IBM 4764
Encyclopedia
The IBM 4764 Cryptographic Coprocessor is a secure cryptoprocessor
that performs cryptographic operations used by application programs and by communications such as SSL
private key transactions associated with SSL digital certificate
s. Each coprocessor includes a tamper-responding hardware security module
(HSM) that provides secure storage for storing master keys and other sensitive data. The HSM has been certified to meet FIPS 140-2
Level 4 security requirements. The coprocessor is supported on all IBM server platforms including System z (mainframe), System i, System p, and System x
(Linux
or Microsoft Windows
). On System z, it is called the "Crypto Express2".
Applications may include financial PIN transactions, bank-to-clearing-house transactions, EMV transactions for integrated circuit (chip) based credit cards, basic SET block processing, and general-purpose cryptographic applications using symmetric key, hash
ing, and public key algorithm
s.
The operational keys (symmetric or RSA private) are generated in the coprocessor and is then saved in a keystore
file encrypted under the master key of that coprocessor. Any coprocessor with an identical master key can use those keys.
As of June 2005, the IBM 4764 superseded the IBM 4758
that was discontinued. The successor to the 4764 was introduced on each of the IBM server platforms between 2009 and 2011:
Secure cryptoprocessor
A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance....
that performs cryptographic operations used by application programs and by communications such as SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
private key transactions associated with SSL digital certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s. Each coprocessor includes a tamper-responding hardware security module
Hardware Security Module
A hardware security module is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications...
(HSM) that provides secure storage for storing master keys and other sensitive data. The HSM has been certified to meet FIPS 140-2
FIPS 140-2
The Federal Information Processing Standard Publication 140-2, , is a U.S. government computer security standard used to accredit cryptographic modules. The title is Security Requirements for Cryptographic Modules...
Level 4 security requirements. The coprocessor is supported on all IBM server platforms including System z (mainframe), System i, System p, and System x
IBM System x
The IBM System x computers form a sub-brand of International Business Machines System brand servers...
(Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
or Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
). On System z, it is called the "Crypto Express2".
Applications may include financial PIN transactions, bank-to-clearing-house transactions, EMV transactions for integrated circuit (chip) based credit cards, basic SET block processing, and general-purpose cryptographic applications using symmetric key, hash
Hash
Hash may refer to:* Hash symbol, the glyph #* Hash mark , one of various symbols* Hash , a coarse mixture of ingredients* Hash chain, a method of producing many one-time keys from a single key or password...
ing, and public key algorithm
Algorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
s.
The operational keys (symmetric or RSA private) are generated in the coprocessor and is then saved in a keystore
Keystore
A Java KeyStore is a repository of security certificates, either Authorization certificates or Public key certificates - used for instance in SSL encryption.In WebLogic server, a file with extension jks serves as keystore....
file encrypted under the master key of that coprocessor. Any coprocessor with an identical master key can use those keys.
As of June 2005, the IBM 4764 superseded the IBM 4758
IBM 4758
The IBM 4758 PCI Cryptographic Coprocessor is a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCI board...
that was discontinued. The successor to the 4764 was introduced on each of the IBM server platforms between 2009 and 2011:
- November, 2009 for the System z (mainframe), where it is called the Crypto Express3
- April, 2010 for POWER systems, where it is available as feature codes 4807, 4808, and 4809
- May, 2011 for System x (PC) servers, where it is called the 4765