Filter
Top Products
CCA Release 2.54
Establishing a Master Key: To protect working keys, the master key must be
generated and initialized in a secure manner. One method uses the internal
random-number generator for the source of the master key. In this case, the
master key is never external to the node as an entity, and no other node will have
the same master key
2
unless master-key cloning is authorized and in use. If the
Coprocessor detects tampering and destroys the master key, there is no way to
recover the working keys that it wrapped.
Another master-key-establishment method enables authorized users to enter
multiple, separate 168-bit key parts into the cryptographic engine. As each part is
entered, that part is exclusive-ORed with the contents of the new master-key
register. When all parts have been accumulated, a separate command is issued to
promote the contents of the current master-key register to the old master-key
register, and to promote the contents of the new master-key register to the current
master-key register.
A master key can be “cloned” (copied) from one IBM 4758 CCA node to another
IBM 4758 CCA node through a process of master-key-shares distribution. This
process is protected through the use of digital certificates and authorizations.
Under this process, the master key can be reconstituted in one or more additional
IBM 4758s through the transport of encrypted shares of the master key.
“Understanding and Managing Master Keys” on page 2-12 provides additional
detail about master-key management.
CCA Verbs: Application and utility programs (requestors) obtain service from the
CCA support program by issuing service requests (“verb calls” or “procedure calls”)
to the runtime subsystem. To fulfill these requests, the support program obtains
service from the Coprocessor software and hardware.
The available services are collectively described as the CCA security API. All of
the software and hardware accessed through the CCA security API should be
considered an integrated subsystem. A command processor performs the verb
request within the cryptographic engine.
Commands and Access Control: In order to ensure that only designated
individuals (or programs) can execute sensitive commands such as master-key
loading, each command processor interrogates one or more control-point values
within the cryptographic engine access-control system for permission to perform the
request.
The access-control system includes roles. Each role defines the permissible
control points for users associated with that role. The access-control system also
supports user profiles that are referenced by a user ID. Each profile associates the
user ID with a role, logon verification method and authentication information, and a
logon session-key. Within a host process, one and only one profile, and thus role,
can be logged on at a time. In the absence of a logged-on user, a default role
defines the permitted commands (via the control points in the role) that a process
can use.
2
Unless, out of the 2
168
possible values, another node randomly generates the same master-key data.
Chapter 1. Introduction to Programming for the IBM CCA
1-5