Tke Workstation With Licensed Internal Code 8.0; Tke Workstation With Licensed Internal Code 8.1 - IBM z13s Technical Manual

6.6.3 TKE workstation with Licensed Internal Code 8.0

To control the Crypto Express5S card in a z13s server, a TKE workstation (FC 0847 or 0097)
with LIC 8.0 (FC 0877) or LIC 8.1 (FC 0878) is required. LIC 8.0 does not provide the new
functions of LIC 8.1. TKE LIC 8.1 is delivered with a z13s server. To control a Crypto
Express5S in a z13s server with a TKE workstation running LIC 8.0, delivered with an already
installed z13, an MES upgrade to LIC 8.1 is required.
LIC 8.0 has the following enhancements compared to the older LIC 7.x:
TKE workstation with LIC 8.0 or higher is required to manage a Crypto Express5S host.
Only a TKE workstation with LIC 8.0 or higher can be used to manage domains higher
than 16 on a Crypto Express5S feature.
The Full Function Migration Wizard is required when data is applied to a
Crypto Express5S host. If data is applied to a Crypto Express5S host, the collection must
be done by using Key Part Holder Certificates from Key Part Holder (KPH) smart cards
that are created on a TKE workstation with LIC 8.0 or higher.
Recommendation: During a migration, if data is applied to a Crypto Express5S, collect
the source module from the TKE workstation with LIC 8.0 or later.

6.6.4 TKE workstation with Licensed Internal Code 8.1

The TKE 8.1 LIC (FC 0878) offers the following new features:
Domain Cloning: The ability to collect data from one domain and push it to a set of
domains. This feature is valuable for deploying new domains.
Coordinated Master Key roll: Ability to start Coordinated Master Key roll from the TKE
Three new wizard-like features: Create new TKE zone, Create new Migration Zone, and
Configure Host Roles and Authorities.
Operational Key Option: This feature allows the client to decide whether operational key
commands are limited to the master domain or sent to all domains in the group.
HMAC key: Support for HMAC key has been added. The key is limited to three specific
sizes: 128, 192, and 256.
TKE enables Save Customized Data feature: This feature simplifies the way that a client
can save and restore client data to a TKE.
TKE can be configured to prevent auto-logon: If configured, a password is required to start
the Trusted Key Entry Console web application.
Binary Key Part File Utility: This feature allows the client to copy a key part from a binary
file to a smart card.
ACP Usage Information: This feature allows clients to determine which Domain Controls
(Access Control Points) are actually "checked/used" on a domain. The utility allows you to
activate and deactivate tracking and create reports.
Display Crypto Module Settings: This feature allows you to build a report that shows the
settings of a crypto module.
Chapter 6. Cryptography
223