IBM 4764 PCI-X Cryptographic Coprocessor

On May 24, 2011, IBM announced that the IBM 4764-001 Cryptographic Coprocessor on System x and its associated feature code 1008 (battery-replacement kit) will be withdrawn from marketing effective December 31, 2011 (IBM United States Withdrawal Announcement 911-129).

On or after the effective date for the withdrawal of this offering, you can no longer order this product directly from IBM. However, IBM will continue to honor contracts until expiration or termination of the current contract. You may be able obtain the product on an as-available basis through IBM Business Partners.

Effective December 31, 2011, Feature code 1008 can no longer be used to order battery replacement kits. Battery replacement kits and multi-battery packs are now available for ordering as part numbers.

• Battery-replacement kit, part number 45D8663 (replaces feature code 1008)
• Multi-battery pack (20 quantity), part number 74Y0460

To order the battery-replacement kit, or the multi-battery pack, customers in:

• US or Canada can call the IBM Maintenance Parts and Warranty Center at 800-388-7080. When calling, provide the part number and your IBM End User Customer number.
• Other countries will need to follow these steps:
  • Find the general contact information number for your country by going to www.ibm.com/planetwide/ and clicking on your country. You can also call the IBM general contact information number 800-IBM-4YOU (800-426-4968). When calling, ask for the general contact information number for your country.
  • Using the general contact information number retrieved for your country from the previous step, call and ask for the parts phone number. Call the parts phone number to order the part or parts. When calling, provide the part number and your IBM End User Customer number.

The IBM PCI-X Cryptographic Coprocessor provides a high-security, high-throughput cryptographic subsystem. The tamper-responding hardware is validated at the highest level under the stringent FIPS PUB (Federal Information Processing Standards Publication) 140-2 standard. Specialized hardware performs AES, DES, TDES, RSA, and SHA-1 cryptographic processes, relieving the main processor from these tasks. The coprocessor design protects your cryptographic keys and sensitive custom applications. The software running in the coprocessor can be customized to meet special requirements.

The IBM PCI-X Cryptographic Coprocessor has a PCI-X 1.0 and PCI 2.2 local-bus-compatible interface. The coprocessor holds a secured subsystem module, batteries for backup power, and serial interface and 10/100 Ethernet connectors. The securely encapsulated subsystem contains a 32-bit IBM PowerPC 405GPr RISC processor, RAM, flash memory, and battery-powered memory, cryptographic-quality random number generator, AES, DES, TDES, SHA-1 and modular-exponentiation (for example, RSA, DSA) hardware, and full-duplex DMA communications. A secure code-loading arrangement enables control program and application program loading and refreshes after coprocessor installation in your server. IBM offers a Linux-based subsystem control program and a cryptographic application programming interface (API) which implements the IBM Common Cryptographic Architecture (CCA).

The IBM PCI-X Cryptographic Coprocessor is supported in the following IBM server families:

• IBM System z™ mainframes, where the coprocessor is available as an older PCIXCC feature or a newer Crypto Express2 (CEX2) feature.
  • The coprocessor is supported under IBM z/OS® or IBM OS/390® with the Integrated Cryptographic Support Facility (ICSF) and the IBM Resource Access Control Facility (RACF®) to provide cryptographic services using the CCA cryptographic API.
  • The coprocessor is supported under Linux on System z to provide cryptographic services using the CCA cryptographic API.
• IBM System i™ servers, where the coprocessor is available as a feature. The CCA Support Program is available to provide cryptographic services to applicatoin programs running under the IBM i5/OS® operating system. The CCA cryptographic API is available to provide cryptographic services to application programs.
• IBM System p™ servers, where the coprocessor is available as a feature. The CCA cryptographic API and the PKCS #11 cryptographic API are available to provide cryptographic services to application programs running under the IBM AIX® operating system (32-bit).
• IBM System x™ servers, running one of the following 32-bit operating systems:
  • SUSE Linux Enterprise Server 10 by Novell (32-bit) on Release 3.30.04 or later
  • SUSE Linux Enterprise Server 10 Service Pack 1 by Novell (32-bit) on Release 3.60 or later
  • SUSE Linux Enterprise Server 11 Service Pack 1 by Novell (32-bit) on Release 3.60 or later
  • Red Hat Enterprise Linux 5.2, Server Edition (32-bit) on Release 3.30.05 or later
  • Red Hat Enterprise Linux 5.4, Server Edition (32-bit) on Release 3.60 or later
  • Microsoft Windows Server 2003, Standard Edition (32-bit)
  • Microsoft Windows Server 2003 R2, Standard Edition (32-bit) on Release 3.60 or later
  • Operating systems also supported under the appropriate feature code are IBM AIX on IBM Power Systems (32-bit), IBM i5/OS on IBM Power Systems, and Linux on IBM System z9 and System z10.

  Note: Supported System x servers are listed on the IBM ServerProven™ Web site.

Further details on specific supported environments are provided elsewhere on this Web site or on the Web sites for the individual IBM server families.

Note that system software on some IBM servers provides higher-level interfaces to the cryptographic functions in the IBM PCI-X Cryptographic Coprocessor. For example, some systems may offer Java interfaces which make use of the coprocessor.

The IBM Common Cryptographic Architecture implementation provides a base on which custom processing and cryptographic functions, called User Defined Extensions (UDX), can be added. Development of a UDX to a customer specification requires a contract between IBM and the customer.

To investigate a UDX for an IBM PCI-X Cryptographic Coprocessor, see 'Custom Programming'.