IBM 4764 PCI-X Cryptographic Coprocessor

Announcement

On May 24, 2011, IBM announced that the IBM 4764-001 Cryptographic Coprocessor on System x and its associated feature code 1008 (battery-replacement kit) will be withdrawn from marketing effective December 31, 2011 (IBM United States Withdrawal Announcement 911-129). The effective end-of-service for the IBM 4764-001 Cryptographic Coprocessor on System x is December 31, 2013.

On or after the effective date for the withdrawal of this offering, you can no longer order this product directly from IBM. However, IBM will continue to honor contracts until expiration or termination of the current contract. You may be able obtain the product on an as-available basis through IBM Business Partners.

Effective December 31, 2011, Feature code 1008 can no longer be used to order battery replacement kits. Battery replacement kits and multi-battery packs are now available for ordering as part numbers.

To order the battery-replacement kit, or the multi-battery pack, customers in:

Overview

The IBM PCI-X Cryptographic Coprocessor provides a high-security, high-throughput cryptographic subsystem. The tamper-responding hardware is validated at the highest level under the stringent FIPS PUB (Federal Information Processing Standards Publication) 140-2 standard. Specialized hardware performs AES, DES, TDES, RSA, and SHA-1 cryptographic processes, relieving the main processor from these tasks. The coprocessor design protects your cryptographic keys and sensitive custom applications. The software running in the coprocessor can be customized to meet special requirements.

The IBM PCI-X Cryptographic Coprocessor has a PCI-X 1.0 and PCI 2.2 local-bus-compatible interface. The coprocessor holds a secured subsystem module, batteries for backup power, and serial interface and 10/100 Ethernet connectors. The securely encapsulated subsystem contains a 32-bit IBM PowerPC 405GPr RISC processor, RAM, flash memory, and battery-powered memory, cryptographic-quality random number generator, AES, DES, TDES, SHA-1 and modular-exponentiation (for example, RSA, DSA) hardware, and full-duplex DMA communications. A secure code-loading arrangement enables control program and application program loading and refreshes after coprocessor installation in your server. IBM offers a Linux-based subsystem control program and a cryptographic application programming interface (API) which implements the IBM Common Cryptographic Architecture (CCA).

The IBM PCI-X Cryptographic Coprocessor is supported in the following IBM server families:

Further details on specific supported environments are provided elsewhere on this Web site or on the Web sites for the individual IBM server families.

Note that system software on some IBM servers provides higher-level interfaces to the cryptographic functions in the IBM PCI-X Cryptographic Coprocessor. For example, some systems may offer Java interfaces which make use of the coprocessor.

The IBM Common Cryptographic Architecture implementation provides a base on which custom processing and cryptographic functions, called User Defined Extensions (UDX), can be added. Development of a UDX to a customer specification requires a contract between IBM and the customer.

To investigate a UDX for an IBM PCI-X Cryptographic Coprocessor, see 'Custom Programming'.

News for current customers

Spotlight

New product release for IBM 4765 now available on IBM ServerProven System x servers, effective August 2015.

New product release CCA 5.0 for Linux on IBM z Systems™ now available effective July 2015. See Overview page for additional information.

IBM PureFlex™ customers can purchase an IBM 4765 as an add-on feature as of September 10, 2013. See CCA Release 4.3.5 for more information.

New product release CCA 4.4.20 for IBM 4765 now available on IBM AIX operating system effective May 2014. See Library page for additional information.


As of February 19, 2013, the 4765 hardware security module (HSM) is validated to meet the MEPS (Méthode d'Évaluation des Produits Securitaire "bancaires") approval scheme used by Cartes Bancaires (CB) banking ecosystem. This standards certification allows the 4765 HSM to be used by CB member banks on their dedicated payment networks.


Important notice to ECC users: This release contains important security-related changes for ECC users. See Release 4.3.4 information for details.

Effective December 2011, new add-on features are being offered for the IBM 4765 on System x to support additional operating systems. See the IBM 4765 software updates page.


On System z, the coprocessor is available as Crypto Express3 and is also available for Linux.