IBM PCI-X Cryptographic Coprocessor

The IBM 4764 PCI-X Cryptographic Coprocessor is a state-of-the-art secure subsystem that is supported for use in certain IBM server systems to perform DES and public-key cryptography in a highly secure environment. You can also load software for highly sensitive processing, such as the minting of electronic postage, which must perform its intended function even when under the physical control of a motivated adversary.

The secure coprocessor module is a standard 'short type' PCI-X adapter card and is compatible with the PCI-X version 1.0 and PCI version 2.2 interfaces. The sealed coprocessor module incorporates physical penetration, power, and temperature sensors to detect physical attacks against the encapsulated subsystem. Batteries provide backup power that is active from the time of factory initialization until the end of the product's useful life. Any detected tamper event results in immediate zeroization of the area where internal secrets are stored and permanent disablement of the subsystem.

The IBM 4764 Model 001 is offered for use with the IBM System x™, IBM System p™, IBM System i™, and IBM System z™.

The 4764 Model 001 meets FIPS 140-2 level 4 physical security. It incorporates a secure envelope around the electronics to detect the most sophisticated physical penetration attempts and will zeroize the memory area containing all critical secret data when tamper is detected.

A secure coprocessor is a general-purpose computing environment that withstands physical attacks and logical attacks. The device must run the programs that it is supposed to, unmolested. You must be able to (remotely) distinguish between the real device and application, and a clever impersonator. The coprocessor must remain secure even if adversaries carry out destructive analysis of one or more devices.

Many servers operate in distributed environments where it is difficult or impossible to provide complete physical security for sensitive processing. And, in some applications, the motivated adversary is the end user. You need a device that you can trust even though you cannot control its environment.

Cryptography is an essential tool in secure processing. When your application must communicate with other distributed elements, or assert or ascertain the validity of data it is processing, you will find cryptography an essential tool.

The IBM PCI-X has been certified by NIST for IBM System x, IBM System p, IBM System i, and IBM System z.

The FIPS 140-2 Level 4 certification declares that the IBM 4764-001 PCI-X Cryptographic Coprocessor is uniquely qualified to detect and respond to attempted attacks, and to perform processing securely, including correct implementations of several commercially significant cryptographic algorithms.

FIPS PUB 140-2

FIPS PUB 140-2 is the benchmark standard for evaluating the security and proper algorithmic implementation of a commercial cryptographic product. This independent certification provides assurance of the security, integrity, and correctness of the cryptographic algorithms inherent in the coprocessor designs.

FIPS 140 is unique with its emphasis on clear testing criteria for anti-tamper design validation and its focus at level 4 on hardware implementation. Under the supervision of the USA and Canadian Governments, independent laboratories conduct thorough analyses of the product design and actual tests of products. The test report is discussed with the governmental bodies, and when found acceptable, a certificate is issued. Issued certifications are posted to the NIST Web site.