Machine type IBM 4753-014
Feature codes 9710, 9730, and 9750 specify the cryptographic capabilities of the product to satisfy governmental export/import control requirements; certain feature codes may normally be unavailable in a specific geography. The IBM export regulation coordinator can assist you in determining limitations that apply in each case and in applying for any deviations to standard practice.
Feature codes 9710, 9730, and 9750 are available only at time of initial order. Feature codes 9710 is available to all customers in the USA and Canada. It
provides DES data confidentiality service and DES key encryption using an RSA key length up to 1024-bits.
Feature codes 9730 is generally available to financial institutions outside of the USA and Canada. It provides DES data confidentiality service and DES key encryption using an RSA key length up to 512-bits.
Feature codes 9750 is generally available to all customers outside of the USA and Canada. It provides CDMF data confidentiality service and DES key encryption using an RSA key length up to 512-bits.
In all cases RSA digital signature operations are possible with key lengths up to 1024 bits.
| Two new feature codes for the 4753 Network Security Processor are as follows: | Feature code 5524 provides a firmware update to feature codes 9710 and | 9730. It includes both the diskettes containing the updates and the installation
| instructions.
| Feature Code 5534 provides an IBM 4755 Cryptographic Adapter model 024
| installed in the Network Security Processor.
IBM Network Security Processor MVS Support Program,
Version 2
Program number 5655-A16
Compatibility: the IBM Network Security Processor MVS Support Program,
Version 2 is upwardly compatible with Network Security Processor MVS Support Program Version 1 Release 2,3.
The new public key related enhancements in Version 2, with the exception of the two new one-way hashing algorithms, are not supported on the IBM 4753 Network Security Processor Models 1, 2, or 12. Customers with a 4753 Model 14 installed that shipped prior to March 28, 1997 will also need to install feature number 5524 and release 3.2 of the 4753 Control Program before utilizing these capabilities.
Packaging: in addition to the cartridge containing the IBM Network Security
Processor MVS Support Program, Version 2, the 4753 Network Security Processor Control Program Release 3.2 will be shipped on 3 1/2-inch diskettes. Release 3.2 of the 4753 Control Program is required for current 4753 Model customers who | want to use the new RSA PKA96 capabilities.
Chapter 3. Cryptographic and Other Function Sets, and the
Programming Interface
This chapter describes the several classes of services (verbs) that the Transaction Security System products support and explains how application programs can interface to the products.
Background
Initial shipments of the Transaction Security System family products occurred in | 1989. With the announcement in 1990 of the System/390 Integrated Cryptographic | Feature and its supporting software, the Integrated Cryptographic Support Facility,
IBM published the IBM Common Cryptographic Architecture, CCA. Several articles appeared in the IBM System Journal that have explained the advantages of this architecture, and a formal presentation of the associated programming interface was published in the IBM Common Cryptographic Architecture, Cryptographic Application Programming Interface, Reference. As published in 1990, CCA generally represented the common subset of functions available with the Transaction Security System product family and the System/390 Integrated Cryptographic Feature.
In 1992, the IBM 4755 Cryptographic Adapter and IBM 4753 Network Security Processor were enhanced with initial support for RSA public key cryptography. This support was documented in several Journal articles and in the IBM Common Cryptographic Architecture, Cryptographic Application Programming Interface, Reference - Public Key Algorithm manual. With the Transaction Security System announcement in March, 1997, these RSA-related services and architecture are designated PKA92 in order to distinguish these older “1992” services from the new
PKA96 public key services.
Functional enhancements have been made to the Transaction Security System product family periodically since 1989. Now there are a considerable number of services available with the Transaction Security System product family. Experience with the products, and new requirements for cryptographic services arising out of the security requirements for the Internet, ongoing standardization efforts in industry, and agreements with governmental agencies, have resulted in additional changes and extensions to the CCA API and services.
Given the changes in the past years, and IBM's intention to provide cryptographic solutions in the years ahead, changes to the Transaction Security System and Common Cryptographic Architecture APIs are to be documented in updated publications.
This chapter, and the new Transaction Security System programming reference manuals available in the coming months, describe the IBM SecureWay CCA Cryptographic API. Where possible, the material will seek to guide the user to capabilities that are, or seem likely to be, common across multiple products. Customers must understand that IBM will exercise its business judgement in bringing additional products to the marketplace. Nothing contained in this chapter should be taken as a commitment by IBM to offer additional products. Nor should
anything in this chapter be taken to suggest the capabilities of any additional products that IBM may offer in the future.
The remaining parts of this chapter...
Provide an introduction to the CCA and Transaction Security System APIs Categorize the services that are available with the cryptographic products.