IBM PCIe Cryptographic Coprocessor
Read the product documentation
illustration of coprocessor functions, interactions and data management

IBM PCIe Cryptographic Coprocessors are a family of high-performance hardware security modules (HSM). These programmable PCIe cards work with certain IBM Z®, x64 and IBM Power® servers to offload computationally intensive cryptographic processes such as secure payments or transactions from the host server.

Accelerate cryptographic processes that safeguard and secure your data, while protecting against a wide variety of attacks. The IBM 4770, 4769, 4768 and 4767 HSMs deliver security-rich, high-speed cryptographic operations for sensitive business and customer information with the highest level of certification for commercial cryptographic devices.

Benefits Improve performance

Gain significant performance and architectural advantages, and enable future growth, by offloading cryptographic processing from the host server.

Keep data safe and secure

Safeguard data with a tamper-responding design and sensors that protect against module penetration, and power or temperature manipulation attacks.

Choose your model

Available on select IBM zSystems servers, on z/OS® or Linux®; IBM LinuxONE Emperor, Rockhopper; x64 servers with certain RHEL releases; and Power servers.

Top-level security processing for sensitive business and customer information

The IBM 4770 / CEX8S Cryptographic Coprocessor is the latest generation and fastest of IBM's PCIe hardware security modules (HSM). It performs top-level security processing and high-speed cryptographic functions with a high throughput rate that reduces latency and eliminates bottlenecks. The IBM 4770 offers FPGA updates and Dilithium acceleration.

Features High-end secure coprocessors

Delivers high-speed cryptographic functions for data encryption and digital signing, secure storage of signing keys, or custom cryptographic applications.

Highest level of certification: FIPS PUB 140-2, Level 4

Validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Security Level 4, the highest level of certification achievable.

Performance and architectural improvements

IBM 4769 can exceed 23,000 PIN translation operations per second, contains custom symmetric key and hashing engines, and supports asymmetric algorithms.

Tamper-responding design

Sensors protect against a wide variety of attacks on the system and immediately destroy all keys and sensitive data if tampering is detected.

Common Cryptographic Architecture, Enterprise PKCS #11 APIs

Performs cryptographic functions common in the finance industry and business applications, with custom functionality available via a programming toolkit.

Embedded certificate for external verification

Generates a unique public/private key pair with a certificate that is stored in the device, with safeguards to ensure the HSM is genuine and untampered.

Compare cards

Availability

IBM 4769 / CEX7S

IBM 4768 / CEX6S

IBM 4767 / CEX5S

IBM zSystems

Select IBM z15® models

Select IBM z14® models

Select IBM z13® models

z/OS

Support provided by ICSF cryptographic services

Support provided by ICSF cryptographic services

Support provided by ICSF cryptographic services

Linux on IBM Z

Support provided by CCA and EP11 support programs

Support provided by CCA and EP11 support programs

Support provided by CCA and EP11 support programs

x64 servers

Available as MTM 4769-001 with support for specific RHEL releases

N/A

Available as MTM 4767-002 with support for specific Windows, SLES and RHEL releases

IBM POWER10

Supported on IBM AIX®, IBM i and PowerLinux operating systems

N/A

N/A

IBM POWER9

Supported on IBM AIX and IBM i operating systems

N/A

N/A

IBM POWER7

N/A

N/A

Supported by IBM AIX, IBM i and PowerLinux operating systems

Documentation

Related products Unified Key Orchestrator for IBM z/OS

Centrally manage and secure the data set encryption keys on z/OS.

IBM zSecure

Amplify your user authorization capabilities, administrative efficiency and cybersecurity compliance with real-time threat detection for your mainframe.

IBM Cloud Infrastructure Center

Simplify infrastructure management of z/VM-based Linux virtual machines.

Take the next step

Get answers to your Cryptographic Coprocessor questions from our team of HSM experts.

Contact an expert
More ways to explore Crypto education community Developer community Documentation Support IBM Redbooks Partners Support and services Global financing