CryptoCards

Security demands a variety of cryptographic solutions. The IBM Systems offer multiple products to address your cryptographic needs.

The IBM PCIe Cryptographic Coprocessor (CEX3C/4765):

The PCIe Cryptographic Coprocessor (PCIeCC) is new in 2010. It provides a replacement on PCIe architectures for the PCIXCC. The PCIeCC, in addition to the functions available on the PCIXCC, provides support for the following functions:

• Elliptic Curve Cryptography (ECC) key generation, along with digital signature generation and verification using the Elliptic Curve Digital Signature Algorithm (ECDSA).
• MAC generation and verification using HMAC that is based on FIPS PUB 198-1, The Keyed-Hash Message Authentication Code (HMAC).
• A second key-wrapping method for DES keys. This method is a more secure version of the Triple-DES ECB mode currently used by CCA and complies with current cryptographic standards that require key bundling.
• Enhanced PIN security based on ANSI X9.8 restriction capabilities.

The IBM PCI-X Cryptographic Coprocessor (PCIXCC):

The PCI-X Cryptographic Coprocessor was introduced with the IBM Systems zSeries 990 servers. It provides a replacement for both the PCICC and the CMOS Cryptographic Coprocessor Facility (CCF). The PCIXCC supports highly secure cryptographic functions, use of secure encrypted key values and user-defined extensions.

Note: On May 24, 2011, IBM announced that the IBM 4764-001 Cryptographic Coprocessor on System x and its associated feature code 1008 (battery-replacement kit) will be withdrawn from marketing effective December 31, 2011 (IBM United States Withdrawal Announcement 911-129).

The IBM e-business Cryptographic Accelerator (PCICA) (withdrawn from marketing):

Secure Web transactions frequently employ the Secure Socket Layer (SSL) protocol. The IBM e-business PCI Cryptographic Accelerator board offloads your server from compute-intensive public-key cryptographic operations employed in the protocol. This cost-effective solution often enables significantly greater server throughput.

Note: The PCICA was available for iSeries, pSeries, and zSeries machines. Effective January 28, 2005, IBM withdrew it from marketing.

The IBM 4758 PCI Cryptographic Coprocessor (withdrawn from marketing):

The IBM 4758 PCI Cryptographic Coprocessor is a high security, programmable PCI board. Specialized cryptographic electronics, micro-processor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed.

Note: The IBM 4758 PCI Cryptographic Coprocessor was available for iSeries, pSeries and xSeries machines, older zSeries servers, and in general for Intel-based machines running Windows 2000. Effective March 31, 2005, IBM withdrew it from marketing.

The IBM CP Assist for Cryptographic Function (CPACF):

New with the IBM Systems zSeries 990 servers, the standard CP Assist for Cryptographic Function feature provides hardware acceleration for DES, TDES, MAC, and SHA-1 cryptographic services. Cryptographic keys must be protected by your application system, as required.

The IBM Cryptographic Coprocessor Facility (CCF):

IBM zSeries servers, except the zSeries 990, offer a Common Cryptographic Facility feature providing high-performance for DES, Triple-DES, RSA, and various finance-industry-specific cryptographic services. FIPS 140 level 4 certification of the hardware attests to the strength of cryptographic security.