which is designed to meet FIPS 140-2 Level 4 security requirements. This new cryptographic card offers the security and performance required to support e-Business and emerging digital signature applications.

For banking and finance applications the 4764 Cryptographic Coprocessor delivers improved performance for T-DES, RSA, and financial PIN processing. IBM CCA (Common Cryptographic Architecture) APIs are provided to enable finance and other specialized applications to access the services of the coprocessor. For banking and finance applications the 4764 Coprocessor is a replacement for the 4758-023 Cryptographic Coprocessor (feature code 4801).

The 4764 Cryptographic Coprocessor can also be used to improve the performance of high-transaction-rate secure applications that use the SSL and TLS protocols. These protocols are used between server and client applications over a public network like the Internet, when private information is being transmitted in the case of Consumer-to-Business transactions (for example, a web transaction with payment information containing credit card numbers) or Business-to-Business transactions. SSL/TLS is the predominant method for securing web transactions. Establishing SSL/TLS secure web connections requires very compute intensive cryptographic processing. The 4764 Cryptographic Coprocessor off-loads cryptographic RSA processing associated with the establishment of a SSL/TLS session, thus freeing the server for other processing. For cryptographic accelerator applications the 4764 Cryptographic Coprocessor is a replacement for the 2058 Cryptographic Accelerator (feature code 4805).

Cryptographic performance is an important aspect of capacity planning, particularly for applications using SSL/TLS network communications. Besides host processing capacity, the impact of one or more Cryptographic Coprocessors must be considered. Adding a Cryptographic Coprocessor to your environment can often be more beneficial then adding a CPU. The information in this chapter may be used to assist in capacity planning for this complex environment.

Measurement Results

The following three tables display the cryptographic test cases that use the Common Cryptographic Architecture (CCA) interface to measure transactions per second for a variety of 4764 Cryptographic Coprocessor functions.

 

Table 8.4

 

 

 

 

 

 

 

 

 

 

Cipher Encrypt Performance

 

 

 

 

 

 

 

CCA CSP

 

 

 

 

 

Encryption

Threads

Key Length

Transaction Length

4764

4764

 

 

 

Algorithm

(Bits)

(Bytes)

(Transactions/second)

(Bytes/second)

 

 

 

 

 

 

 

DES

1

56

1024

1,026

1,050,283

 

 

 

DES

10

56

1024

1,053

1,078,458

 

 

 

Triple DES

1

112

1024

1,002

1,025,798

 

 

 

Triple DES

1

112

65536

110

7,191,327

 

 

 

Triple DES

10

112

1024

1,021

1,045,535

 

 

 

Triple DES

10

112

65536

123

8,035,164

 

 

 

RSA

1

1024

100

796

n/a

 

 

 

RSA

1

2048

100

307

n/a

 

 

 

RSA

10

1024

100

1,044

n/a

 

 

 

RSA

10

2048

100

462

n/a

 

 

Notes:

 

 

 

 

 

 

 

y

See section 8.2 for Test Environment information

 

 

 

 

y

AES is not supported by the IBM 4764 Cryptographic Coprocessor

 

 

 

IBM i 6.1 Performance Capabilities Reference - January/April/October 2008

 

 

 

© Copyright IBM Corp. 2008

Chapter 8 Cryptography Performance

146

Page 146
Image 146
Intel 7xx Servers, 170 Servers manual Cipher Encrypt Performance, Encryption Threads, 4764, Transactions/second Bytes/second