The IBM PCIe Cryptographic Coprocessor Version 1 (PCIeCC) is a hardware security module (HSM) which provides a high-security, high-throughput cryptographic subsystem. The IBM 4765 Cryptographic Security Module validated to FIPS 140-2, Overall Level 4 (highest level of security). See FIPS certification number 1505 (link resides outside of ibm.com). The 4765 Cryptographic Coprocessor is a tamper responding, programmable, cryptographic PCIe card, containing CPU, encryption hardware, RAM, persistent memory, hardware random number generator, time of day clock, infrastructure firmware, and software. Specialized hardware performs AES, DES, TDES, RSA, SHA-1, SHA-224 to SHA-512, and other cryptographic processes, relieving the main processor from these tasks. The coprocessor design protects your cryptographic keys and sensitive custom applications. The software running in the coprocessor can be customized to meet special requirements.
The PCIeCC has a PCIe local-bus-compatible interface. The coprocessor holds a secured subsystem module, batteries for backup power and a full-speed USB 2.0 host port available through a mini-A connector. The securely encapsulated subsystem contains two 32-bit PowerPC 405D5 RISC processors running in lock-step with cross-checking to detect malfunctions as well as a separate service processor used to manage self-test and firmware updates, RAM, flash memory, and battery-powered memory, cryptographic-quality random number generator, AES, DES, TDES, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and modular-exponentiation (for example, RSA, DSA) hardware, and full-duplex DMA communications. A secure code-loading arrangement enables control program and application program loading and refreshes after coprocessor installation in your server. IBM offers a Linux-based subsystem control program and a cryptographic application programming interface (API) which implements the IBM Common Cryptographic Architecture (CCA).
The PCIeCC is supported in the following IBM server families:
Further details on specific supported environments are provided elsewhere on this Web site or on the Web sites for the individual server families.
Note that system software on some servers provides higher-level interfaces to the cryptographic functions in the PCIeCC. For example, some systems may offer Java interfaces which make use of the coprocessor.
A battery-replacement kit, part number 45D5803, is available for order. The kit includes two replacement batteries, one temporary-battery tray with connecting wires, and two battery-attention labels.
Note: The multi-battery pack, part number 74Y0465, is now obsolete and can no longer be ordered.
To order the battery-replacement kit, customers in: