2018 News
Cryptocards news and updates from 2018.
Dec. 6, 2018 | HSM 4767 | New CCA release 5.4.33
- Red Hat Enterprise Linux (RHEL) Server (64-bit) 7.5
- SUSE Linux Enterprise Server (SLES) from Novell (64-bit) 12.3
- Three-key (192-bit) Triple-DES keys are added to strengthen security for operations such as data encryption, PIN processing, and key wrapping.
- Limited ISO Format 4 (ISO-4) AES PIN blocks as defined in the ISO 9564-1 standard.
- Directed keys, whose objective is to generate and derive many different AES key pairs with different key usages from one key diversification key (KDK).
- Wrapping and unwrapping DES and TDES keys using an AES Key Block Protection Key (TR-31 key block version ID, or method, “D”) according to ISO 20038.
The IBM 4767-002 is IBM's fifth generation of cryptographic coprocessor to support x86 machines. The 4767 is designed to provide security rich features and to deliver high throughput for cryptographic functions. These cryptographic processes are performed within a secure enclosure that is certified to the Federal Information Processing Standard (FIPS) 140-2 level 4, the highest level of certification achievable for commercial cryptographic devices.
Aug. 27, 2018 | FC EJ32/EJ33 | CCA Release 5.2.23 on AIX
CCA Release 5.3.23 is now available for download by all customers who use the IBM 4767 on AIX 7.1 / 7.2.
May 16, 2018 | HSM 4767 | New CCA Release 5.3.23
- Microsoft Windows Server 2012 R2
- Red Hat Enterprise Linux (RHEL) Server (64-bit) 7.2, 7.3, and 7.4
- SUSE Linux Enterprise Server (SLES) from Novell (64-bit) 12.1
Summary of changes for CCA Release 5.3.23
Segment 1:
The IBM 4767-002 hardware security module (HSM) is validated to FIPS PUB 140-2 Level 4. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS certification number 3164 (link resides outside of Ibm.com) on the Computer Security Resource Center website for the certification.
- Updated with minor changes.
- Updated CCA firmware version 5.3.23 meets the requirements of the German Banking Industry Committee (GBIC) and is compliant with GBIC's security requirements.
- Potential memory leak fix.
Users affected: Users of CCA host Release 5.3.12 (Linux or Windows) or CCA host Release 5.2.23 (Linux only) who call the Symmetric_Algorithm_Decipher (CSNBSAD) verb with the Galois/countryer Mode (GCM) processing rule specified in the rule array are affected.
Users should update segments 1, 2, and 3 as well as the host library to get all enhancements and fixes.
Apr. 27, 2018 | HSM CEX6S | New CCA product release for IBM CEX6S
New product release CCA 6.0 for Linux on IBM Z now available effective April 2018.
Apr. 4, 2018 | HSM 4767 / 4765 | Common Criteria EAL4 certification
As of April 4, 2018, the IBM 4767 and 4765 with IBM Enterprise PKCS#11 (EP11) firmware are Common Criteria Part 3 conformant (EAL4).
Apr. 4, 2018 | HSM 4767 | FIPS 140-2 Level 4 certification
As of April 4, 2018, the 4767 hardware security module (HSM) is validated to FIPS PUB 140-2 Level 4. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS certification number 3164 (link resides outside of Ibm.com) on the Computer Security Resource Center website for the certification.
Mar. 15, 2018 | HSM 4767 | GBIC certification
As of March 15, 2018, the IBM 4767-002 with CCA firmware version 5.3 meets the requirements of the German Banking Industry Committee (GBIC) and is compliant with GBIC's security requirements.
Mar. 1, 2018 | HSM 4767 | Changes to x86 server chart
Changes to the HSM 4767 on x86 chart are available.
Feb. 1, 2018 | HSM CEX5S | Update to EP11 support for Linux on Z
Update of EP11 package available for z14.