IBM has offered hardware-based cryptographic processors for its mainframe computers for nearly thirty years. Over that period, IBM has continued to update both the hardware and software, providing added features, higher performance, greater physical security, and improved management features. This commitment continues with the System z9TM, as demonstrated by the two improvements described in this paper. The first part of the paper describes enhancements to the System z9 to configure and control cryptographic features. The second part describes a new method for the cryptographic coprocessors to securely manage keys which are distributed to remote devices that are not necessarily in secure or well-controlled environments.
[1]
Leendert van Doorn,et al.
The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer
,
2004,
IBM J. Res. Dev..
[2]
Daniel J. Stigliani,et al.
IBM eServer z900 I/O subsystem
,
2002,
IBM J. Res. Dev..
[3]
Adi Shamir,et al.
A method for obtaining digital signatures and public-key cryptosystems
,
1978,
CACM.
[4]
Alan O. Freier,et al.
The SSL Protocol Version 3.0
,
1996
.