Notice of withdrawal from marketing
IBM withdrew from marketing the IBM 4758 PCI Cryptographic Coprocessor, effective March 31, 2005, and discontinued support as of March 15, 2010.
NOTE: The information below is provided for historical reference only.
IBM xSeries and Intel-platform systems with IBM 4758 Coprocessors for 3.3- and 5-volt PCI buses
IBM pSeries with PCI Cryptographic Coprocessor feature #4963
IBM iSeries Features #4801 or #4802
IBM zSeries Features #0865, #0866, or #0869
A flexible solution to your high-security cryptographic and secure processing needs
FIPS PUB 140-1 Certified Electronics and Cryptographic Algorithms
The rigorous FIPS PUB 140-1 Security Requirements for Cryptographic Modules (link resides outside of ibm.com) is the benchmark standard by which cryptographic implementations are measured. The IBM 4758 Model 002 is certified at level 4, the highest certification. The Models 023, which uses a different method of detecting physical penetration attacks, is certified at level 3. The evaluations cover the encapsulated processing subsystem and its specialized cryptographic hardware, code loading, tamper detection and response mechanisms, and the cryptographic algorithms: DES, triple-DES, RSA, DSS, and SHA-1.
Coprocessor Models and Features
The IBM 4758 Models 002 and 023 replace the earlier Models 001 and 013.
IBM 4758 Models 002 and 023 operate on a 5-volt PCI bus and have two batteries to power the tamper-sensing electronics when no system power is supplied. The Coprocessors IBM supplies as features in the IBM i/p/zSeries servers have four batteries and operate on either 3.3- or 5-volt PCI buses. You can order either the 5-volt or the 3.3-volt variations of the Model 002 for use with Intel-platform systems.
The United States Bureau of Export Administration classifies both Support Programs and the Coprocessors as 'Retail Cryptographic Implementations'. Thus, IBM can export these hardware and software products to essentially all customers. (Export restrictions remain in effect for a certain few countries and organizations.)
Minting of electronic money and electronic postage are examples of critical functions that must run in a highly trustworthy environment. Using toolkits available from IBM under custom contract, you can implement your own applications for the Coprocessor, or extend IBM's CCA application. You can make a fast start on your custom application development when you extend CCA using its flexible access control system and many existing services.
IBM will issue you a unique identifier and certify your code-signing key so that you can sign your own custom Coprocessor software. You develop your software using conventional IBM or Microsoft C-language compilers and use the toolkit-provided debugging programs. You or your customers can then load Coprocessor software in a normal server environment. Using the PKI-based outbound authentication capabilities of the Coprocessor's control program, you can securely administer the Coprocessor environment, even from remote locations. Auditors can inspect the Coprocessor's digitally signed status response to confirm that the Coprocessor remains untampered and running uniquely identified software.
Models 002 and 023 support up to 175 1024-bit RSA private key operations per second. The Coprocessor design also supports high-throughput bulk DES processing. With Models 002 and 023, bulk triple-DES and SHA-1 processors are also connected to host system and Coprocessor subsystem memory through FIFO buffers and DMA channels. DES encryption throughput of 15.3 MBytes/second has been measured on fast host systems.
Performance is a complex subject and is dependent on many factors. With the Coprocessor you can inexpensively enhance the performance of your general purpose system while at the same time providing leading-edge security for your cryptographic keys and other secrets.