z/OS Cryptographic Services ICSF Overview
Previous topic |
Next topic
|
Contents
|
Contact z/OS
|
Library
|
PDF
Contents (exploded view)
z/OS Cryptographic Services ICSF Overview
SA22-7519-16
Overview
Figures
Tables
Introducing cryptography and ICSF
What is cryptography?
The basic elements of a cryptographic system
Secret key cryptography
Public key cryptography
How does ICSF support cryptography?
How does ICSF extend the uses of cryptography?
Key generation and distribution
Personal Identification Numbers (PINs)
Message Authentication Codes (MACs)
Hashing algorithms
Digital signatures
Card-verification values
Translation of data and PINs in networks
SET Secure Electronic Transaction
Secure Sockets Layer (SSL)
EMV integrated circuit card specifications
ATM remote key loading
Public Key Cryptography Standard #11 (PKCS #11)
Solving your business needs with ICSF
Keeping your data private
Transporting data securely across a network
Supporting the Internet Secure Sockets Layer protocol
Transacting commerce on the Internet
Exchanging keys safely between networks
Exchanging keys using DES callable services
Exchanging DES or AES data-encrypting keys using an RSA key scheme
Creating DES or AES Keys using an ECC Diffie-Hellman key scheme
Exchanging keys and their attributes with non-CCA systems
Managing master keys using a Trusted Key Entry workstation
Integrity and Privacy
Using Personal Identification Numbers (PINs) for personal authentication
Verifying data integrity and authenticity
Using Message Authentication Codes
Generating and verifying digital signatures
Using modification detection codes and message hashing
Verifying payment card data
Maintaining continuous operations
Reducing costs by improving productivity
Improving cryptographic performance
Using RMF and SMF to monitor z/OS ICSF events
Improving performance in a CICS environment
Customizing ICSF to meet your installation's needs
Using ICSF exits to meet special needs
Creating installation-defined callable services
Using options to tailor ICSF
Isolating and protecting PR/SM partitions
Enabling growth
Protecting your investment
Application Programming Interfaces and key management
Callable services
Protecting and controlling DES keys
DES master key variant
DES transport key variant
DES key forms
Control vectors
Types of DES keys
Protecting and controlling AES keys
AES key forms
Types of AES keys
Protecting and controlling HMAC keys
HMAC key forms
HMAC keys
DES key token wrapping
Protecting and controlling PKA keys
PKA master keys
RSA private and public keys
Generating RSA keys on a Cryptographic Coprocessor Feature
Generating RSA keys on a PCICC, PCIXCC, CEX2C, or CEX3C
ECC private and public keys
DSA private and public keys
Exchanging encrypted keys and PINs on a DES system
Exchanging RSA-encrypted data keys
Using multiple DES encipherment to protect keys and data
Running in special secure mode
Cryptographic Key Data Set (CKDS)
Dynamic CKDS update callable services
Sysplex-wide consistency of CKDS
Restrictions
PKA Cryptographic Key Data Set (PKDS)
Restrictions
Dynamic PKDS update callable services
Sysplex-wide consistency of PKDS
Key Generator Utility Program and key generate callable service
ANSI X9.17 key management callable services
Composing and decomposing SET blocks
Exchanging Secure Sockets Layer session key seed
Enhanced key management for Crypto Assist instructions
Encrypted key support for Crypto Assist instructions
PKCS #11
Tokens
Token Data Set (TKDS)
PKCS #11 and FIPS 140-2
Using ICSF with other cryptographic products
Using IBM’s Common Cryptographic Architecture
Coexisting with other IBM cryptographic products
Running PCF applications under ICSF
Running 4753-HSP applications under ICSF
Managing keys with the Distributed Key Management System (DKMS)
Encrypting and decrypting information from other products
Encryption facility
What is encryption facility?
Features available with encryption facility
Virtual Telecommunications Access Method (VTAM) session-level encryption
Access Method Services Cryptographic Option
Using ICSF with BSAFE
Planning for the Integrated Cryptographic Service Facility
System requirements
z/OS ICSF FMIDs
Migration information
Cryptographic hardware features
Crypto Express3 Feature (CEX3C or CEX3A)
Crypto Express2 Feature (CEX2C or CEX2A)
PCI X Cryptographic Coprocessor (PCIXCC)
CP Assist for Cryptographic Functions (CPACF)
PCI Cryptographic Accelerator (PCICA)
Cryptographic Coprocessor Feature (CCF)
PCI Cryptographic Coprocessor (PCICC)
Performance considerations
Servers
IBM zEnterprise 196 (z196)
IBM System z10 Enterprise Class and IBM System z10 Business Class (z10 BC)
IBM System z9 Business Class (z9 BC)
IBM System z9 Enterprise Class (z9 EC)
IBM eServer zSeries 990 (z990)
IBM eServer zSeries 890 (z890)
IBM eServer zSeries 900 (z900) — Feature Code 800
IBM eServer zSeries 800 (z800) — Feature Code 800
Configurations by server
Configuring the IBM eServer zSeries 990, IBM eServer zSeries 890, z9 EC, z9 BC, z10 EC, z10 BC, and z196
Configuring the IBM eServer zSeries 900
Single image mode
Logical Partition (LPAR) mode
Hardware features by server
Security
Operating considerations
ICSF initialization options
Effect of multiple records on performance
LPAR considerations
Link Pack Area (LPA) considerations
Appendix A. Standards
Appendix B. Summary of callable service support by hardware configuration
Glossary
Index
Copyright IBM Corporation 1990, 2014