36
– A mixture of both secure and clear key applications
can run on the same Crypto Express2 feature
– Based on the increased throughput, the ability to con-
solidate both secure key and clear key crypto work-
loads and I/O slots on the same feature
* The SSL rate was achieved with a z990 with 16 proces-
sors and 6 PCICA features (12 accelerator cards). These
measurements are examples of the maximum transactions/
second achieved in a lab environment with no other pro-
cessing occurring and do not represent actual fi eld mea-
surements. Details available upon request.
All logical partitions (LPARs) in all Logical Channel Sub-
Systems (LCSSs) have access to the Crypto Express2
feature, up to 30 LPARs per feature.
11
The Crypto Express2 feature is exclusive to z890 and
z990, requires the October 2004 level of Licensed Internal
Code, and is supported by z/OS, z/OS.e, z/VM, VSE/ESA,
and Linux on zSeries. z/VM, VSE/ESA and Linux on zSeries
offer support for clear key SSL transactions only.
Cryptographic support for 19-digit PANs
Crypto Express2 and PCIXCC now offer CVV generation
and verifi cation services for 19-digit PANs. Industry prac-
tices for use of Card Validation Value (CVV) are moving to
base CVV computations on a 19-digit PAN instead of the
13-digit and 16-digit PANs currently in use and supported
by ICSF and the PCIXCC feature. ICSF, Crypto Express2,
and PCIXCC now support use of the 19-digit PAN in the
CVV generation and verifi cation services (CSNBCSG and
CSNBCSV, respectively).
Support of CVV generation and verifi cation services for
19-digit PANs, an anti-fraud security feature, is supported
by the Crypto Express2 and PCIXCC features on the z890
and z990 and by z/OS and z/OS.e.
Enabling use of less than 512-bit keys for clear key RSA
operations
The Crypto Express2 and PCIXCC features will now sup-
port applications that require clear key RSA operations
using keys less than 512-bits, including ICSF Callable
services and their corresponding verbs: Digital Signature
Verify (CSNDDSV), Public Key Encrypt (CSNDPKE), and
Public Key Decrypt (CSNDPKD). All other ICSF Callable
services that require a Crypto Express2 or PCIXCC feature
continue to require keys of more than 511-bits.
Enabling the lower limit for clear key RSA operations may
allow the migration of some additional cryptographic appli-
cations to z890 and z990 servers without requiring the
applications to be rewritten.
Support of applications that require clear key RSA operations
using keys less than 512-bits applies to the Crypto Express2
and PCIXCC features, is exclusive to z890 and z990, and is
supported by z/OS, z/OS.e, and z/VM. Refer to the Hardware
and Software requirements sections for more information.
2048-bit key RSA management for PCICC on z800, z900
2048-bit key (clear and secure) RSA management capabil-
ity for z800 and z900 servers, in support of new Automated
Teller Machine (ATM) standards, will be available via the
2048-bit key RSA management for PCICC (#0867) feature.
1024-bit key RSA management is available today via a
Functional Control Vector (FCV) on the PCI Cryptographic
Coprocessor (PCICC) Enablement diskette (#0865). This
capability is unique to PCICC and does not apply to the
CMOS Cryptographic Coprocessor Facility (CCF).
The 2048-bit functional control vector (FCV) will support
four ICSF services: Public Key Decrypt (PKD), Symmetric
Key Import (SYI), Symmetric Key Export (SYX) and Sym-
metric Key Generate (SYG). Applications that require 2048-
bit key RSA management will be able to migrate with ease.