IBM®
Skip to main content
    Country/region [select]      Terms of use
 
 
   
     Home      Products      Services & industry solutions      Support & downloads      My IBM     
Security
Cryptocards
PCI-X Cryptographic Coprocessor
PCI Cryptographic Accelerator
PCI Cryptographic Coprocessor
Product Summary
Library
Order
Support
Related Links
Warranty info

IBM PCI Cryptographic Coprocessor
Highlights of Release 2.42 for CCA (AIX: 2.4.2.0; Windows: 2.42)

Release 2.42 is available for download by all customers who use the IBM 4758 Model 002 or 023, or pSeries features #4958 or #4963. Release 2.42 provides fixes for problems in Release 2.41 and earlier Releases 2.x (when upgraded as described below). It does not provide any new CCA functions.

You must install the full Release 2.41 package before applying the changes in Release 2.42. Release 2.42 only contains the CCA files that have been updated, and is not a full, standalone package.

Release 2.42 contains two changes that may affect your application programs.

  • The Encrypted_PIN_Verify (CSNBPVR) verb returned an incorrect return code and reason code with the VISAPVV4 calculation method, if the PIN length was not exactly four digits. The verb previously returned 16/336. It has been changed to return 4/19, indicating that the PIN is not correct.
  • A problem with caching of DES keys has been fixed. See the information below for details on this problem and how it might affect you.

Details on the DES key cache problem

DESCRIPTION: During IBM internal testing, a problem was uncovered in how IBM’s 4758 Common Cryptographic Architecture (CCA) handles its Data Encryption Standard (DES) key cache during normal operations. While this problem has an extremely low probability of occurrence, if encountered, it could potentially result in the undetected loss of data.

BACKGROUND: DES keys are cached in the 4758 to enhance performance. As a result of the caching implementation, if a new DES key is generated which has an encrypted value (the first, second, and/or third eight byte part of the DES key) which is identical to the encrypted value of the same part of a prior DES key which is still stored in cache, then the incorrect DES key may be used to encipher or decipher data. Because the encrypted value of the DES key depends on the key value, the control vector and the master key used to encrypt the DES key, the probability of encountering this problem is extremely low. The likelihood of encountering such a problem is further reduced by use of random keys and by the fact that master keys are typically changed on an infrequent basis.

RECOMMENDED ACTIONS: Immediate installation and application of the 2.42 update is recommended to avoid the problem. Note that you must first install Release 2.41, if you have not already done so.

ADDITIONAL CONSIDERATIONS: This problem also affects IBM’s 4758 on the iSeries platform (feature code 4801 and 4802) and zSeries platform (PCICC feature Code 0860 on G5/6 9672, FC 0861 on z800/900 and PCIXCC feature code 0868 on z990). If you use these features, contact your IBM service representative to obtain the fixes for this problem.

If you have any additional questions, please click here.

See Release 2.41 for enhancements in the earlier release.



    About IBM      Privacy      Contact