This paper reviews the objectives of the Enterprise Systems Architecture/390 (ESA/390) Integrated Cryptographic Facility. It presents the cryptographic key-management scheme, summarizes key elements and unique characteristics of the facility, and describes the physical security provided by the first ESA/390 implementation.
--Authors’ Preface
The ESA/390 Integrated Cryptographic Facility (ICRF) is a CPU-integrated implementation of cryptographic operations based on the data encryption algorithm (DEA). This IBM product was designed to support key encryption and security on System/390 machines. The ICRF is intended to support applications requiring data secrecy, message authentication, PIN verification, PIN translation, message translation, and key management.
While the purpose of this paper is to provide an overview, the authors manage to educate as well as inform. They describe the design and implementation of the ICRF within a presentation of basic cryptographic concepts. The reader is told not only how but why a particular implementation was chosen. The authors go into detail to familiarize the reader with the capabilities of the ICRF. The paper is well structured, which helps the reader digest its technical content.
Overall, this paper is well written. Readers with backgrounds in computer science or electrical engineering would derive the most benefit from reading it, although the presentation is clear enough for a nontechnical audience as well. The references cited are appropriate and useful.