6.6.1 Transaction Security System
Figure 78. Transaction Security System
Key Points
The Transaction Security System provides a product family consisting of:
The IBM 4755 Cryptographic Adapter is available for the personal computer
(ISA-Bus, MCA-Bus) and RISC/6000 (MCA).
The IBM Personal Security Card is a credit-card sized “smart card” that
contains computer, memory and communication circuits in a single chip. DES
or CDMF is implemented on the Personal Security Card.
The IBM 4754 Security Interface Unit provides a Personal Security Card
reader and a 12 key keypad as an input/output device.
The IBM 2620 and 2628 Cryptographic Processors are AS/400 I/O processors
that use the cryptographic adapter.
The 4753 Network Security Processor is a channel-connected
cryptographic-processing I/O unit that uses the cryptographic adapter.
Multiple processors can be connected to a host system that uses the MVS
operating system.
Chapter 6. Cryptographic Security 163
Presentation Script
The IBM Transaction Security System products provide comprehensive support
for DES-based and RSA public-key-based cryptographic processing. The
hardware products feature tamper-resistant mechanical and electrical designs
that are combined with a sophisticated set of access controls. Together, these
products create a secure subsystem.
The Transaction Security System products are supported in major computing
environments where application and system programs access the hardware
services through a programming interface that is common across the
environments. The cryptographic services are consistent with the IBM Common
Cryptographic Architecture. The software support consists of access methods
and utility programs that help set up the system and perform basic
cryptographic key-management functions.
Workstation Products
The following hardware products can be used in many personal computers and
Reduced Instruction-Set Computer System/6000 (RISC System/6000)
workstations:
IBM 4755 Cryptographic Adapter
IBM Personal Security Card
IBM 4754 Security Interface Unit
Signature Verification feature.
The following software products can be used, depending on the operating
environment:
IBM Workstation Security Services Program
IBM Advanced Interactive Executive Security Services Program/6000
IBM 4755 Cryptographic Adapter
Several models of the cryptograhic adapter are available that support a broad
range of DES, CDMF, and RSA public-key cryptographic processes. These
cryptographic processes are performed within a highly secure module that is
mounted on the adapter. The adapter can be used in the disk operating system
(DOS), Operating System/2 (OS/2), and AIX/6000 environments. Different models
of the adapter support the ISA and Microchannel bus architectures.
The adapter performs many different cryptographic processes designed to
enable application programs to support various cryptographic standards. In
addition, the adapter supports the performance of custom-designed
cryptographic processes to support unique cryptographic applications.
IBM Personal Security Card
This credit-card sized “smart card,” the Personal Security card, contains a
computer, memory, and communication circuits in a single chip mounted behind
the interface contacts on the surface of the card. The computer performs
DES-based cryptographic processing, provides secure portable data storage for
over 4000 bytes of access-controlled data, and provides access controls that
authorize unique functions for up to four users. This credit-card sized “smart
card” is used with the security interface unit and other readers that support its
communications protocols. The Personal Security Card conforms to basic
international smart card standards.
164 Security P-Guide

Get Enterprise-Wide Security Architecture and Solutions Presentation Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.