IBM Announcement Letter No. ZG92-0260 dated October 06, 1992.
Note: IBM's current intentions and plans stated in this announcement are subject to review. Announcement of any product will be based upon IBM's business and technical judgement.
+-------------------------------------------------------------+ | Machine | Model | Feature | Language | Availability | | Type | | | | | +-------------------------------------------------------------+ | 4755 | 003 | | | 20/11/92 | | 4755 | 004 | | | 20/11/92 | | 4755 | 005 | | | 20/11/92 | | 4755 | 013 | | | 20/11/92 | | 4755 | 014 | | | 20/11/92 | | 4755 | L03 | | | 20/11/92 | | 4755 | L04 | | | 20/11/92 | | 4755 | L05 | | | 20/11/92 | | 4755 | L13 | | | 20/11/92 | | 4755 | L14 | | | 20/11/92 | +-------------------------------------------------------------+
Features/ Description Machine(s) Model(s) Part # -------------------------- ---------- -------- ------- Cryptographic Adapter card (DES) 4755 003 31F1785 Cryptographic Adapter card (DES) 4755 004 31F1786 Cryptographic Adapter card (DES/PKA) 4755 013 31F1789 Cryptographic Adapter card (DES/PKA) 4755 014 31F1790 Operating Guide 3.5" FC 8927 48G1031 Cryptographic Adapter card (DES) 4755 005 17G7547
The new additions to the IBM Transaction Security System product family will provide an enhanced business solution to helping the customer better secure and protect data assets of the corporation. Through enhanced network data security capability the customer may:
Specifically, these new product additions will help enable a customer to better meet revenue and profit objectives by adding additional services, such as offering processing or transaction services to a corporate client or gaining entrance to additional networks, requiring greater data security processing.
With the new Transaction Security System public key cryptography offerings, a client's workstation may be initialized remotely by secure loading of DES keys using public key cryptography based on the Rivest, Shamir, and Adelman (RSA) method of public key cryptography. Also, public key cryptography will allow authorizations to be exchanged using digital signatures. These functions will allow customers to offer a greater variety of services to more of their customers.
The customer's investment in time, equipment and programming will be protected by:
Any current investment in programming or training by the customer, with the current Transaction Security System products, will be useable by the new Transaction Security System product additions. The programming interface is the same as the current system so all existing applications that use the Security Application Program Interface (SAPI) will run as is. The format of Utilities, installation procedures and documentation will be consistent across all levels of the system, as is the current system.
The new product additions also incorporate the means necessary to ensure for a longer range useability through the new "loadable" processor. That is, if a customer should require some other type of cryptographic algorithm, other than DES or public key cryptography, it may now be possible for that unique algorithm to be downloaded into the Cryptographic Adapter processor, through an IBM Systems Integration contract. Additionally, microcode updates may also be downloaded into the system without requiring the purchase of new hardware or significant reprogramming, which should also help protect the customer's investment.
For security reasons, this "downloading" capability will only be offered through an IBM Systems Integration contract only.
The customer now has a clearer growth path for future cryptographic function, as a result of the Transaction Security System product additions. This has been accomplished through the following guidelines:
The newly announced 4755 Cryptographic Adapter cards have been designed to accept additional internal programming, which may be performed under an IBM Systems Integration contract. This growth capability enables the 4755 customer to potentially add additional cryptographic functions without necessarily purchasing new hardware.
This added function is available on either DOS or OS/2 operating systems in most PC-PS/2 workstations and in AIX in selected IBM RISC System/6000 POWERstations and POWERservers.
The functions have been designed to the Security API (as the current Transaction Security System products are), such that sufficient granularity is provided. This permits the customer to design a security system that can be modified and grown as security needs change.
The ability to do system management is enhanced through the addition of the new IBM Transaction Security System products. The new products help:
The new additions to the Transaction Security System family of products were designed to be compatible with prior released IBM security offerings and thereby help ensure some continuity of operations. These products assist the customer in the following areas:
More specifically, productivity is increased by allowing the use of remote initialization and configuration, saving on time and expense through functions available in the public key cryptography models of the Transaction Security System, to bring a new node on line. The use of digital signatures will result in more efficient processing of day-to-day business transactions by establishment of a message non-repudiation environment. Open Enterprise:
The IBM Transaction Security System cryptographic products are designed to support the following ANSI and ISO standards:
Subject ANSI ISO PIN Management X9.8 DIS9546 Message Authentication X9.9 IS8730 (Wholesale) Message Authentication X9.19 IS8731 (Retail) Encryption of Wholsale Finance X9.23 DIS10126 Messages Data Encryption Algorithm X3.92 Data Encryption Algorithm X3.106 IS8372 Modes of Operation Digital Signature IS9796
Additionally, IBM has formally defined a set of mutually compatible cryptographic functions, implemented with a unified application program interface. This architecture was formally announce in the Fall of 1991 as the IBM Common Cryptographic Architecture or CCA. The IBM Transaction Security System is designed to be compliant with the IBM CCA architecture.
The IBM Transaction Security System 4755 Cryptographic Adapter cards are designed in compliance with IBM's Common Cryptographic Architecture. As such, they comply with the same security architectural guidelines as other IBM cryptographic systems, like the IBM ES/9000 ICSF/ICRF cryptographic facility. This commonality of function and interface greatly enhances the customer's ability to implement a consistent security system across the network.
The 4755-003/004 Cryptographic Adapter cards are DES based and designed to operate in most PC and PS/2 workstations, operating in either a DOS or OS/2 operating system environments.
The 4755-013/014 Cryptographic Adapter cards include both the Data Encryption Standard (DES) and a public key encryption cipher, or Public Key Algorithm (PKA), as defined by Rivest, Shamir, and Adleman (RSA). These adapter cards are designed to operate in most PC and PS/2 workstations, in either a DOS or OS/2 operating system environment.
The 4755-005 Cryptographic Adapter card is DES based and is designed to operate in an IBM RISC System/6000 processor, under an AIX operating system environment.
All of the 4755 cards can support an attached 4754-001 Security Interface Unit. This member of the Transaction Security System family provides improved user access control via IBM's Personal Security card (TM).
Title Order Number ----------------------------- ------------ 4755-003/004/013/014/ - Safety Flyer (Multi-language) GA34-2171 - Notice to users GA34-2149 4755-005 - Safety Flyer (Multi-language) GA34-2171 - Notice to users GA34-2149 - IBM RISC System/6000 Transaction Security SY19-6308 System Installation and Service GuideAdditional copies will be available after product general availability.
Title Order Number ----------------------------- ------------ 4755-L03/L04/L13/L14/ - Safety Flyer (Multi-language) GA34-2171 - Notice to users GA34-2149 4755-L05 - Safety Flyer (Multi-language) GA34-2171 - Notice to users GA34-2149 - IBM RISC System/6000 Transaction Security SY19-6308 System Installation and Service Guide
The following publications will be available after product availability. To order, contact your IBM representative.
Order Number Description ------------- ----------------------------- GA34-2137 General Information Manual SC31-2934 Programming Reference: Volume I, Access Controls and DES Cryptography GC31-3937 Concepts and Programming Guide: Volume I, Access Controls and DES Cryptography SA34-2141 Workstation Security Services Installation and Operating Guide SA34-2139 4753 Network Security Processor MVS Support Program Installation and Operating Guide GA34-2140 4753-001 Network Security Processor Installation and Operating Guide GA34-2179 4753-002/012 Network Security Processor Installation and Operating Guide SC31-2888 Programming Reference: Volume II, Public-Key Cryptography GC31-2889 Concepts and Programming Guide: Volume II, Public-Key Cryptography SY19-6308 IBM RISC System/6000 Transaction Security System Installation and Service Guide GA19-5503 IBM RISC System/6000 Transaction Security System Operating Guide SC40-1675 Common Cryptographic API Interface Reference
The 4755 Cryptographic Adapter occupies a full length slot in the PC, PS/2, RISC System/6000 processor in which it is installed.
Temperature: 15.6 to 32.2 degrees C (60 to 90 degrees F) Relative Humidity: 8 to 80 (percent)
The 4755 is designed to operate in a normal office environment. It is installed in the personal computer workstation and takes its power from that machine.
The Workstation Security Services program is shipped with the Operating Guide. The Operating Guide is ordered via part number. The minimum recommended memory configuration is 640Kb for the DOS operating environment.
Included with the Operating Guide are the Workstation Security Services Installation and Operating Guide SA34-2141, a set of Workstation Security Services diskettes including device drivers and utility, and a diagnostics diskette, required to install, test, and operate the Cryptographic Adapter.
The 4755-005 is designed to operate in a normal office environment. It is installed in the RISC System/6000 POWERstation and POWERserver and takes its power from that machine.
The IBM RISC System/6000 Transaction Security System includes the Installation and Service Guide, a set of program diskettes including device drivers and utility, and a diagnostics diskette, required to install, test, and operate the Cryptographic Adapter card in a compatible IBM RISC System /6000 environment. It is shipped with the 4755-005 Cryptographic Adapter Card.
The Transaction Security System 4755-003/004/013/014 Cryptographic Adapters are compatible with the following environments:
The functions provided by the Workstation Security Services program, including device drivers and utilities, are required. These are included in the Operating Guide that must be ordered by part number.
Only one 4755 may be installed per workstation.
The TSS 4755-005 Cryptographic Adapters are compatible with the following environments:
A second 4755-005 Cryptographic Adapter card can be installed in a RISC System/6000 POWERstation and POWERserver as a backup unit, sharing the same cryptographic keys as the primary card. However, only one 4755-005 Cryptographic Adapter card can be active at a time.
The TSS 4755-L03/L04/L13/L14 Cryptographic Adapters are compatible with the following environments:
The functions provided by the Workstation Security Services program, including device drivers and utilities, are required. These are included in the Operating Guide and must be ordered by part number.
Only one 4755 may be installed per workstation.
All of the Transaction Security System products are designed to be compliant with IBM's Common Cryptographic Architecture (CCA) and are therefore compatible in application program interface and cryptographic functionality.
Only one 4755 Cryptographic Adapter card may be active at a time, within a PC, PS/2 workstation or RISC System/6000 POWERstation.
The Customer is responsible for:
The Operating Guide includes the following:
The Operating Guide is required to install, test, and operate the 4755 Cryptographic Adapter in a compatible PC or PS/2 workstation environment.
The Operating Guide with associated diagnostic diskette is ordered as feature code 8927 for the 4755 Models 3 and 4.
The Operating Guide for the 4755 Models 5 is included into the 4755-005/L05 ship group.
DOS or OS/2 Workstation Operating Guide
Media Type: 3.5" diskettes Part Number: 48G1031
English only
Not Applicable
Diagnostics software and supporting documentation are included in the Operating Guide, for the 4755-003/004/013/014 Cryptographic Adapter cards. The Operating Guide must be ordered separately, via part number. See The Operating Guide, under customer responsibilities. Diagnostics software and supporting documentation are shipped with the 4755-005.
Ship Group:
Accessories and Supplies, such as replacement batteries, have to be processed by your SUPPLY and DEMAND function.
Security and auditability features of this product include but are not limited to:
Services providing for the efficient installation, implementation
and/or integration of this product are available from IBM as either
standard or customized offerings.
Contact your Marketing Representative for the full scope of the
available services.
Consult your IBM Marketing Representative.
All Terms and Conditions are the same as those which apply to the IBM 4755/Cryptographic Adapter.
All European, Middle Eastern and African Countries.
The data in this letter is subject to the disclaimer in Letter ZS90-0112, which is available from IBM on request.