IBM PCIe Crypto Card V1 (PCIeCC)

Supported as IBM Z® features CEX4S and CEX3C, IBM Power Systems™ features EJ27, EJ28, and EJ29, and x86 MTM 4765-001

PCIeCC overview

The IBM PCIe Cryptographic Coprocessor Version 1 (PCIeCC) is a hardware security module (HSM) which provides a high-security, high-throughput cryptographic subsystem. For a detailed summary of the capabilities and specifications of the PCIeCC, refer to the IBM 4765 Data Sheet (PDF, 232KB).

4765 adapter

Highest cryptographic security available.

Each of IBM's HSM devices offers the highest cryptographic security available commercially. Federal Information Processing Standards (FIPS) are issued by the U.S. National Institute of Standards and Technology (NIST). The PCIeCC cryptographic processes are performed within an enclosure on the IBM 4765 HSM that is validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Level 4. On the Computer Security Resource Center website, choose "Advanced" search, "Historical" status, and enter "1505" for the certificate number. Click Search to obtain the certificate. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS status on the IBM PCIeCC FAQ page for additional information.

FIPS VALIDATED 140-2

Certificate No. 1505
TM: A Certification Mark of NIST, which
does not imply product endorsement by
NIST, the U.S. or Canadian
Governments.


Supported on multiple platforms.

The PCIeCC is supported on the following platforms:

IBM Power Systems™

IBM-approved x86 servers


IBM Z mainframe

The PCIeCC is supported as feature code (FC) 0865 (Crypto Express4S, or CEX4S), and as FC 0864 (Crypto Express3, or CEX3C) on The PCIeCC is supported as feature code (FC) 0865 (Crypto Express4S, or CEX4S), and as FC 0864 (Crypto Express3, or CEX3C) on IBM Z mainframes, either on z/OS® or Linux® on z Systems® operating systems. 

  • On z/OS, IBM offers the Integrated Cryptographic Service Facility (ICSF) component that ships with the base product. ICSF is the software on z/OS that provides access to the IBM Z CEX4S / CEX3C cryptographic hardware feature through the use of callable services that comply with IBM's Common Cryptographic Architecture (CCA). ICSF together with the IBM Resource Access Control Facility (RACF®) licensed program provide cryptographic services using the CCA security API.

  • On Linux on z Systems, IBM offers a CCA API for the CEX4S / CEX3C and a PKCS #11 (EP11) API to the user.


IBM Power Systems

The PCIeCC is supported on IBM AIX® and IBM i as the following hardware feature codes:

  • FC EJ27, IBM POWER6® or IBM POWER7®, no custom carrier
  • FC EJ28, IBM POWER6 custom carrier
  • FC EJ29, 4765-001, IBM POWER7 custom carrier

IBM-approved x86 servers

The PCIeCC is available as an IBM Z MTM 4765-001 on select IBM-approved x86 servers. IBM offers a Common Cryptographic Architecture (CCA) Support Program for the IBM 4765, at no charge, to the user for SLES 11 Service Pack 3 (32-bit) and Service Pack 2.

CCA can be installed on additional operating systems by purchasing a separate add-on feature. An add-on feature is available for each of these operating systems:

  • Microsoft® Windows® Server 2012, Release 2 (64-bit)
  • Microsoft Windows Server 2008, Release 2 (64-bit)
  • Red Hat® Enterprise Linux, Release 6 (32-bit)
  • Red Hat Enterprise Linux, Release 6 (64-bit)
  • SUSE® (a Micro Focus company) Linux Enterprise Server 11 Service Pack 3 (64-bit), Service Pack 2 (64-bit), and Service Pack 1 (64-bit)

To purchase any of these add-on features, contact the IBM Crypto Competence Center at ccc@dk.ibm.com or or via the CCC website (DK). The Center is located in Denmark, which is in the Central European Time Zone (GMT+1).


IBM 4765 hardware

The secure processing environment (security module) of the coprocessor contains redundant embedded IBM PowerPC microprocessors (405Gr), custom hardware to perform AES, DES, T-DES, SHA-1, SHA-256, MD5, HMAC, and public key cryptographic algorithms, a secure clock/calendar, and a hardware random number generator. It also has protective shields, sensors and control circuitry to protect against a wide variety of attacks against the system.

Card Pictogram

Embedded certificate

During the final manufacturing step, the coprocessor generates a unique public/private key pair, which is stored in the device. The tamper detection circuitry is activated at this time and remains active throughout the useful life of the coprocessor, protecting this private key, as well as all other keys and sensitive data. The coprocessor public key is certified at the factory by an IBM private key and the certificate is retained in the coprocessor. Subsequently, the coprocessor private key is used to sign coprocessor status responses which, in conjunction with a series of public key certificates, demonstrate that the coprocessor remains intact and is genuine.


Tamper responding design

The coprocessor includes sensors to protect against attacks involving probe penetration, power sequencing, and temperature manipulation, consistent with the FIPS 140-2 Level 4 requirements. From the time of manufacture, if the tamper sensors are triggered, the coprocessor zeroizes its critical keys, destroys its certification, and is rendered permanently inoperable. Note therefore that the 4765 HSM must be maintained at all times within the temperature, humidity, and barometric pressure ranges specified. Refer to the environmental requirements section below.

4765 tamper protection

IBM 4765 Technical specifications

Physical characteristics

Card type:          Half-length PCIe card                               PCI Local Bus Specification 2.2                              PCIe specification 1.1

Voltage:              +3.3 VDC ± 10% 23.44 W max

System requirements

This section describes requirements for the system in which the IBM 4765 is installed.

Software            IBM CCA Support Program for use on:

  •                        SUSE Linux 11 Service Pack 1 (32-bit)
  •                        CCA can be installed on other operating systems by purchasing a separate add-on feature. See Select IBM-approved x86 servers above for details.

Hardware            The coprocessor can be installed in an IBM-approved x86 server.

 

Environmental requirements

From the time of manufacture, the IBM 4765 cryptographic card must be shipped, stored, and used within the following environmental specifications. Outside of these specifications, the IBM 4765 tamper sensors can be activated and render the IBM 4765 permanently inoperable.

Shipping: The card should be shipped in original IBM packaging (electrostatic discharge bag with desiccant and thermally insulated box with gel packs).

Temp shipping        -40°C to +60°C

Pressure shipping   min 550 mbar

Humidity shipping   5% to 100% RH

 

Storage: The card should be stored in electrostatic discharge bag with desiccant.

Temp storage        +1°C to +60°C

Pressure storage   min 700 mbar

Humidity storage   5% to 80% RH

 

Operation: (ambient in system)

Temp operating       +10°C to +35°C

Humidity operating   8% to 80% RH

Operating altitude (max)   10 000 ft equivalent to 700 mbar min

 

Batteries

A pair of batteries mounted on the coprocessor board provides backup power when the 4765 HSM is not in a powered-on machine. These batteries must only be removed according to the documented battery replacement procedure to avoid zeroizing the coprocessor and rendering it permanently inoperable. A battery replacement kit can be obtained from IBM. See the How to order page for details.