When you use the CCA API, the characteristics of your host application program will affect performance and throughput of the 4758-002 and 4758-023. There are two areas you should understand in order to evaluate performance, and design your application to obtain the best performance from the 4758 coprocessor.

Multi-threading and multi-processing
The CCA application running inside the 4758 models 002 and 023 can process several CCA requests simultaneously. The coprocessor contains several independent hardware elements, such as the RSA engine, DES engine, CPU, random number generator, and PCI communications interface. These can all be working at the same time, processing parts of different CCA verbs. By working on several verbs at the same time, the 4758 can keep all of its hardware elements busy, maximizing the overall system throughput.

In order to take advantage of this capability, your host system must send multiple CCA requests to the 4758 without waiting for each one to finish before sending the next one. The best way to accomplish this is to design a multi-threaded host application program, in which each thread can independently send CCA requests to the 4758. For example, a web server can start a new thread for each request it receives over the network. Each of these threads will send the required cryptographic requests to the 4758, independent of what the other threads are doing. By doing this, you guarantee that the 4758 is not underutilized. Another option is to have several independent host application programs all using the 4758 at the same time.

Your programs do not have to worry about overloading the 4758. It automatically manages the flow of incoming requests.

Caching DES and RSA keys
The 4758 models 002 and 023 keep copies of recently-used DES and RSA keys in caches, inside the secure module. The keys are stored in a form that has been decrypted and validated, and is ready for use. If the same key is reused in a later CCA request, the 4758 can use the cached copy and avoid the overhead associated with decrypting and validating the key token. In addition, for Retained RSA keys, the cache eliminates the overhead of retrieving the key from the internal Flash EPROM memory.

As a result, applications that reuse a common set of keys can run much faster than those which use different keys for each transaction. Most common applications use a common set of DES keys and RSA private keys, and the caching is very effective in improving throughput. RSA public keys, which have very little processing overhead, are not cached.