IBM has offered hardware-based cryptographic processors for its mainframe computers for nearly thirty years. Over that period, IBM has continued to update both the hardware and software, providing added features, higher performance, greater physical security, and improved management features. This commitment continues with the System z9™, as demonstrated by the two improvements described in this paper. The first part of the paper describes enhancements to the System z9 to configure and control cryptographic features. The second part describes a new method for the cryptographic coprocessors to securely manage keys which are distributed to remote devices that are not necessarily in secure or well-controlled environments
Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.