PCIeCC overview

PCIeCC2 overview The IBM PCIe Cryptographic Coprocessor Version 1 (PCIeCC) is a hardware security module (HSM) which provides a high-security, high-throughput cryptographic subsystem. For a detailed summary of the capabilities and specifications of the PCIeCC, refer to the IBM 4765 Data Sheet.

Highest cryptographic security available. Each of IBM's HSM devices offers the highest cryptographic security available commercially. Federal Information Processing Standards (FIPS) are issued by the U.S. National Institute of Standards and Technology (NIST). The PCIeCC cryptographic processes are performed within an enclosure on the HSM that is validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Level 4. See FIPS certification number 1505 on the Computer Security Resource Center website for the certification. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS status on the IBM PCIeCC FAQ page for additional information.

Supported on multiple platforms. The PCIeCC is supported on IBM z Systems mainframes, on select IBM POWER Systems, and on select IBM-approved x86 architecture servers:

  • IBM z Systems mainframe. The PCIeCC is supported as feature code (FC) 0865 (Crypto Express4S, or CEX4S), and as FC 0864 (Crypto Express3, or CEX3C) on IBM z Systems mainframes, either on z/OS or Linux on z Systems operating systems.
    • On z/OS, IBM offers the Integrated Cryptographic Service Facility (ICSF) component that ships with the base product. ICSF is the software on z/OS that provides access to the z Systems CEX4S / CEX3C cryptographic hardware feature through the use of callable services that comply with IBM's Common Cryptographic Architecture (CCA). ICSF together with the IBM Resource Access Control Facility (RACF®) licensed program provide cryptographic services using the CCA security API.
    • On Linux on z Systems, IBM offers a CCA API for the CEX4S / CEX3C and a PKCS #11 (EP11) API to the user.
  • IBM Power Systems. The PCIeCC is supported on IBM AIX® and IBM i® as the following hardware feature codes:
    • FC EJ27, IBM POWER6® or IBM POWER7®, no custom carrier
    • FC EJ28, IBM POWER6 custom carrier
    • FC EJ29, 4765-001, IBM POWER7 custom carrier
  • Select IBM-approved x86 architecture servers. The PCIeCC is supported as an IBM z Systems machine type-model 4765-001 on select IBM-approved x86 architecture servers. IBM offers a Common Cryptographic Architecture (CCA) Support Program for the IBM 4765 PCIe Cryptographic Coprocessor, at no charge, to the user for SUSE (a Micro Focus Company) Linux Enterprise Server (SLES) 11 Service Pack 3 (32-bit) and Service Pack 2.

Separately purchased add-on features. CCA can be installed on additional operating systems by purchasing a separate add-on feature. An add-on feature is available for each of these operating systems:

  • Microsoft Windows Server 2012, Release 2 (64-bit)
  • Microsoft Windows Server 2008, Release 2 (64-bit)
  • Red Hat Enterprise Linux, Release 6 (32-bit)
  • Red Hat Enterprise Linux, Release 6 (64-bit)
  • SUSE (a Micro Focus Company) Linux Enterprise Server 11 Service Pack 3 (64-bit), Service Pack 2 (64-bit), and Service Pack 1 (64-bit)

To purchase any of these add-on features, contact the IBM Crypto Competence Center at ccc@dk.ibm.com or or via the CCC website. The Center is located in Denmark, which is in the Central European Time Zone (GMT+1).

Specialized hardware relieves main processor from cryptographic tasks. The PCIeCC has a PCIe local-bus-compatible interface, and has a tamper responding, programmable, cryptographic coprocessor containing a CPU, encryption hardware, RAM, persistent memory, hardware random number generator, time-of-day clock, infrastructure firmware, and software. Its specialized hardware performs AES, DES, TDES, SHA-1, SHA-224 to SHA-512, and modular-exponentiation (for example, RSA, DSA) hardware, and full-duplex DMA communications, relieving the main processor from these tasks. The coprocessor design protects your cryptographic keys and any sensitive customer applications.

Cryptographic software support options. A secure code-loading arrangement enables control program and application program loading and refreshes after coprocessor installation in your server. IBM offers a Linux-based subsystem control program and a cryptographic application programming interface (API) which implements the IBM Common Cryptographic Architecture (CCA). The CCA API supports:

  • AES, DES, and triple-DES data confidentiality
  • DES and triple-DES message authentication including ISO 16609 CBC mode triple-DES support
  • RSA digital signatures with keys up to 4096 bits
  • ECDSA digital signatures for prime curves up to P-521
  • SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5, RIPEMD-160, MDC-2, MDC-4 hashing and HMAC
  • AES, DES, ECC and RSA key management, RSA keys to 4096 bit-length
  • SET™ (Secure Electronic Transaction LLC) services
  • Key diversification for smart card applications
  • EMV secure key and PIN messaging services
  • Finance-industry PIN processing and related services, including ANSI X9.24 Derived Unique Key Per Transaction (DUKPT) support using single-length and double-length keys
  • Custom extensions using the UDX toolkit
  • ATM remote key loading

The IBM CCA Support Program (known as ICSF on System z) provides a comprehensive, integrated family of services that employs the major capabilities of the IBM coprocessors.

CCA provides the usual AES, DES, and RSA functions for data confidentiality and data integrity support. In addition, CCA features extensive support for distributed key management and many functions of special interest to the finance industry. Other changes and extensions to the Support Program are described in the "Revision history" section of the CCA Basic Services Reference and Guide.

The CCA software has been independently reviewed and certified by the German ZKA industry organization for use in specific finance systems.

CCA capabilities

Capabilities include the following:

  • ATM remote key loading is a method of secured transport of DES keys from a Tamper Resistant Security Module (TRSM) to an ATM or other remote device using asymmetric techniques.
  • Cryptographic-quality random-number generation using the coprocessor hardware to seed a FIPS PUB 140-2 compliant random number generator.
  • Secure import and export of DES keys encrypted using either RSA or triple-DES along with the CCA control vector key-typing technique and carefully architected key management operations enables a strong, distributed key management implementation.
  • Secure import and export of AES keys using RSA.
  • Local keys securely held in one of two ways:
    • A modest number of RSA private keys can be retained within the secure coprocessor.
    • An unlimited number of DES keys and also RSA and ECC private keys can be held external to the coprocessor encrypted (wrapped) by their associated triple-length DES master key along with an unlimited number of AES keys wrapped by the 256-bit AES master key. The master keys are secured within the coprocessor.

The DES and PKA master keys can be randomly generated within the coprocessor and they can also be cloned, while an AES master key currently cannot. Each of the AES, DES, and PKA master keys can be inserted in parts by two or more trusted individuals. Active DES and PKA master keys can be securely cloned to additional coprocessor cards using an m-of-n secret splitting technique. See "Cloning of a DES or PKA master key" below for more information.

  • Protection of keys is assured through triple-DES encryption, AES encryption, or retention of the keys within the coprocessor's secure module. Generation options permit the secure storage of valuable RSA keys at a single node or backing them up on additional node(s). With the CCA architecture and its control vector technology, you can enable extensive control of key usage in distributed cryptographic systems. Approximately 75 to 150 coprocessor-generated RSA private keys can be retained within the secure coprocessor to guarantee that the value of the key cannot be disclosed or transported to another site. With the CCA master key architecture, an unlimited number of AES, DES, ECC, and RSA keys can be securely held external to the coprocessor. Externally stored keys can be managed either by CCA or by application programs.
  • Cloning of a DES or PKA master key enables back-up and/or redundant coprocessors to process the same master-key-encrypted local keys. Master-key cloning operates with the access control system ensuring a secure, controlled process through a cryptographically protected m-of-n key-shares design. Note: Cloning of AES mater keys is currently not supported.
  • Secure Electronic Services (SET) support e-commerce applications in merchant and acquirer credit card transaction processing.
  • ATM and POS PIN-processing is supported through six services. PIN generation and verification services support several popular PIN-generation algorithms including customer-selected PIN options. A variety of PIN-block formats are processed with support for secure re-encryption and re-formatting of PIN blocks. ANSI X9.24 Derived Unique Key Per Transaction (DUKPT) PIN block encryption is supported, using both single-length and double-length keys. Additional services support the card verification value/card validation code/card security code (CVV/CVC/CSC) processes for the protection of card transactions.
  • Digital signature generation and validation using RSA supports several different hash-formatting methods including ISO 9796-1 and PKCS #11 standards. Support of SHA up to 512 bits and MD5 algorithms is provided. The modular-exponentiation hardware engine supports keys up to 4096 bits in length. Using the CCA services and the FIPS 140-2 certified hardware, you have a high-security, flexible base on which to implement PKI solutions.
  • DES and triple-DES data encryption/decryption supports CBC and ANSI X9.23 "last block" padding rules.
  • Message Authentication Code (MAC) generation is supported using the DES algorithm and rules defined in the ANSI X9.9-1 and the ANSI X9.19 algorithms for single- and double-length keys. ISO-16609 CBC Mode TDES MAC is also supported. In multi-node systems, you can use the CCA control vector architecture to prevent the MAC receiver from generating a fraudulent MAC code.
  • Derived key support is available for dynamically creating DES keys from a key generating key in support of protocols such as used with EMV smart cards. Through use of the UDX toolkit, you or your software vendor can extend CCA to support the many special derived-key operations needed in modern smart card systems.
  • EMV™ (EMVCo LLC) Secure Messaging is supported with functions that create secure messages to send keys and PINs to EMV smart cards.

Customizable to meet special requirements. The firmware running in the coprocessor together with the software running on your host can be customized to meet special requirements that your enterprise has. The PCIeCC cryptographic coprocessor Toolkit is available for purchase from IBM, subject to the export regulations of the United States Government. The Toolkit can enable developers to create and build applications for the HSM, authenticate programs, and load programs into the HSM. It also enables developers to extend the functionality of CCA in the form of a user-defined extension (UDX).

The custom programming toolkit includes a custom software interface reference which describes the function calls that applications running in the HSM use to obtain services from the HSM operating system and from the HSM host system device driver. Other included references provide the method for extending the CCA host API and the API reference for the user-defined extensions programming environment. Finally, an Interactive Code Analysis Tool (ICAT) is provided that developers can use to debug applications running on the HSM.

Frequently a custom contract provides consultation to hasten application development, and sometimes provides for initial development by IBM. Whenever needed, IBM is also able to bid on developing your custom solution or extension.

Optional use of smart cards. A Smart Card Utility Program (SCUP) is a GUI-based component available for use with the Cryptographic Node Management (CNM) utility (also GUI based) to manage smart cards with an IBM HSM. You can use SCUP to initialize smart cards that can then be used with CNM to generate and store CCA DES and PKA master key parts on supported smart cards, load CCA master key parts stored on supported smart cards, and log on to CCA using smart card CCA profiles tied to an RSA key pair associated with a particular smart card and user profile. Smart cards are available for purchase from IBM. Additionally, IBM can provide assistance in setting up and configuring SCUP and CNM.

Crypto Hardware and Initialization Management (CHIM). It is to centrally manage multiple servers with one or more cryptographic coprocessors installed. CHIM is available for IBM-approved x86 servers and IBM Power Systems.

CCA Java Native Interface (JNI). In addition to support for C and C++ programming languages, the CCA Support Program includes a CCA Java Native Interface (JNI) that application programmers can use to build Java applications to use with the CCA Support Program. The IBM i Option 35, CCA Cryptographic Service Provider feature also provides language bindings for COBOL, RPG, and CL.