The IBM PCI Cryptographic Accelerator feature is designed for maximum Secure Socket Layer (SSL) acceleration rather than for specialized financial applications or for secure long-term storage of keys and secrets. As a result, it does not need the tamper responding design of the PCI Cryptographic Coprocessor (PCICC). In an IBM zSeries 900 server, the PCICA feature can support over 2000 SSL handshakes per second.

Unlike the IBM 4758 PCI Cryptographic Coprocessor, there is no microprocessor subsystem (CPU, memory, and so on). The overall operation control, including command decoding, is implemented in the hardware.

The main components of the IBM PCI Cryptographic Accelerator feature are:

• five IBM Ultra Cypher cryptographic engines that perform the following functions:
• RSA (modular exponentiation) with data key lengths up to 2048 bits
• Special RSA functions up to 2048 bits
• DES, TDES, SHA-1 and MAC functions

A controller module, random number generator, PCI interface module, serial EEPROM and an SRAM used as key storage.

The IBM PCICA has the following differences from the PCICC:

• It does not support and does not need zeroization
• No tamper detection
• It does not support User Defined Extensions

You obtain the IBM PCI Cryptographic Accelerator as an optional feature on the eServer iSeries, pSeries and zSeries servers. See information about the PCI Cryptographic Accelerator feature in the literature of each server type.