Table of Contents
Advertisement
6.1 Cryptography in IBM z13 and z13s servers
IBM z13 and z13s servers introduce the new PCI Crypto Express5S feature, together with a
redesigned CPACF Coprocessor, managed by a new Trusted Key Entry (TKE) workstation.
Also, the IBM Common Cryptographic Architecture (CCA) and the IBM Enterprise PKCS #11
(EP11) Licensed Internal Code (LIC) have been enhanced. The new functions support new
standards and are designed to meet the following compliance requirements:
National Institute of Standards and Technology (NIST) through the Federal Information
Processing Standard (FIPS) standard to implement guidance requirements
Emerging banking standards to strength the cryptographic standards for attack resistance
VISA Format Preserving Encryption (VFPE) for credit card numbers
Enhanced public key elliptic curve cryptography (ECC) for users such as Chrome, Firefox,
and Apple's iMessage
IBM z13s servers include both standard cryptographic hardware and optional cryptographic
features for flexibility and growth capability. IBM has a long history of providing hardware
cryptographic solutions. This history stretches from the development of the Data Encryption
Standard (DES) in the 1970s to the Crypto Express tamper-sensing and tamper-responding
programmable features. Crypto Express is designed to meet the US Government's highest
security rating, which is FIPS 140-2 Level 4
ratings like the Common Criteria for Information Technology Security Evaluation, the Payment
Card Industry (PCI) hardware security module (HSM) criteria, and the criteria for Deutsche
Kreditwirtschaft (DK) evaluation.
The cryptographic functions include the full range of cryptographic operations that are
necessary for e-business, e-commerce, and financial institution applications. User Defined
Extensions (UDX) allow you to add custom cryptographic functions to the functions that z13s
servers offer.
6.2 Some fundamentals on cryptography
From the beginning of human history, there always has been the demand to keep certain
messages secret, so that a third person is not able to understand what the sender is telling
the receiver. Also, you need to ensure that a message cannot be corrupted, and that the
sender and the receiver really are the persons that they seem to be. Over the centuries,
several methods have been used to achieve these objectives, with more or less success.
Many procedures and algorithms for encrypting and decrypting data have been developed,
most of which are complicated and time consuming to handle.
6.2.1 Modern cryptography
With the development of computing technology, encryption and decryption algorithms can be
performed by computers, which enables the use of complicated mathematical algorithms,
most of them based on the prime factorization of very large numbers. In modern
cryptography, these are the main purposes for protecting information:
Protection: The protection of data usually is the main concept associated with
cryptography. Only authorized persons should be able to read the message or to get
information about it. Data is encrypted by using a known algorithm and secret keys such
1
Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules
200
IBM z13s Technical Guide
1
. It is also designed to meet several other security
- Quick Links:
- Front Cover
Hide quick links:
Advertisement
Table of Contents
