IBM PCIe Cryptographic Coprocessors are a family of high-performance hardware security modules (HSM). These programmable PCIe cards work with certain IBM Z®, x64 and IBM Power® servers to offload computationally intensive cryptographic processes such as secure payments or transactions from the host server.
Accelerate cryptographic processes that safeguard and secure your data, while protecting against a wide variety of attacks. The IBM 4770, 4769, 4768 and 4767 HSMs deliver security-rich, high-speed cryptographic operations for sensitive business and customer information with the highest level of certification for commercial cryptographic devices.
Gain significant performance and architectural advantages, and enable future growth, by offloading cryptographic processing from the host server.
Safeguard data with a tamper-responding design and sensors that protect against module penetration, and power or temperature manipulation attacks.
Available on select IBM zSystems servers, on z/OS® or Linux®; IBM LinuxONE Emperor, Rockhopper; x64 servers with certain RHEL releases; and Power servers.
The IBM 4770 / CEX8S Cryptographic Coprocessor is the latest generation and fastest of IBM's PCIe hardware security modules (HSM). It performs top-level security processing and high-speed cryptographic functions with a high throughput rate that reduces latency and eliminates bottlenecks. The IBM 4770 offers FPGA updates and Dilithium acceleration.
Delivers high-speed cryptographic functions for data encryption and digital signing, secure storage of signing keys, or custom cryptographic applications.
Validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Security Level 4, the highest level of certification achievable.
IBM 4769 can exceed 23,000 PIN translation operations per second, contains custom symmetric key and hashing engines, and supports asymmetric algorithms.
Sensors protect against a wide variety of attacks on the system and immediately destroy all keys and sensitive data if tampering is detected.
Performs cryptographic functions common in the finance industry and business applications, with custom functionality available via a programming toolkit.
Generates a unique public/private key pair with a certificate that is stored in the device, with safeguards to ensure the HSM is genuine and untampered.
Availability
IBM 4769 / CEX7S
IBM 4768 / CEX6S
IBM 4767 / CEX5S
IBM zSystems
Select IBM z15® models
Select IBM z14® models
Select IBM z13® models
z/OS
Support provided by ICSF cryptographic services
Support provided by ICSF cryptographic services
Support provided by ICSF cryptographic services
Linux on IBM Z
Support provided by CCA and EP11 support programs
Support provided by CCA and EP11 support programs
Support provided by CCA and EP11 support programs
x64 servers
Available as MTM 4769-001 with support for specific RHEL releases
N/A
Available as MTM 4767-002 with support for specific Windows, SLES and RHEL releases
IBM POWER10
Supported on IBM AIX®, IBM i and PowerLinux operating systems
N/A
N/A
IBM POWER9
Supported on IBM AIX and IBM i operating systems
N/A
N/A
IBM POWER7
N/A
N/A
Supported by IBM AIX, IBM i and PowerLinux operating systems
Documentation
Centrally manage and secure the data set encryption keys on z/OS.
Amplify your user authorization capabilities, administrative efficiency and cybersecurity compliance with real-time threat detection for your mainframe.
Simplify infrastructure management of z/VM-based Linux virtual machines.