TKE additional smart cards – new feature
You have the capability to order
System z10 BC cryptographic migration
Clients using a User Defi ned Extension (UDX) of the Common Cryptographic Architecture should contact their UDX provider for an application upgrade before order- ing a new System z10 BC machine; or before planning to migrate or activate a UDX application to fi rmware driver level 73 and higher.
•The Crypto Express2 feature is supported on the z9 BC and can be carried forward on an upgrade to the System z10 BC
•You may continue to use TKE workstations with 5.3 licensed internal code to control the System z10 BC
•TKE 5.0 and 5.1 workstations (#0839 and #0859) may be used to control z9 EC, z9 BC, z890, and IBM eServer zSeries 990 (z990) servers
Remote Loading of Initial ATM Keys
Typically, a new ATM has none of the fi nancial institution’s keys installed. Remote Key Loading refers to the pro- cess of loading Data Encryption Standard (DES) keys to Automated Teller Machines (ATMs) from a central admin- istrative site without the need for personnel to visit each machine to manually load DES keys. This has been done by manually loading each of the two clear text key parts individually and separately into ATMs. Manual entry of keys is one of the most
Remote Key Loading Benefits
•Provides a mechanism to load initial ATM keys without the need to send technical staff to ATMs
•Reduces downtime due to key entry errors
•Reduces service call and key management costs
•Improves the ability to manage ATM conversions and upgrades
Integrated Cryptographic Service Facility (ICSF), together with Crypto Express2, support the basic mechanisms in Remote Key Loading. The implementation offers a secure bridge between the highly secure Common Cryptographic Architecture (CCA) environment and the various formats and encryption schemes offered by the ATM vendors. The following ICSF services are offered for Remote Key loading:
•Trusted Block Create (CSNDTBC): This callable service is used to create a trusted block containing a public key and some processing rules
•Remote Key Export (CSNDRKX): This callable service uses the trusted block to generate or export DES keys for local use and for distribution to an ATM or other remote device
Refer to Application Programmers Guide,
Improved Key Exchange With Non-CCA Cryptographic Systems
IBM Common Cryptographic Architecture (CCA) employs Control Vectors to control usage of cryptographic keys.
These enhancements are exclusive to System z10, and System z9 and are supported by z/OS and z/VM for z/OS guest exploitation.
40