IBM PCI-X Cryptographic Coprocessor

Release 3.25 is available for download by all customers who use the IBM 4764 Model 001 in an IBM System x™ server (IBM ServerProven™ model only).

Release 3.25.1 is a full standalone package. It is a maintenance release that replaces Release 3.25.0. The maintenance release only affects the device driver. Prior to Release 3.25.1, the driver was unsigned. Release 3.25.1 now includes a signed driver in the Microsoft® Windows® operating environment. Note: A signed driver is device driver software that includes a digital signature.

IBM offers a Common Cryptographic Architecture (CCA) Support Program that is licensed internal code for the IBM PCI-X Cryptographic Coprocessor. It provides device drivers, utilities and access method support, in addition to providing support for:

• Strong DES key management with extensive key separation
• Triple and single DES data encryption
• Message authentication (MAC) and financial PIN processing
• RSA operations up to 2048 bits for key generation and digital signature operations
• Programmable - Customer / User Defined Functions (UDX)
• Access controls to manage definable roles

• New support for remote key loading, which is a method of secured transport of DES keys from a Tamper Resistant Security Module (TRSM) to an ATM or other remote device using asymmetric techniques
• The One_Way_Hash verb now supports two additional secure hash algorithms defined by FIPS 180-2:
  1. SHA-224, which produces a 28-byte, 224-bit hash value.
  2. SHA-256, which produces a 32-byte, 256-bit hash value.
• The MAC_Generate and MAC_Verify verbs now provide support for the ANSI X9.9-1 procedure using ISO 16609 CBC mode TDES MAC encryption to generate a MAC.
• Enhanced PIN Security Mode has been added to provide additional security when performing PIN processing operations.