IBM PCI Cryptographic Coprocessor

Notice of withdrawal from marketing

IBM withdrew from marketing the IBM 4758 PCI Cryptographic Coprocessor, effective March 31, 2005.

NOTE: The information below is provided for historical reference only.

Overview

The IBM 4758 PCI Cryptographic Coprocessor adds a high-security environment to your Windows NT®, Windows 2000®, AIX®, OS/400®, z/OS®, and OS/390® server systems for DES, RSA, and DSA cryptographic functions and sensitive custom applications. The PCI board incorporates specialized electronics to off-load your servers from time-consuming cryptographic functions while providing a tamper-responding, secure computing environment for the storage of keys and performing sensitive processing. Certification of the hardware under FIPS PUB 140-1 at levels 3 and 4 assures a high-integrity processing environment.

The IBM 4758 PCI Cryptographic Coprocessor product provides high-security cryptography and secure computing for all IBM server platforms and many personal computers. The tamper-responding design has been certified under the USA FIPS 140-1 standard at levels 3 and 4, and has received German ZKA approval for critical financial transaction system processing on z900 Servers.

The IBM 4758 PCI Cryptographic Coprocessor encapsulates a 486-class processing subsystem within a tamper-sensing and tamper-responding environment where you can run security-sensitive processes. A multi-tasking control program gives you access to high performance electronics for DES and public key algorithms. A cryptographic quality random number generation facility and large, secure, persistent data storage complete the physical system. Except for a very small bootstrap loader, all software is loaded into the coprocessor from your server environment. Only digitally signed software that is validated by the coprocessor is acceptable. The sophisticated code loading controls enable you to employ signed software from IBM, other vendors, or code that you create using toolkits available from IBM.

IBM supplies two cryptographic-system implementations, and toolkits for custom application development.

The product summary pages will introduce you to the coprocessor and its software options. More detailed information in the product publications such as the General Information Manual can be downloaded in PDF format from the library. Refer to the support pages to find education, ask questions, check for software updates, or locate other support services.



The PCI Cryptographic Coprocessor is one of the IBM Security products that provide solutions to many of your security needs.

We want to hear from you!

If you have comments or questions about the product or this Web site, please contact the Crypto team.



TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments.

IBM, and AIX are registered trademarks of IBM Corporation.

Windows NT and Windows 2000 are registered trademarks of Microsoft Corporation.

SET™ Secure Electronic Transaction, Secure Electronic Transaction, SET and the SET Secure Electronic Transaction design mark are trademarks and service marks owned by SET Secure Electronic Transaction LLC.

News for current customers

Spotlight

New product release CCA 5.0 for Linux on IBM z Systems™ now available effective July 2015. See Overview page for additional information.

IBM PureFlex™ customers can purchase an IBM 4765 as an add-on feature as of September 10, 2013. See CCA Release 4.3.5 for more information.

New product release CCA 4.3.8 for IBM 4765 now available on IBM AIX operating system effective June 2013. See Library page for additional information.


As of February 19, 2013, the 4765 hardware security module (HSM) is validated to meet the MEPS (Méthode d'Évaluation des Produits Securitaire "bancaires") approval scheme used by Cartes Bancaires (CB) banking ecosystem. This standards certification allows the 4765 HSM to be used by CB member banks on their dedicated payment networks.


New product release for IBM 4765 now available on IBM ServerProven System x servers, effective July 2012. This release includes support for the SLES 11.2 O/S. Support is also included for controlling the wrapping of a key with a weaker key, DUKPT for encryption and MAC keys, ciphertext translation, and AMEX enhanced CSC generation and PIN/Change Unblock.

Important notice to ECC users: This release contains important security-related changes for ECC users. See Release 4.3.4 information for details.

Effective December 2011, new add-on features are being offered for the IBM 4765 on System x to support additional operating systems. See the IBM 4765 software updates page.


On System z, the coprocessor is available as Crypto Express3 and is also available for Linux.