IBM PCIe Cryptographic Coprocessor

Offload computationally intensive cryptographic processes from your host server

Get an overview Contact a Crypto expert

IBM® PCIe Cryptographic Coprocessors are a family of high-performance hardware security modules (HSM). These programmable PCIe cards work with certain IBM Z®, x64 and IBM Power® servers to offload computationally intensive cryptographic processes such as secure payments or transactions from the host server.

Accelerate cryptographic processes that safeguard and secure your data, while protecting against a wide variety of attacks. The IBM 4770, 4769, 4768 and 4767 HSMs deliver security-rich, high-speed cryptographic operations for sensitive business and customer information with the highest level of certification for commercial cryptographic devices.

What's new

Stay up-to-date on Cryptocards news and updates

Benefits Improve performance

Gain significant performance and architectural advantages and enable future growth by offloading cryptographic processing from the host server.

Keep data safe and secure

Safeguard data with a tamper-responding design and sensors that protect against module penetration and power or temperature manipulation attacks.

Choose your model

Available on select IBM z Systems® servers, on z/OS® or Linux®; IBM LinuxONE Emperor, Rockhopper; x64 servers with certain RHEL releases and Power servers.

Latest generation HSM 4770 Cryptographic Coprocessor The 4770 is the latest generation and the fastest of the PCIe HSM. It performs top-level security processing and high-speed cryptographic functions with a high throughput rate that reduces latency and eliminates bottlenecks. The 4770 offers FPGA updates and Dilithium acceleration. Available on IBM z16®, either on z/OS® or Linux on Z® operating systems. Explore IBM 4770
Features High-end secure coprocessors

Delivers high-speed cryptographic functions for data encryption and digital signing, secure storage of signing keys or custom cryptographic applications.

Highest level of certification: FIPS PUB 140-2, Level 4

Validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Security Level 4, the highest level of certification achievable.

Performance and architectural improvements

IBM 4769 can exceed 23,000 PIN conversion operations per second, contains custom symmetric key and hashing engines and supports asymmetric algorithms.

Tamper-responding design

Sensors protect against a wide variety of attacks on the system and immediately destroy all keys and sensitive data if tampering is detected.

Common Cryptographic Architecture, Enterprise PKCS #11 APIs

Performs cryptographic functionality common in the finance industry and business applications, with custom functions available through a programming toolkit.

Embedded certificate for external verification

Generates a unique public or private key pair with a certificate that is stored in the device, with safeguards to ensure that the HSM is genuine and untampered.

Compare cards

4770 / CEX8S 

4769 / CEX7S

4768 / CEX6S

4769 / CEX7S

IBM Z 

z16® models

Select z15® models

Select z14® models

Select z13® models

z/OS®

Support provided by ICSF cryptographic services

Support provided by ICSF cryptographic services

Support provided by ICSF cryptographic services

Support provided by ICSF cryptographic services

Linux on IBM Z

Support provided by CCA and EP11 support programs

Support provided by CCA and EP11 support programs

Support provided by CCA and EP11 support programs

Support provided by CCA and EP11 support programs

x64 servers

N/A

Available as MTM 4769-001 with support for specific RHEL releases

N/A

Available as MTM 4767-002 with support for specific Windows, SLES and RHEL releases

Power10

N/A

Supported on IBM AIX®, IBM i and PowerLinux operating systems

N/A

N/A

POWER9®

N/A

Supported on IBM AIX®, IBM i and PowerLinux operating systems

N/A

N/A

POWER7

N/A

N/A

N/A

Supported by IBM AIX, IBM i and PowerLinux operating systems

More information

Cryptographic Module Validation Program
Related products Unified Key Orchestrator for IBM z/OS

Centrally manage and secure the data set encryption keys on z/OS.

IBM zSecure

Amplify your user authorization capabilities, administrative efficiency and cybersecurity compliance with real-time threat detection for your mainframe.

IBM Cloud Infrastructure Center

Simplify the infrastructure management of z/VM-based Linux virtual machines.

Next steps

Get answers to your Cryptographic Coprocessor questions from our team of HSM experts.

Read the FAQs Contact a Crypto expert
More ways to explore Documentation Support IBM Redbooks Support and services Global financing Community Developer community Business Partners