Yorktown Heights, N.Y. - 02 Dec 1998: . . . IBM today announced that a key product for enabling secure e-business transactions earned the highest certification for commercial security ever awarded by the U.S. government. The product, an IBM cryptographic coprocessor, is the first product to ever achieve this level of certification, known as the Federal Information Processing Standard (FIPS) 140-1 Level 4.
The IBM 4758 PCI Cryptographic Coprocessor provides a tamper-sensing and tamper-responding environment in which to run sensitive applications. Upon detection of physical attack, including penetration, radiation, voltage, excessive cold or heat, the device is "zeroized'' and the sensitive information erased.
"The type of data that the IBM 4758 protects is often worth millions of dollars or is even priceless to our customers,'' explained Jeff Jaffe, general manager for IBM eNetwork Software and Security. ``The highest level of security is absolutely imperative for these sensitive processes.''
The coprocessor, a programmable PCI card, offloads computationally-intensive cryptographic processes from the hosting server, and performs sensitive tasks unsuitable for less secure general-purpose computers. The device contains hardware accelerators for cryptographic operations, and the accompanying software has strong security features, yet is still fully programmable. It runs on a range of IBM and non-IBM platforms, including IBM's RS/6000 and Netfinity servers. Supporting software is available for IBM's AIX and OS/2 operating systems, as well as Windows NT.
The FIPS 140-1 standard is used to qualify cryptographic module security so users can determine that a product meets their requirements. FIPS certification is recognized and supported by both the U.S. National Institute of Standards and Technology (NIST) and the Canadian Communications Security Establishment (CSE). To date, no other product from any company has achieved an overall Level 4 validation. At Level 4, an independent laboratory is permitted to attempt virtually any physical attack on the product and must also verify a formal mathematical analysis of the software. Only a few devices have received even an overall rating of Level 3, in which the attack scenarios are limited, and the software is not formally analyzed.
"We've developed a fast, flexible, incredibly secure means to process data, keys and algorithms -- a crucial part of any e-business, with applications in banking, finance, insurance, communications, entertainment, and other areas,'' said Elaine Palmer, who led the 4758 development and validation team. ``This device can be used in a variety of ways -- to serve as an electronic checkbook for large corporations; to encrypt or digitally sign financial transactions; to generate timestamps and digital signatures on bids for government contracts; or to protect software and data in electronic metering devices. Entertainment companies currently use it to encrypt and decrypt digital masters of their programs, as well.''
The IBM 4758 Cryptographic Coprocessor was thoroughly evaluated by InfoGard Laboratories, a government-accredited independent laboratory in San Luis Obispo, CA. FIPS 140-1 evaluation consists of a rigorous battery of tests in 11 different areas of security. In receiving a Level 4 validation, the IBM 4758 hardware and its security configuration software received the highest possible rating in each and every one of the 11 areas.
The IBM 4758 performs numerically intensive cryptographic operations, with hardware accelerators for Data Encryption Standard (DES) and public key algorithms. The hardware, a Type-3 PCI card, also contains a 486-compatible microprocessor, a hardware random number generator, a time-of-day clock, battery backed memory, flash and volatile memory, all within a tamper-detecting and tamper-responding enclosure.
IBM creates, develops and manufactures the industry's most advanced information technologies, including computer systems, software, networking systems, storage devices and microelectronics. With headquarters in Armonk, New York, IBM maintains operations in more than 160 countries.
See www.ibm.com/security/cryptocards for more information.
For information about the FIPS 140-1 security requirements, see: http://csrc.nist.gov/cryptval/#140-1
For a list of all FIPS 140-1 validated modules, see: http://csrc.nist.gov/cryptval/140-1/1401val.htm
# # #
Engineering & Technology Services, OEM, microelectronics
Chemistry, computer science, electrical engineering, materials and mathematical sciences, physics and services science