IBM 4764 PCI-X Cryptographic Coprocessor

Announcement

On May 24, 2011, IBM announced that the IBM 4764-001 Cryptographic Coprocessor and its associated feature code 1008 (battery-replacement kit) will be withdrawn from marketing effective December 31, 2011 (IBM United States Withdrawal Announcement 911-129).

On or after the effective date for the withdrawal of this offering, you can no longer order this product directly from IBM. However, IBM will continue to honor contracts until expiration or termination of the current contract. You may be able obtain the product on an as-available basis through IBM Business Partners.

Feature code 1008 will no longer be used to order battery replacement kits. Battery replacement kits and multi-battery packs are now available for ordering as part numbers.

CCA support program

Features

Description

The IBM CCA Support Program (known as ICSF on System z) provides a comprehensive, integrated family of services that employs the major capabilities of the IBM coprocessors.

CCA provides the usual AES, DES, and RSA functions for data confidentiality and data integrity support. In addition, CCA features extensive support for distributed key management and many functions of special interest to the finance industry. Other changes and extensions to the Support Program are described in the "Revision history" section of the CCA Basic Services Reference and Guide. The CCA software has been independently reviewed and certified by the German ZKA industry organization for use in specific finance systems. Also, IBM believes the CCA software can be operated compliant with the intent of the FIPS 140-2 cryptographic module standard. Capabilities include:

The DES and RSA master keys can be randomly generated within the coprocessor and they can also be cloned, while an AES master key currently cannot. Each of the AES, DES, and RSA master keys can be inserted in parts by two or more trusted individuals. Active DES and RSA master keys can be securely cloned to additional coprocessor cards using an m-of-n secret splitting technique. See "Cloning of a DES or RSA master key" below for more information.