A secure coprocessor is a general-purpose computing environment that withstands
physical attacks and logical attacks. The device must run the programs that it is
supposed to, unmolested. You must be able to (remotely) distinguish between the
real device and application, and a clever impersonator. The coprocessor must
remain secure even if adversaries carry out destructive analysis of one or more
devices.
Many servers operate in distributed environments where it is difficult or
impossible to provide complete physical security for sensitive processing. And,
in some applications, the motivated adversary is the end user. You need a device
that you can trust even though you cannot control its environment.
Cryptography is an essential tool in secure processing. When your application
must communicate with other distributed elements, or assert or ascertain the
validity of data it is processing, you will find cryptography an essential tool.
The IBM PCI-X has been certified by NIST for IBM System x, IBM
System p, IBM System i, and IBM System z.
The FIPS 140-2 Level 4 certification declares that the IBM 4764-001 PCI-X
Cryptographic Coprocessor is uniquely qualified to detect and respond to
attempted attacks, and to perform processing securely, including correct
implementations of several commercially significant cryptographic algorithms.
FIPS PUB 140-2
FIPS PUB 140-2 is the benchmark standard for evaluating the security and proper
algorithmic implementation of a commercial cryptographic product. This
independent certification provides assurance of the security, integrity, and
correctness of the cryptographic algorithms inherent in the coprocessor designs.
FIPS 140 is unique with its emphasis on clear testing criteria for anti-tamper
design validation and its focus at level 4 on hardware implementation. Under
the supervision of the USA and Canadian Governments, independent laboratories
conduct thorough analyses of the product design and actual tests of products.
The test report is discussed with the governmental bodies, and when found
acceptable, a certificate is issued. Issued certifications are posted to the NIST Web site.
|