HOME

TheInfoList



Click Here for Items Related To - IBM 4765
OR:
IBM 4765 on:   [Wikipedia]   [Google]   [Amazon]

The IBM 4765 PCIe Cryptographic Coprocessor is a
hardware security module A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptograp ...
(HSM) that includes a
secure cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike crypt ...
implemented on a high-security, tamper resistant, programmable
PCIe PCI Express (Peripheral Component Interconnect Express), officially abbreviated as PCIe or PCI-e, is a high-speed serial computer expansion bus standard, designed to replace the older PCI, PCI-X and AGP bus standards. It is the common mo ...
board. Specialized cryptographic electronics,
microprocessor A microprocessor is a computer processor where the data processing logic and control is included on a single integrated circuit, or a small number of integrated circuits. The microprocessor contains the arithmetic, logic, and control circu ...
,
memory Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembered, ...
, and
random number generator Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols that cannot be reasonably predicted better than by random chance is generated. This means that the particular out ...
housed within a tamper-responding environment provide a highly secure subsystem in which
data processing Data processing is the collection and manipulation of digital data to produce meaningful information. Data processing is a form of ''information processing'', which is the modification (processing) of information in any manner detectable by an ...
and
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
can be performed. The IBM 4765 is validated to FIPS PUB 140-2 Level 4, the highest level of certification achievable for commercial cryptographic devices. The IBM 4765 data sheet describes the coprocessor in detail. IBM supplies two cryptographic-system implementations: * The PKCS#11 implementation creates a high-security solution for application programs developed for this industry-standard API. * The IBM Common Cryptographic Architecture (CCA) implementation provides many functions of special interest in the finance industry, extensive support for distributed key management, and a base on which custom processing and cryptographic functions can be added. Toolkits for custom application development are also available. Applications may include financial PIN transactions, bank-to-clearing-house transactions, EMV transactions for integrated circuit (chip) based credit cards, and general-purpose cryptographic applications using
symmetric key Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...
algorithms,
hashing Hash, hashes, hash mark, or hashing may refer to: Substances * Hash (food), a coarse mixture of ingredients * Hash, a nickname for hashish, a cannabis product Hash mark *Hash mark (sports), a marking on hockey rinks and gridiron football field ...
algorithms, and
public key algorithm Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
s. The operational keys (symmetric or RSA private) are generated in the coprocessor and are then saved either in a keystore file or in application memory, encrypted under the master key of that coprocessor. Any coprocessor with an identical master key can use those keys.


Supported systems

IBM supports the 4765 on
IBM Z IBM Z is a family name used by IBM for all of its z/Architecture mainframe computers. In July 2017, with another generation of products, the official family was changed to IBM Z from IBM z Systems; the IBM Z family now includes the newest mo ...
, IBM POWER Systems, and IBM-approved x86 servers (
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
or
Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
). * IBM Z: Crypto Express4S (CEX4S) / Crypto Express3C (CEX3C) - feature code 0865 * IBM POWER systems: feature codes EJ27, EJ28, and EJ29 * x86: Machine type-model 4765-001


History

As of May 2011, the IBM 4765 superseded the
IBM 4764 The IBM 4764 Cryptographic Coprocessor is a secure cryptoprocessor that performs cryptographic operations used by application programs and by communications such as SSL private key transactions associated with SSL digital certificates. Details E ...
that was discontinued. The IBM 4765 has been discontinued on all platforms. The successor to the 4765, the IBM 4767, was introduced on each of the IBM server platforms: * IBM Z, where it is called the Crypto Express5S and is available as feature code 0890 * IBM POWER systems, where it is available as feature codes EJ32 / EJ33 * x86 servers, where it is called the 4767-002


References

{{reflist


External links

These links point to various relevant cryptographic standards. * ISO 13491 - Secure Cryptographic Devices: https://www.iso.org/standard/61137.html * ISO 9564 - PIN security: https://www.iso.org/standard/68669.html * ANSI X9.24 Part 1: Key Management using Symmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-1-2017 * ANSI X9.24 Part 2: Key Management using Asymmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-2-2016 * FIPS 140-2: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf Cryptographic hardware 4765