IBM 4769
   HOME

TheInfoList



Click Here for Items Related To - IBM 4769
OR:
IBM 4769 on:   [Wikipedia]   [Google]   [Amazon]

The IBM 4769 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable
PCIe PCI Express (Peripheral Component Interconnect Express), officially abbreviated as PCIe, is a high-speed standard used to connect hardware components inside computers. It is designed to replace older expansion bus standards such as Peripher ...
board. Specialized cryptographic electronics,
microprocessor A microprocessor is a computer processor (computing), processor for which the data processing logic and control is included on a single integrated circuit (IC), or a small number of ICs. The microprocessor contains the arithmetic, logic, a ...
,
memory Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembe ...
, and
random number generator Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols is generated that cannot be reasonably predicted better than by random chance. This means that the particular ou ...
housed within a tamper-responding environment provide a highly secure subsystem in which
data processing Data processing is the collection and manipulation of digital data to produce meaningful information. Data processing is a form of ''information processing'', which is the modification (processing) of information in any manner detectable by an o ...
and
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format. The IBM 4769 is designed to meet FIPS PUB 140-2 Level 4, the highest level of certification achievable for commercial cryptographic devices. The 4769 is part of IBM's pervasive encryption and enterprise security schemes. The IBM 4769 data sheet describes the coprocessor in detail. IBM supplies two cryptographic-system implementations: * The PKCS#11 implementation, called IBM Enterprise PKCS11 (EP11), creates a high-security solution for application programs developed for this industry-standard API. * The IBM Common Cryptographic Architecture (CCA) implementation provides many functions of special interest in the finance industry, extensive support for distributed key management, and a base on which custom processing and cryptographic functions can be added. Applications may include financial PIN transactions, bank-to-clearing-house transactions, EMV transactions for integrated circuit (chip) based credit cards, and general-purpose cryptographic applications using
symmetric key algorithms Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between t ...
,
hashing algorithm A hash function is any function that can be used to map data of arbitrary size to fixed-size values, though there are some hash functions that support variable-length output. The values returned by a hash function are called ''hash values'', ...
s, and
public key algorithm Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
s. The operational keys (symmetric or asymmetric private (RSA or Elliptic Curve)) are generated in the coprocessor and are then saved either in a keystore file or in application memory, encrypted under the master key of that coprocessor. Any coprocessor with an identical master key can use those keys. See
elliptic curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys to provide equivalent security, compared to cryptosystems based on modula ...
(ECC) for more information about ECC. New hardware in the 4769 adds support to accelerate the Elliptic Curves 25519 and Ed448, as well as the format preserving encryption (FPE) algorithms FF1, FF2, FF2.1, FF3, and FF3.1. IBM supports the 4769 on certain IBM Z mainframes as Crypto Express7S (CEX7S) - feature codes 0898 and 0899. The 4769 / CEX7S is part of IBM's support for pervasive encryption and drive to encrypt all data.


References

{{Reflist


External links

General overview of cryptography: https://www.garykessler.net/library/crypto.html These links point to various relevant cryptographic standards. ISO 13491 - Secure Cryptographic Devices: https://www.iso.org/standard/61137.html ISO 9564 - PIN security: https://www.iso.org/standard/68669.html ANSI X9.24 Part 1: Key Management using Symmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-1-2017 ANSI X9.24 Part 2: Key Management using Asymmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-2-2016 FIPS 140-2: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf Payment Card Industry (PCI) PIN Transaction Security (PTS): Hardware Security Module (HSM) Modular Security Requirements: search this site: https://www.pcisecuritystandards.org/document_library Cryptographic hardware Banking technology 4768 IBM hardware