Filter
Top Products
CCA Release 2.54
Applications employ the CCA security API to obtain services from and to manage
the operation of a cryptographic system that meets CCA architecture specifications.
Cryptographic Engine: The CCA architecture defines a cryptographic subsystem
that contains a cryptographic engine operating within a protected boundary. See
Figure 1-1 on page 1-3. The Coprocessor's tamper-resistant, tamper-responding
environment provides physical security for this boundary, and the CCA architecture
provides the concomitant logical security needed for the full protection of critical
information.
Access Control: Each CCA node has an access-control system enforced by the
hardware and protected software. This access-control system permits you to
determine whether programs and persons can use the cryptographic and
data-storage services. Although your computing environment may be considered
open, the specialized processing environment provided by the cryptographic engine
can be kept secure; selected services are provided only when logon requirements
are met. The access-control decisions are performed within the secured
environment of the cryptographic engine and cannot be subverted by rogue code
that might run on the main computing platform.
Coprocessor Certification: After quality checking a newly manufactured
Coprocessor, IBM loads and certifies the embedded software. Following the
loading of basic, authenticated software, the Coprocessor generates an RSA
key-pair and retains the private key within the cryptographic engine. The
associated public key is signed by a key securely held at the manufacturing facility,
and then the signed device key is stored within the Coprocessor. The
manufacturing facility key has itself been signed by a securely held key unique to
the IBM 4758 product line.
The private key within the Coprocessor—known as the device private key—is
retained in the Coprocessor. From this time on, the Coprocessor sets all
security-relevant keys and data items to zero if tampering is detected or if the
Coprocessor batteries are removed. This zeroization is irreversible and will
result in the permanent loss of the factory-certified device key, the device private
key, and all other data stored in battery-protected memory. Certain critical data
stored in the Coprocessor flash memory is encrypted. The key used to encrypt
such data is itself retained in the battery protected memory that is zeroized upon a
tamper detection event.
Master Key: When using the CCA architecture, working keys—including session
keys and the RSA private keys used at a node to form digital signatures or to
unwrap other keys—are generally stored outside of the cryptographic-engine
protected environment. These working keys are wrapped (DES triple-enciphered)
by a master key. The master key is held in the clear (not enciphered) within the
cryptographic engine.
The number of keys a node can use is restricted only by the storage capabilities of
the node, not by the finite amount of storage within the Coprocessor secure
module. In addition, keys can be used by other cryptographic nodes that have the
same master-key data. This feature is useful in high-availability or high-throughput
environments where multiple cryptographic processors must function in parallel.
1-4 IBM 4758 CCA Basic Services, Release 2.54, February 2005