IBM 170 Servers Manual page 146

which is designed to meet FIPS 140-2 Level 4 security requirements. This new cryptographic card offers
the security and performance required to support e-Business and emerging digital signature applications.
For banking and finance applications the 4764 Cryptographic Coprocessor delivers improved
performance for T-DES, RSA, and financial PIN processing. IBM CCA (Common Cryptographic
Architecture) APIs are provided to enable finance and other specialized applications to access the services
of the coprocessor. For banking and finance applications the 4764 Coprocessor is a replacement for the
4758-023 Cryptographic Coprocessor (feature code 4801).
The 4764 Cryptographic Coprocessor can also be used to improve the performance of
high-transaction-rate secure applications that use the SSL and TLS protocols. These protocols are used
between server and client applications over a public network like the Internet, when private information is
being transmitted in the case of Consumer-to-Business transactions (for example, a web transaction with
payment information containing credit card numbers) or Business-to-Business transactions. SSL/TLS is
the predominant method for securing web transactions. Establishing SSL/TLS secure web connections
requires very compute intensive cryptographic processing. The 4764 Cryptographic Coprocessor
off-loads cryptographic RSA processing associated with the establishment of a SSL/TLS session, thus
freeing the server for other processing. For cryptographic accelerator applications the 4764 Cryptographic
Coprocessor is a replacement for the 2058 Cryptographic Accelerator (feature code 4805).
Cryptographic performance is an important aspect of capacity planning, particularly for applications using
SSL/TLS network communications. Besides host processing capacity, the impact of one or more
Cryptographic Coprocessors must be considered. Adding a Cryptographic Coprocessor to your
environment can often be more beneficial then adding a CPU. The information in this chapter may be
used to assist in capacity planning for this complex environment.
Measurement Results
The following three tables display the cryptographic test cases that use the Common Cryptographic
Architecture (CCA) interface to measure transactions per second for a variety of 4764 Cryptographic
Coprocessor functions.
Table 8.4
Encryption
Threads
Algorithm
DES
DES
Triple DES
Triple DES
Triple DES
Triple DES
RSA
RSA
RSA
RSA
Notes:
See section 8.2 for Test Environment information
AES is not supported by the IBM 4764 Cryptographic Coprocessor
IBM i 6.1 Performance Capabilities Reference - January/April/October 2008
©
Copyright IBM Corp. 2008
Cipher Encrypt Performance
Key Length Transaction Length
(Bits)
1 56
10 56
1 112
1 112
10 112
10 112
1 1024
1 2048
10 1024
10 2048
Chapter 8 Cryptography Performance
CCA CSP
4764
(Bytes) (Transactions/second)
1024
1024
1024
65536
1024
65536
100
100
100
100
4764
(Bytes/second)
1,026 1,050,283
1,053 1,078,458
1,002 1,025,798
110 7,191,327
1,021 1,045,535
123 8,035,164
796
307
1,044
462
n/a
n/a
n/a
n/a
146