4755-003/004/005/013/014 Cryptographic Adapter

The Transaction Security System 4755-003 and 004 Cryptographic Adapter cards are functionally enhanced versions of the previous 4755-001 and 4755-002 Cryptographic Adapter cards, and will operate in the DOS and OS/2 environments. The 4755-005 Cryptographic Adapter is designed to provide DES based cryptographic functionality for the RISC System/6000 AIX/6000 environment. The 4755-013/014 Cryptographic Adapter cards are designed to operate in the PC-PS/2, DOS, OS/2 environments and include the Rivest, Shamir and Adleman cipher (RSA) Public Key Algorithm (PKA) along with the Data Encryption Standard cipher (DES).

Note: IBM's current intentions and plans stated in this announcement are subject to review. Announcement of any product will be based upon IBM's business and technical judgement.

General Availability

+-------------------------------------------------------------+
| Machine |   Model  | Feature |  Language |  Availability    |
| Type    |          |         |           |                  |
+-------------------------------------------------------------+
| 4755    |   003    |         |           |    20/11/92      |
| 4755    |   004    |         |           |    20/11/92      |
| 4755    |   005    |         |           |    20/11/92      |
| 4755    |   013    |         |           |    20/11/92      |
| 4755    |   014    |         |           |    20/11/92      |
| 4755    |   L03    |         |           |    20/11/92      |
| 4755    |   L04    |         |           |    20/11/92      |
| 4755    |   L05    |         |           |    20/11/92      |
| 4755    |   L13    |         |           |    20/11/92      |
| 4755    |   L14    |         |           |    20/11/92      |
+-------------------------------------------------------------+

Product Number

                                              Features/
      Description                  Machine(s) Model(s)  Part #
--------------------------         ---------- --------  -------
Cryptographic Adapter card (DES)     4755       003     31F1785
Cryptographic Adapter card (DES)     4755       004     31F1786
Cryptographic Adapter card (DES/PKA) 4755       013     31F1789
Cryptographic Adapter card (DES/PKA) 4755       014     31F1790
Operating Guide 3.5"                      FC   8927     48G1031
Cryptographic Adapter card (DES)     4755       005     17G7547

Highlights

Enhances data asset protection across the network
Protects prior investment in IBM security
Supports continued IBM security migration path capability
Enhances network DEA/DES (Data Encryption Algorithm / Data Encryption Standard) key management capability through Public Key Algorithm (PKA) offerings
Continues continuity of operations and adherence to IBM's Common Cryptographic Architecture (CCA)

Description

Business Solution

The new additions to the IBM Transaction Security System product family will provide an enhanced business solution to helping the customer better secure and protect data assets of the corporation. Through enhanced network data security capability the customer may:

Improve company's profitability and revenue
- Maintain company image as a secure servicer
- Enable new customer services
- Improve competitiveness of customer services
- Reduce losses due to compromised security systems and fraud
Improve company's overall productivity and effectiveness
- Provide end-to-end system solutions
- Minimize permanent information systems security staff requirements (ease of installation and operation)
- Improve protection afforded company assets (transactions, files, programs)
- Improve reliability of internal operations and customer services
- Simplification of internal operations and/or customer services
Enhance integration of business systems
- Ensure compatibility of solutions across company's applications

Specifically, these new product additions will help enable a customer to better meet revenue and profit objectives by adding additional services, such as offering processing or transaction services to a corporate client or gaining entrance to additional networks, requiring greater data security processing.

With the new Transaction Security System public key cryptography offerings, a client's workstation may be initialized remotely by secure loading of DES keys using public key cryptography based on the Rivest, Shamir, and Adelman (RSA) method of public key cryptography. Also, public key cryptography will allow authorizations to be exchanged using digital signatures. These functions will allow customers to offer a greater variety of services to more of their customers.

Investment Protection

The customer's investment in time, equipment and programming will be protected by:

Ensured long-range effectiveness of new business solutions
- Employing technologies that have extendibility
- Compliance with industry standards
Provide sound migration path from current to new system solution
- Minimize the cost of data conversion, application transportability
Provide for effective utilization of company skills
- Build on existing skills, with minimum cost of transfer and education

Any current investment in programming or training by the customer, with the current Transaction Security System products, will be useable by the new Transaction Security System product additions. The programming interface is the same as the current system so all existing applications that use the Security Application Program Interface (SAPI) will run as is. The format of Utilities, installation procedures and documentation will be consistent across all levels of the system, as is the current system.

The new product additions also incorporate the means necessary to ensure for a longer range useability through the new "loadable" processor. That is, if a customer should require some other type of cryptographic algorithm, other than DES or public key cryptography, it may now be possible for that unique algorithm to be downloaded into the Cryptographic Adapter processor, through an IBM Systems Integration contract. Additionally, microcode updates may also be downloaded into the system without requiring the purchase of new hardware or significant reprogramming, which should also help protect the customer's investment.

For security reasons, this "downloading" capability will only be offered through an IBM Systems Integration contract only.

Growth Enablement

The customer now has a clearer growth path for future cryptographic function, as a result of the Transaction Security System product additions. This has been accomplished through the following guidelines:

Compatibility and compliance with IBM's SAA objectives.
- IBM processors
- IBM operating systems
- High-level application program language support
- IBM connectivity
Provide functional granularity
- Provide compliance with IBM's Common Cryptographic Architecture (CCA)
- Provide capability to grow functional depth and breadth as applications and environments grow
- Utilize solution architectures, designs from which subsets and or supersets can be readily derived, such as IBM's Financial Applications Architecture (FAA)

The newly announced 4755 Cryptographic Adapter cards have been designed to accept additional internal programming, which may be performed under an IBM Systems Integration contract. This growth capability enables the 4755 customer to potentially add additional cryptographic functions without necessarily purchasing new hardware.

This added function is available on either DOS or OS/2 operating systems in most PC-PS/2 workstations and in AIX in selected IBM RISC System/6000 POWERstations and POWERservers.

The functions have been designed to the Security API (as the current Transaction Security System products are), such that sufficient granularity is provided. This permits the customer to design a security system that can be modified and grown as security needs change.

Systems Management

The ability to do system management is enhanced through the addition of the new IBM Transaction Security System products. The new products help:

Ensure that new application solutions are compatible with existing access control products, such as IBM's Resource Access Control Facility (RACF) or non-IBM access control software.
Provide a comprehensive set of system cryptographic functions that enable development of the customer's security management system
- Specific and unique to that customer
- Turn-key for an industry application (if desired in the future)
Provide a path for system initialization (key management system)
- Key distribution via secure key part transport media
- Remote and centralized
Provide for auditability by way of system transaction logging.

User Productivity

The new additions to the Transaction Security System family of products were designed to be compatible with prior released IBM security offerings and thereby help ensure some continuity of operations. These products assist the customer in the following areas:

Providing an effective trade-off between enhanced user functions and greater complexity in the user interface.
- Functions are transparent that do not require user intervention
- Provides a user familiar interface where user intervention is required

More specifically, productivity is increased by allowing the use of remote initialization and configuration, saving on time and expense through functions available in the public key cryptography models of the Transaction Security System, to bring a new node on line. The use of digital signatures will result in more efficient processing of day-to-day business transactions by establishment of a message non-repudiation environment. Open Enterprise:

The IBM Transaction Security System cryptographic products are designed to support the following ANSI and ISO standards:

Subject                      ANSI       ISO
 
PIN Management                    X9.8     DIS9546
Message Authentication            X9.9     IS8730
  (Wholesale)
Message Authentication            X9.19    IS8731
  (Retail)
Encryption of Wholsale Finance    X9.23    DIS10126
   Messages
Data Encryption Algorithm         X3.92
Data Encryption Algorithm         X3.106   IS8372
   Modes of Operation
Digital Signature                          IS9796

Additionally, IBM has formally defined a set of mutually compatible cryptographic functions, implemented with a unified application program interface. This architecture was formally announce in the Fall of 1991 as the IBM Common Cryptographic Architecture or CCA. The IBM Transaction Security System is designed to be compliant with the IBM CCA architecture.

Product Positioning

The IBM Transaction Security System 4755 Cryptographic Adapter cards are designed in compliance with IBM's Common Cryptographic Architecture. As such, they comply with the same security architectural guidelines as other IBM cryptographic systems, like the IBM ES/9000 ICSF/ICRF cryptographic facility. This commonality of function and interface greatly enhances the customer's ability to implement a consistent security system across the network.

The 4755-003/004 Cryptographic Adapter cards are DES based and designed to operate in most PC and PS/2 workstations, operating in either a DOS or OS/2 operating system environments.

The 4755-013/014 Cryptographic Adapter cards include both the Data Encryption Standard (DES) and a public key encryption cipher, or Public Key Algorithm (PKA), as defined by Rivest, Shamir, and Adleman (RSA). These adapter cards are designed to operate in most PC and PS/2 workstations, in either a DOS or OS/2 operating system environment.

The 4755-005 Cryptographic Adapter card is DES based and is designed to operate in an IBM RISC System/6000 processor, under an AIX operating system environment.

All of the 4755 cards can support an attached 4754-001 Security Interface Unit. This member of the Transaction Security System family provides improved user access control via IBM's Personal Security card (TM).

Publications

The following publications are shipped with the product. Additional copies will be available after product general availability.

Title                                Order Number
 -----------------------------                 ------------
 4755-003/004/013/014/
 - Safety Flyer  (Multi-language)                GA34-2171
 - Notice to users                               GA34-2149
 
 4755-005
 - Safety Flyer (Multi-language)                 GA34-2171
 - Notice to users                               GA34-2149
 - IBM RISC System/6000 Transaction Security     SY19-6308
   System Installation and Service Guide

Additional copies will be available after product general availability.

Title                                Order Number
 -----------------------------                 ------------
 4755-L03/L04/L13/L14/
 - Safety Flyer  (Multi-language)                GA34-2171
 - Notice to users                               GA34-2149
 
 4755-L05
 - Safety Flyer (Multi-language)                 GA34-2171
 - Notice to users                               GA34-2149
 - IBM RISC System/6000 Transaction Security     SY19-6308
   System Installation and Service Guide

The following publications will be available after product availability. To order, contact your IBM representative.

Order Number         Description
    -------------   -----------------------------
 
    GA34-2137       General Information Manual
    SC31-2934       Programming Reference: Volume I,
                    Access Controls and DES Cryptography
    GC31-3937       Concepts and Programming Guide:
                    Volume I, Access Controls and DES
                    Cryptography
    SA34-2141       Workstation Security Services Installation
                    and Operating Guide
    SA34-2139       4753 Network Security Processor MVS Support
                    Program Installation and Operating Guide
    GA34-2140       4753-001 Network Security Processor
                    Installation and Operating Guide
    GA34-2179       4753-002/012 Network Security Processor
                    Installation and Operating Guide
    SC31-2888       Programming Reference: Volume II,
                    Public-Key Cryptography
    GC31-2889       Concepts and Programming Guide:
                    Volume II, Public-Key Cryptography
    SY19-6308       IBM RISC System/6000 Transaction Security
                    System Installation and Service Guide
    GA19-5503       IBM RISC System/6000 Transaction Security
                    System Operating Guide
    SC40-1675       Common Cryptographic API Interface
                    Reference

Technical Information

Specified Operating Environment

Physical Specifications

The 4755 Cryptographic Adapter occupies a full length slot in
the  PC, PS/2,  RISC System/6000  processor  in  which  it is
installed.

Operating Environment

Temperature:  15.6 to 32.2 degrees C (60 to 90 degrees F)
Relative Humidity:  8 to 80 (percent)

Machine Requirements

IBM PC-PS/2 DOS and OS/2 environment

The 4755 is designed to operate in a normal office environment. It is installed in the personal computer workstation and takes its power from that machine.

The Workstation Security Services program is shipped with the Operating Guide. The Operating Guide is ordered via part number. The minimum recommended memory configuration is 640Kb for the DOS operating environment.

Included with the Operating Guide are the Workstation Security Services Installation and Operating Guide SA34-2141, a set of Workstation Security Services diskettes including device drivers and utility, and a diagnostics diskette, required to install, test, and operate the Cryptographic Adapter.

IBM RISC System/6000 AIX environment

The 4755-005 is designed to operate in a normal office environment. It is installed in the RISC System/6000 POWERstation and POWERserver and takes its power from that machine.

The IBM RISC System/6000 Transaction Security System includes the Installation and Service Guide, a set of program diskettes including device drivers and utility, and a diagnostics diskette, required to install, test, and operate the Cryptographic Adapter card in a compatible IBM RISC System /6000 environment. It is shipped with the 4755-005 Cryptographic Adapter Card.

Programming Requirements

IBM PC-PS/2 DOS and OS/2 environment

The Transaction Security System 4755-003/004/013/014 Cryptographic Adapters are compatible with the following environments:

DOS 3.3 through 5.0
OS/2 -SE and -EE at 1.1, 1.2, and 1.3
OS/2 2.0

The functions provided by the Workstation Security Services program, including device drivers and utilities, are required. These are included in the Operating Guide that must be ordered by part number.

Only one 4755 may be installed per workstation.

IBM RISC System/6000 AIX environment

The TSS 4755-005 Cryptographic Adapters are compatible with the following environments:

AIX for IBM RISC System/6000 Version 3.1 and 3.2
IBM AIX Security Services Program/6000 including I/O system, device driver and utilities. One per RISC System/6000 POWERstation and POWERserver.
The AIX Security Services Program/6000 is shipped with the 4755-005 Cryptographic Adapter card.

A second 4755-005 Cryptographic Adapter card can be installed in a RISC System/6000 POWERstation and POWERserver as a backup unit, sharing the same cryptographic keys as the primary card. However, only one 4755-005 Cryptographic Adapter card can be active at a time.

The TSS 4755-L03/L04/L13/L14 Cryptographic Adapters are compatible with the following environments:

DOS 3.3 through 5.0
OS/2 -SE and -EE at 1.1, 1.2, and 1.3
OS/2 2.0

The functions provided by the Workstation Security Services program, including device drivers and utilities, are required. These are included in the Operating Guide and must be ordered by part number.

Only one 4755 may be installed per workstation.

Compatibility

All of the Transaction Security System products are designed to be compliant with IBM's Common Cryptographic Architecture (CCA) and are therefore compatible in application program interface and cryptographic functionality.

Limitations

Only one 4755 Cryptographic Adapter card may be active at a time, within a PC, PS/2 workstation or RISC System/6000 POWERstation.

Planning Information

Customer Responsibilities

The Customer is responsible for:

Determining system configuration requirements
Providing a compatible processor
Providing a full length card slot for adapter installation
Ensuring that only authorized personnel are permitted access to the adapter and its associated software

The Operating Guide

The Operating Guide includes the following:

Workstation Security Services Installation and Operating Guide SA34-2141
A set of Workstation Security Services diskettes:
- device driver programs
- utility programs
- diagnostic programs

The Operating Guide is required to install, test, and operate the 4755 Cryptographic Adapter in a compatible PC or PS/2 workstation environment.

The Operating Guide with associated diagnostic diskette is ordered as feature code 8927 for the 4755 Models 3 and 4.

The Operating Guide for the 4755 Models 5 is included into the 4755-005/L05 ship group.

DOS or OS/2 Workstation Operating Guide

Media Type: 3.5" diskettes Part Number: 48G1031

English only

Cable Orders

Not Applicable

Problem Determination

Diagnostics software and supporting documentation are included in the Operating Guide, for the 4755-003/004/013/014 Cryptographic Adapter cards. The Operating Guide must be ordered separately, via part number. See The Operating Guide, under customer responsibilities. Diagnostics software and supporting documentation are shipped with the 4755-005.

Packaging

Ship Group:


4755-003/004/013/014 Ship Group and
4755-L03/L04/L13/L14 Ship Group includes:

Safety Flyer  (Multi-language) GA34-2171
Notice to users GA34-2149

4755-005 Ship Group and
4755-L05 Ship Group includes:

Safety Flyer (Multi-language) GA34-2171
Notice to users GA34-2149
IBM RISC System/6000 Transaction Security System
Installation and Service Guide SY19-6308
IBM RISC System/6000 Transaction Security System
Operating Guide GA19-5503
IBM Security Serv. Program/6000, Diskette 1,
IBM Security Serv. Program/6000, Diskette 2,
IBM Security Serv. Program/6000, Diskette 3

Accessories and Supplies

Accessories and Supplies, such as replacement batteries, have to be processed by your SUPPLY and DEMAND function.

Security, Auditability and Control

Security and auditability features of this product include but are not limited to:

DES based cryptographic function (4755-003/004/005)
DES/PKA based cryptographic function (4755-013/014 only)
Message Authentication Code (MAC)
Modification Detection Code (MDC)
Key Management support functions
Tamper resistant hardware encapsulation
Export compliant DES based cryptographic function (4755-L03/L04/L05)
Export compliant DES/PKA based cryptographic function (4755-L13/L14)

User management is responsible for evaluation, selection and implementation of security features, administrative procedures and appropriate controls in application systems and communications facilities.

Professional & Technical Services

Services providing for the efficient installation, implementation and/or integration of this product are available from IBM as either standard or customized offerings.
Contact your Marketing Representative for the full scope of the available services.

************ End of Document ************