Security cryptography – IBM Z10 BUISNESS CLASS Z10 BC User Manual
Page 36
Today’s world mandates that your systems are secure and
available 24/7. The z10 BC employs some of the most
advanced security technologies in the industry—helping
you to meet rigid regulatory requirements that include
encryption solutions, access control management, and
extensive auditing features. It also provides disaster recov-
ery confi gurations and is designed to deliver 99.999%
application availability to help avoid the downside of
planned downtime, equipment failure, or the complete loss
of a data center.
When you need to be more secure, more resilient —
z Can Do IT. The z10 processor chip has on board cryp-
tographic functions. Standard clear key integrated crypto-
graphic coprocessors provide high speed cryptography
for protecting data in storage. CP Assist for Cryptographic
Function (CPACF) supports DES, TDES, Secure Hash Algo-
rithms (SHA) for up to 512 bits, Advanced Encryption Stan-
dard (AES) for up to 256 bits and Pseudo Random Number
Generation (PRNG). Audit logging has been added to the
new TKE workstation to enable better problem tracking.
System z is investing in accelerators that provide improved
performance for specialized functions. The Crypto
Express2 feature for cryptography is an example. The
Crypto Express2 feature can be confi gured as a secure
key coprocessor or for Secure Sockets Layer (SSL) accel-
eration. The feature includes support for 13, 14, 15, 16, 17,
18 and 19 digit Personal Account Numbers for stronger
protection of data. And the tamper-resistant cryptographic
coprocessor is certifi ed at FIPS 140-2 Level 4. To help cus-
tomers scale their Crypto Express2 investments for their
business needs, Crypto Express2 is also available on z10
BC as a single PCI-X adapter which may be defi ned as
either a coprocessor or an accelerator.
System z security is one of the many reasons why the
world’s top banks and retailers rely on the IBM mainframe
to help secure sensitive business transactions.
z Can Do IT securely.
The z10 BC includes both standard cryptographic hard-
ware and optional cryptographic features for fl exibility and
growth capability. IBM has a long history of providing hard-
ware cryptographic solutions, from the development of
Data Encryption Standard (DES) in the 1970s to delivering
integrated cryptographic hardware in a server to achieve
the US Government’s highest FIPS 140-2 Level 4 rating for
secure cryptographic hardware.
The IBM System z10 BC cryptographic functions include
the full range of cryptographic operations needed for e-
business, e-commerce, and fi nancial institution applica-
tions. In addition, custom cryptographic functions can be
added to the set of functions that the z10 BC offers.
New integrated clear key encryption security features on
z10 BC include support for a higher advanced encryption
standard and more secure hashing algorithms. Performing
these functions in hardware is designed to contribute to
improved performance.
Enhancements to eliminate preplanning in the cryptogra-
phy area include the System z10 function to dynamically
add Crypto to a logical partition. Changes to image pro-
fi les, to support Crypto Express2 features, are available
without an outage to the logical partition. Crypto Express2
features can also be dynamically deleted or moved.
CP Assist for Cryptographic Function (CPACF)
CPACF supports clear-key encryption. All CPACF func-
tions can be invoked by problem state instructions defi ned
by an extension of System z architecture. The function is
activated using a no-charge enablement feature and offers
the following on every CPACF that is shared between two
Processor Units (PUs) and designated as CPs and/or Inte-
grated Facility for Linux (IFL):
• DES, TDES, AES-128, AES-192, AES-256
• SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
• Pseudo Random Number Generation (PRNG)
Security
Cryptography
36