IBM 4769
   HOME

TheInfoList



OR:

The IBM 4769 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which
data processing Data processing is the collection and manipulation of digital data to produce meaningful information. Data processing is a form of ''information processing'', which is the modification (processing) of information in any manner detectable by an ...
and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format. The IBM 4769 is designed to meet FIPS PUB 140-2 Level 4, the highest level of certification achievable for commercial cryptographic devices. The 4769 is part of IBM's pervasive encryption and enterprise security schemes. The IBM 4769 data sheet describes the coprocessor in detail. IBM supplies two cryptographic-system implementations: * The PKCS#11 implementation, called IBM Enterprise PKCS11 (EP11), creates a high-security solution for application programs developed for this industry-standard API. * The IBM Common Cryptographic Architecture (CCA) implementation provides many functions of special interest in the finance industry, extensive support for distributed key management, and a base on which custom processing and cryptographic functions can be added. Applications may include financial PIN transactions, bank-to-clearing-house transactions, EMV transactions for integrated circuit (chip) based credit cards, and general-purpose cryptographic applications using
symmetric key algorithms Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...
, hashing algorithms, and public key algorithms. The operational keys (symmetric or asymmetric private (RSA or Elliptic Curve)) are generated in the coprocessor and are then saved either in a keystore file or in application memory, encrypted under the master key of that coprocessor. Any coprocessor with an identical master key can use those keys. See elliptic curve cryptography (ECC) for more information about ECC. New hardware in the 4769 adds support to accelerate the Elliptic Curves 25519 and Ed448, as well as the format preserving encryption (FPE) algorithms FF1, FF2, FF2.1, FF3, and FF3.1. IBM supports the 4769 on certain IBM Z mainframes as Crypto Express7S (CEX7S) - feature codes 0898 and 0899. The 4769 / CEX7S is part of IBM's support for pervasive encryption and drive to encrypt all data.


References

{{Reflist


External links

General overview of cryptography: https://www.garykessler.net/library/crypto.html These links point to various relevant cryptographic standards. ISO 13491 - Secure Cryptographic Devices: https://www.iso.org/standard/61137.html ISO 9564 - PIN security: https://www.iso.org/standard/68669.html ANSI X9.24 Part 1: Key Management using Symmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-1-2017 ANSI X9.24 Part 2: Key Management using Asymmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-2-2016 FIPS 140-2: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf Payment Card Industry (PCI) PIN Transaction Security (PTS): Hardware Security Module (HSM) Modular Security Requirements: search this site: https://www.pcisecuritystandards.org/document_library Cryptographic hardware Banking technology 4768 IBM hardware