My interpretation was based on the ICSF doc. The ICSF SPG (SC14-7507-04) says on p. 113:
Open cryptographic servers are separate, standalone devices that perform geography-specific cryptography. They are marketed and serviced by third party vendors. Currently, the only geography-specific cryptography supported by these devices is the Chinese SMx family of algorithms. The devices are secure key hardware security modules (HSMs) that operate similar to IBM's PKCS #11 secure coprocessors (CEXnP). Secure keys are stored in the TKDS and are protected by the open cryptography server master key (OCS-MK). and on p. 49 you define these devices to ICSF in the Options dataset via the REMOTEDEVICE statement: REMOTEDEVICE(index-number, ip-addr-or-hostname, port-number, number-sockets) The fact that this is referenced by an ip-addr-or-hostname made me think that it was an IP connected device. Other vendors provide devices that can be IP connected to System z and I thought IBM might be embracing a similar technique to support this family of algorithms. But you may be right, IBM might be expanding what can be installed in the I/O cage using PCIe. Greg Boyd Mainframe Crypto www.mainframecrypto.com P.S. It's been awhile since I posted and now 'Quote Original Message' is adding hex instead of the actual text. It looks like I've got another 'todo' today, to figure out what's going on with that. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
