Crypto Express

Crypto Express feature is state-of-the-art, tamper-sensing, and tamper responding, programmable cryptographic cards. The cryptographic electronics and microprocessor, housed within a tamper-responding container, provide a secure cryptographic environment, designed to meet FIPS 140-2 Level 4 requirements. The Crypto Express feature provides a PCI Express (PCIe) interface to the host. The concurrent update for CCA firmware is supported.

The Crypto Express feature contains one adapter. Crypto Express feature can be configured as an accelerator, a Common Cryptographic Architecture (CCA) coprocessor, or an Enterprise PKCS #11 (EP11) coprocessor.

Key features of Crypto Express feature includes:

• Consolidation and simplification. Each crypto adapter can be defined as a coprocessor or accelerator
• For Crypto Express virtualization of the crypto allows up to 85 logical partitions for models A01/LA1.
• Improved Reliability, Availability & Serviceability (RAS)
• Dynamic power management to maximize RSA performance while keeping within temperature limits of the tamper-responding package
• User Defined Extensions (UDXs) which provide the ability to embed customized function in the coprocessor firmware
• Secure code loading that ensures the card will only accept firmware that has not been modified and which comes from an IBM-approved source
• Concurrent patch and driver update to allow updating card functionality while installed in application systems. Applications can continue to use the cards while firmware is being updated
• Lock-step checking of dual CPUs for enhanced error detection
• Dynamic addition and configuration of cryptographic features to logical partitions without an outage
• Updated cryptographic algorithms used in firmware loading and with the TKE workstation to keep up with current recommendations for cryptographic security
• Support for EMV smart card applications.