IBM 4764 PCI-X Cryptographic Coprocessor

Features

• Cryptographic support via the IBM Common Cryptographic Architecture (CCA) API supporting:
• AES, DES, and triple-DES data confidentiality
• DES and triple-DES message authentication including ISO 16609 CBC mode triple-DES support
• RSA digital signatures with keys up to 4096 bits
• SHA-1, SHA-224, SHA-256, MD5, RIPEMD-160, MDC-2 and MDC-4 hashing
• AES, DES, and RSA key management, RSA keys to 4096 bit-length
• SET™ (Secure Electronic Transaction LLC) services
• Key diversification for smart card applications
• EMV secure key and PIN messaging services
• Finance-industry PIN processing and related services, including ANSI X9.24 Derived Unique Key Per Transaction (DUKPT) support using single-length and double-length keys
• Custom extensions using the UDX toolkit
• ATM remote key loading
• Supported on IBM System x™ servers on the IBM ServerProven™ list with the following operating systems:
• Microsoft® Windows® Server 2003, Standard Edition, 32-bit
• Novell® SUSE® Linux Enterprise Server 9 (SLES 9), 32-bit
• Novell SUSE Linux Enterprise Server 10 (SLES 10), 32-bit (Release 3.30.04 or later)
• Red Hat Enterprise Linux (RHEL) 5.2, Server Edition, 32-bit (Release 3.30.05 or later)
• Application development with a common API for IBM AIX®, IBM i5/OS®, IBM z/OS®, IBM OS/390®, RHEL 5.2, SLES 9, SLES 10, and Windows Server 2003.
• Note: Integrated implementations are available for:
• IBM AIX (System p™)
• See the System p Web site for information on products and features for AIX and Linux.
• IBM i5/OS (System i™)
• See the System i Web site for information on products and features for IBM Power™ Systems including AS/400®, iSeries®, and System i
• For specific information on how to install, set up, and use the IBM PCI-X Cryptographic Coprocessor on System i, refer to the IBM System i and i5/OS Information Center
• IBM z/OS and OS/390, and Linux on System z9 (System z™)
• See the System z Web site for general information on IBM mainframe security functions and features

Description

The IBM CCA Support Program (known as ICSF on System z) provides a comprehensive, integrated family of services that employs the major capabilities of the IBM coprocessors.

CCA provides the usual AES, DES, and RSA functions for data confidentiality and data integrity support. In addition, CCA features extensive support for distributed key management and many functions of special interest to the finance industry. Other changes and extensions to the Support Program are described in the "Revision history" section of the CCA Basic Services Reference and Guide. The CCA software has been independently reviewed and certified by the German ZKA industry organization for use in specific finance systems. Also, IBM believes the CCA software can be operated compliant with the intent of the FIPS 140-2 cryptographic module standard. Capabilities include:

• ATM remote key loading is a method of secured transport of DES keys from a Tamper Resistant Security Module (TRSM) to an ATM or other remote device using asymmetric techniques.
• Cryptographic-quality random-number generation using the coprocessor hardware to seed a FIPS PUB 140-2 compliant random number generator.
• Secure import and export of DES keys encrypted using either RSA or triple-DES along with the CCA control vector key-typing technique and carefully architected key management operations enables a strong, distributed key management implementation.
• Secure import and export of AES keys using RSA.
• Local keys securely held in one of two ways:
• A modest number of RSA private keys can be retained within the secure coprocessor.
• An unlimited number of DES keys and RSA private keys can be held external to the coprocessor encrypted (wrapped) by the triple-length DES master key along with an unlimited number of AES keys wrapped by the 256-bit AES master key. The master keys are secured within the coprocessor.

The DES and RSA master keys can be randomly generated within the coprocessor and they can also be cloned, while an AES master key currently cannot. Each of the AES, DES, and RSA master keys can be inserted in parts by two or more trusted individuals. Active DES and RSA master keys can be securely cloned to additional coprocessor cards using an m-of-n secret splitting technique. See "Cloning of a DES or RSA master key" below for more information.

• Protection of keys is assured through triple-DES encryption, AES encryption, or retention of the keys within the coprocessor's secure module. Generation options permit the secure storage of valuable RSA keys at a single node or backing them up on additional node(s). With the CCA architecture and its control vector technology, you can enable extensive control of key usage in distributed cryptographic systems. Approximately 75 to 150 coprocessor-generated RSA private keys can be retained within the secure coprocessor to guarantee that the value of the key cannot be disclosed or transported to another site. With the CCA master key architecture, an unlimited number of AES, DES, and RSA keys can be securely held external to the coprocessor. Externally stored keys can be managed either by CCA or by application programs.
• Cloning of a DES or RSA master key enables back-up and/or redundant coprocessors to process the same master-key-encrypted local keys. Master-key cloning operates with the access control system ensuring a secure, controlled process through a cryptographically protected m-of-n key-shares design. Note: Cloning of AES mater keys is currently not supported.
• SET services support e-Commerce applications in merchant and acquirer credit card transaction processing.
• ATM and POS PIN-processing is supported through six services. PIN generation and verification services support several popular PIN-generation algorithms including customer-selected PIN options. A variety of PIN-block formats are processed with support for secure re-encryption and re-formatting of PIN blocks. ANSI X9.24 Derived Unique Key Per Transaction (DUKPT) PIN block encryption is supported, using both single-length and double-length keys. Additional services support the card verification value/card validation code/card security code (CVV/CVC/CSC) processes for the protection of card transactions.
• Digital signature generation and validation using RSA supports several different hash-formatting methods including ISO-9796 and PKCS #1 standards. Support of the SHA-1, SHA-224, SHA-256 and MD5 algorithms is provided. The modular-exponentiation hardware engine supports keys up to 4096 bits in length. Using the CCA services and the FIPS 140-2 certified hardware, you have a high-security, flexible base on which to implement PKI solutions.
• DES and triple-DES data encryption/decryption supports CBC and ANSI X9.23 "last block" padding rules.
• Message Authentication Code (MAC) generation is supported using the DES algorithm and rules defined in the ANSI X9.9-1 and the ANSI X9.19 algorithms for single- and double-length keys. ISO-16609 CBC Mode TDES MAC is also supported. In multi-node systems, you can use the CCA control vector architecture to prevent the MAC receiver from generating a fraudulent MAC code.
• Derived key support is available for dynamically creating DES keys from a key generating key in support of protocols such as used with EMV smart cards. Through use of the UDX toolkit, you or your software vendor can extend CCA to support the many special derived-key operations needed in modern smart card systems.
• EMV™ (EMVCo LLC) Secure Messaging is supported with functions that create secure messages to send keys and PINs to EMV smart cards.
• Custom programming of the coprocessor is supported through services offered by IBM and through customer programming employing toolkits that are available on a limited basis under custom contract.

The API for the Release 3.x CCA Support Program offered with the IBM 4764 Model 1 is quite similar to CCA support on the IBM 4758 Model 2 and Model 23. Changes and extensions to the support program are described in the "Revision history" section of the CCA Basic Services Reference and Guide manual.