Notice of withdrawal from marketing and discontinuance from support
IBM withdrew from marketing the IBM 4758 PCI Cryptographic Coprocessor, effective March 31, 2005, and discontinued support as of March 15, 2010.
NOTE: The information below is provided for historical reference only.
IBM 4758 hardware
The IBM PCI Cryptographic Coprocessors are state-of-the-art secure subsystems that you can install in server systems to perform DES and public-key cryptography. You can also load software for highly sensitive processing, such as the minting of electronic postage, which must perform its intended function even when under the physical control of a motivated adversary.
The secure Coprocessor module is mounted on a two-thirds length PCI version 2.1 board and fits in a single slot that provides +5.0VDC +/- 15% and +12VDC +/-15% power and meets other environmental requirements as listed in chapter 2 of the General Information Manual. (3.3VDC variations of the Models 002 and 023 are also available to OEM customers and used in IBM pSeries, and IBM iSeries and IBM zSeries servers.) The sealed Coprocessor module incorporates physical penetration, power sequencing, temperature, and radiation sensors to detect physical attacks against the encapsulated subsystem. Batteries provide backup power that is active from the time of factory certification until the end of the product's useful life. Any detected tamper event results in loss of power which immediately causes the zeroization of internal secrets and the destruction of the factory certification.
The IBM 4758 Model 002 is for use with IBM xSeries and other Wintel machines. Variations of the IBM 4758 Model 002 and Model 023 are available as "PCICC" features for IBM iSeries, pSeries, and zSeries.
|FIPS 140-1 certification level||Level 4||Level 3|
|CCA Support Program version 2:||Model 002||Model 023|
|IBM xSeries||IBM 4758-002
(withdrawn November 16, 2004)
|IBM iSeries||NA||PCICC feature|
|IBM pSeries||Feature #4963||Feature #4958
|IBM zSeries||PCICC feature||NA|
|Original models, (no longer available):
CCA Support Program version 1
|Model 001||Model 013|
The models certified under FIPS PUB 140-1 level 4 use a mesh around the electronics to detect the most sophisticated physical penetration attempts. The other models certified at level 3 use a simpler penetration-detection design. Both designs zeroize all critical secret data when tamper is detected.
The IBM iSeries server features employ the Model 023 technology while the IBM pSeries and IBM zSeries server PCICC features use the Model 002 technology.
What is a secure Coprocessor...
A secure coprocessor is a general-purpose computing environment that withstands physical attacks and logical attacks. The device must run the programs that it is supposed to, unmolested. You must be able to (remotely) distinguish between the real device and application, and a clever impersonator. The Coprocessor must remain secure even if adversaries carry out destructive analysis of one or more devices.
Many servers operate in distributed environments where it is difficult or impossible to provide complete physical security for sensitive processing. And, in some applications, the motivated adversary is the end user. You need a device that you can trust even though you cannot control its environment.
Cryptography is an essential tool in secure processing. When your application must communicate with other distributed elements, or assert or ascertain the validity of data it is processing, you will find cryptography an essential tool.
The FIPS 140-1 certification declares that the IBM Coprocessor is uniquely qualified to detect attempted attacks, and to perform processing securely, including correct implementations of several commercially significant cryptographic algorithms.
FIPS PUB 140-1
FIPS PUB 140-1 is the benchmark standard for evaluating the security and proper algorithmic implementation of a commercial cryptographic product. The IBM 4758 Model 002, and the CMOS Cryptographic Coprocessor on the IBM System/390 processors, are distinguished as products certified at level 4. These independent certifications provide assurance of the security, integrity, and correctness of the cryptographic algorithms inherent in the Coprocessor designs.
FIPS 140 is unique with its emphasis on clear testing criteria for anti-tamper design validation and its focus, at levels 3 and 4, on hardware implementations. Under the supervision of the USA and Canadian Governments, independent laboratories conduct thorough analyses of the product design and actual tests of products. The test report is discussed with the governmental bodies, and when found acceptable, a certificate is issued. Issued certifications are posted to the NIST Web site .
IBM UltraCypher Engine
The IBM UltraCypher Engine chip used in the Model 002 and 023 PCI Cryptographic Coprocessors is available for incorporation in other product designs. The single chip incorporates a 2048-bit modular arithmetic engine, a DES/TDES engine, a SHA-1 engine, noise-source based random number generator, and two FIFO buffers with dual-ported switching to supply and receive data from the DES and SHA-1 engines. You can download a PDF-format specification sheet.
OEM's interested in further information can contact IBM through the Question form, or in the USA call 1-800-IBMS-OEM.