> I am having difficulty understand how much less secure protected key > is from the secure key.
I agree with the comments about this. The real issue is conforming with the very strict requirements written in to banking standards such as ANSI, ISO, or PCI. Basically, they do not approve any implementation that is not inside secure, tamper-detecting hardware that clears all keys and other secrets immediately if anyone attempts to tamper with it. Obviously, the hardware and low-level firmware in the System z processor do not have that kind of secure packaging, whereas the Crypto Express cards to have it. However, the Protected Key implementation keeps all keys and other sensitive information completely protected from access by any user, application program, O/S code, etc - so it is indeed very, very secure. I always recommend Protected Key when it has the required functions and where it's being used for something where your auditor won't say "no" - and in those cases, you have to use the Crypto Express. Protected Key is an incredibly fast solution that really does have very good security. Todd Arnold ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
