which is designed to meet FIPS 140-2 Level 4 security requirements. This new cryptographic card offers
the security and performance required to support e-Business and emerging digital signature applications.
For banking and finance applications the 4764 Cryptographic Coprocessor delivers improved
performance for T-DES, RSA, and financial PIN processing. IBM CCA (Common Cryptographic
Architecture) APIs are provided to enable finance and other specialized applications to access the services
of the coprocessor. For banking and finance applications the 4764 Coprocessor is a replacement for the
4758-023 Cryptographic Coprocessor (feature code 4801).
The 4764 Cryptographic Coprocessor can also be used to improve the performance of
high-transaction-rate secure applications that use the SSL and TLS protocols. These protocols are used
between server and client applications over a public network like the Internet, when private information is
being transmitted in the case of Consumer-to-Business transactions (for example, a web transaction with
payment information containing credit card numbers) or Business-to-Business transactions. SSL/TLS is
the predominant method for securing web transactions. Establishing SSL/TLS secure web connections
requires very compute intensive cryptographic processing. The 4764 Cryptographic Coprocessor
off-loads cryptographic RSA processing associated with the establishment of a SSL/TLS session, thus
freeing the server for other processing. For cryptographic accelerator applications the 4764 Cryptographic
Coprocessor is a replacement for the 2058 Cryptographic Accelerator (feature code 4805).
Cryptographic performance is an important aspect of capacity planning, particularly for applications using
SSL/TLS network communications. Besides host processing capacity, the impact of one or more
Cryptographic Coprocessors must be considered. Adding a Cryptographic Coprocessor to your
environment can often be more beneficial then adding a CPU. The information in this chapter may be
used to assist in capacity planning for this complex environment.
Measurement Results
The following three tables display the cryptographic test cases that use the Common Cryptographic
Architecture (CCA) interface to measure transactions per second for a variety of 4764 Cryptographic
Coprocessor functions.
Notes:
y
See section 8.2 for Test Environment information
y
AES is not supported by the IBM 4764 Cryptographic Coprocessor
n/a
462
100
2048
10
RSA
n/a
1,044
100
1024
10
RSA
n/a
307
100
2048
1
RSA
n/a
796
100
1024
1
RSA
8,035,164
123
65536
112
10
Triple DES
1,045,535
1,021
1024
112
10
Triple DES
7,191,327
110
65536
112
1
Triple DES
1,025,798
1,002
1024
112
1
Triple DES
1,078,458
1,053
1024
56
10
DES
1,050,283
1,026
1024
56
1
DES
4764
(Bytes/second)
4764
(Transactions/second)
Transaction Length
(Bytes)
Key Length
(Bits)
Threads
Encryption
Algorithm
Cipher Encrypt Performance
CCA CSP
Table 8.4
IBM i 6.1 Performance Capabilities Reference - January/April/October 2008
©
Copyright IBM Corp. 2008
Chapter 8 Cryptography Performance
146