCC)

The optional Peripheral Component Interconnect Extended Cryptographic Coprocessor (PCIXCC) provides a high performance cryptographic environment with added function. In fact, the PCIX Cryptographic Coprocessor consolidates the functions previously offered on the z900 by the Cryptographic Coprocessor feature (CCF), and the PCI Cryptographic Coprocessor (PCICC) feature. CCF and PCICC features are not available on the z990. The PCIXCC feature provides asynchronous functions only.

The PCIXCC feature is designed for FIPS 140-2 Level 4 compliance rating for secure cryptographic hardware. Unauthorized removal of the card or feature zeroizes its content.

The PCIX Cryptographic Coprocessor features on the z990 enable the user to do the following:

￿Encrypt and decrypt data utilizing secret-key algorithms. Triple-length key DES and double-length key DES algorithms are supported.

￿Generate, install, and distribute cryptographic keys securely using both public and secret key cryptographic methods.

￿Generate, verify, and translate personal identification numbers (PINs).

￿Ensure the integrity of data by using message authentication codes (MACs), hashing algorithms, and Rivest-Shamir-Adelman (RSA) public key algorithm (PKA) digital signatures.

Three methods of master key entry are provided by ICSF for the PCIX Cryptographic Coprocessor features:

1.A pass phrase initialization method that generates and enters all master keys that are necessary to fully enable the cryptographic system in a minimal number of steps.

2.A simplified master key entry procedure provided through a series of Clear Master Key Entry panels from a TSO terminal.

3.In enterprises that require enhanced key-entry security, a Trusted Key Entry (TKE) workstation is available as an optional feature.

The security-relevant portion of the cryptographic functions is performed inside the secure physical boundary of a tamper-resistant card. Master keys and other security-relevant information are also maintained inside this secure boundary.

The PCIXCC features operate with the Integrated Cryptographic Service Facility (ICSF) and IBM Resource Access Control Facility (RACF®), or equivalent software products, in a z/OS or OS/390 operating environment to provide data privacy, data integrity, cryptographic key installation and generation, electronic cryptographic key distribution, and personal identification number (PIN) processing.

Chapter 5. Cryptography 123

Page 136 Page 138
Page 137
Image 137
IBM 990 manual Pcix Cryptographic Coprocessor Pcixcc
Page 136 Page 138

990 specifications

The IBM 990 series, often referred to in the context of IBM's pioneering efforts in the realm of mainframe computing, represents a unique chapter in the history of information technology. Introduced in the late 1960s, the IBM 990 series was designed as a powerful tool for enterprise-level data processing and scientific calculations, showcasing the company's commitment to advancing computing capabilities.

One of the main features of the IBM 990 was its architecture, which was built to support a wide range of applications, from business processing to complex scientific computations. The system employed a 32-bit word length, which was advanced for its time, allowing for more flexible and efficient data handling. CPUs in the IBM 990 series supported multiple instructions per cycle, which contributed significantly to the overall efficiency and processing power of the machines.

The technology behind the IBM 990 was also notable for its use of solid-state technology. This provided a shift away from vacuum tube systems that were prevalent in earlier computing systems, enhancing the reliability and longevity of the hardware. The IBM 990 series utilized core memory, which was faster and more reliable than the magnetic drum memory systems that had been standard up to that point.

Another defining characteristic of the IBM 990 was its extensibility. Organizations could configure the machine to suit their specific needs by adding memory, storage, and peripheral devices as required. This modular approach facilitated the growth of systems alongside the technological and operational demands of the business environments they served.

In terms of software, the IBM 990 series was compatible with a variety of operating systems and programming environments, including FORTRAN and COBOL, enabling users to access a broader array of applications. This versatility was a significant advantage, making the IBM 990 an appealing choice for educational institutions, research facilities, and enterprises alike.

Moreover, the IBM 990 was engineered to support multiprocessing, which allowed multiple processes to run simultaneously, further increasing its effectiveness in tackling complex computing tasks.

In summary, the IBM 990 series represents a significant advancement in computing technology during the late 20th century. With a robust architecture, versatile configuration options, and a focus on solid-state technology, the IBM 990 facilitated substantial improvements in data processing capabilities, making it a cornerstone for many businesses and academic institutions of its time. Its impact can still be seen today in the continued evolution of mainframe computing.
Top Page Image Contents