TKE is definitely more secure than the TSO panels. Furthermore, standards that are mandatory for some applications (particularly banking) make the TSO approach unacceptable. Those standards say that you are not allowed to have any cleartext key parts pass through any unprotected general-purpose computer. Since the hardware and software in your general purpose computer is much less secure than the HSM (crypto card) that you are installing keys into, that computer is an easier attack target. The assumption is that smart and capable attackers will capture the key parts as they travel through your mainframe, where they are unprotected, and thus they will not have to find a way to attack the secure HSM itself. In many cases, even the terminal you use to enter the key parts can be easy to attack - for example, keystroke loggers.
TKE solves this by using very secure cryptographic protocols for all communications over any unprotected medium. For example, there is strong authentication of the TKE user, and then key parts are strongly encrypted all the way from the crypto module in the TKE workstation to the HSM itself in the mainframe. There is no point where it can be attacked. At the TKE workstation, if you use the optional smart card support, the key parts are entered on the keypad of the smart card reader which is secure, unlike the keyboard on a PC. Note that TKE performs cryptography using its own crypto card (with a special version of the CCA firmware) - something that obviously isn't in an HMC. While I understand why some people think the HMC might be a good place for key loading functions, it does not have the necessary security - for example the embedded crypto card that prevents any cleartext or otherwise sensitive data from passing through the HMC computer or across the network it's connected to. Furthermore, many people want their key management machine locked in a controlled room, while their HMC would not be restricted to the people who need to do key management functions. The question is really what level of security is appropriate (or required) in your particular application. There is no question that TKE is much more secure, but for many people the TSO panels are perfectly acceptable. Todd Arnold Senior Technical Staff Member (STSM) IBM Cryptographic Coprocessor Development ([email protected]) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
