IBM 4765 Crypto Card
The IBM 4765 has been withdrawn from marketing. The IBM 4765 hardware security module (HSM) was originally sold as IBM Z® features CEX4S and CEX3C, IBM Power Systems™ features EJ27, EJ28, and EJ29, and x86 MTM 4765-001. Support has ended on IBM Z and x86. For additional information, please contact Crypto.
IBM 4765 overview
The IBM 4765 is an HSM that provides a high-security, high-throughput cryptographic subsystem. For a detailed summary of the capabilities and specifications of the IBM 4765, refer to the IBM 4765 Data Sheet (PDF, 238 KB).

Highest cryptographic security available.
Each of IBM's HSM devices offers the highest cryptographic security available commercially. Federal Information Processing Standards (FIPS) are issued by the U.S. National Institute of Standards and Technology (NIST). The PCIeCC cryptographic processes are performed within an enclosure on the IBM 4765 HSM that is validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Level 4. On the Computer Security Resource Center website (link resides outside ibm.com), choose "Advanced" search, "Historical" status, and enter "1505" for the certificate number. Click Search to obtain the certificate. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS status on the IBM PCIeCC FAQ page for additional information.

Certificate No. 1505
TM: A Certification Mark of NIST, which
does not imply product endorsement by
NIST, the U.S. or Canadian
Governments.
IBM Z mainframe
The IBM 4765 has been withdrawn from marketing and support has ended. The IBM 4765 was sold as feature code (FC) 0865 (Crypto Express4S, or CEX4S), and as FC 0864 (Crypto Express3, or CEX3C) on IBM Z mainframes, either on z/OS® or Linux® on z Systems® operating systems.
-
On z/OS, IBM offers the Integrated Cryptographic Service Facility (ICSF) component that ships with the base product. ICSF is the software on z/OS that provides access to the IBM Z CEX4S / CEX3C cryptographic hardware feature through the use of callable services that comply with IBM's Common Cryptographic Architecture (CCA). ICSF together with the IBM Resource Access Control Facility (RACF®) licensed program provide cryptographic services using the CCA security API.
-
On Linux on z Systems, IBM offers a CCA API for the CEX4S / CEX3C and a PKCS #11 (EP11) API to the user.
IBM Power Systems
The IBM 4765 has been withdrawn from marketing and support is ending. The IBM 4765 was sold on IBM AIX® and IBM i as the following hardware feature codes:
- FC EJ27, IBM POWER6® or IBM POWER7®, no custom carrier
- FC EJ28, IBM POWER6 custom carrier
- FC EJ29, 4765-001, IBM POWER7 custom carrier
IBM-approved x86 servers
The IBM 4765 has been withdrawn from marketing and support has ended. The IBM 4765 was sold as an IBM Z MTM 4765-001 on select IBM-approved x86 servers. IBM offers a Common Cryptographic Architecture (CCA) Support Program for the IBM 4765, at no charge, to the user for SLES 11 Service Pack 3 (32-bit) and Service Pack 2.
CCA can be installed on additional operating systems by purchasing a separate add-on feature. An add-on feature is available for each of these operating systems:
- Microsoft® Windows® Server 2012, Release 2 (64-bit)
- Microsoft Windows Server 2008, Release 2 (64-bit)
- Red Hat® Enterprise Linux, Release 6 (32-bit)
- Red Hat Enterprise Linux, Release 6 (64-bit)
- SUSE® (a Micro Focus company) Linux Enterprise Server 11 Service Pack 3 (64-bit), Service Pack 2 (64-bit), and Service Pack 1 (64-bit)
IBM 4765 hardware
The secure processing environment (security module) of the coprocessor contains redundant embedded IBM PowerPC microprocessors (405Gr), custom hardware to perform AES, DES, T-DES, SHA-1, SHA-256, MD5, HMAC, and public key cryptographic algorithms, a secure clock/calendar, and a hardware random number generator. It also has protective shields, sensors and control circuitry to protect against a wide variety of attacks against the system.

Embedded certificate
During the final manufacturing step, the coprocessor generates a unique public/private key pair, which is stored in the device. The tamper detection circuitry is activated at this time and remains active throughout the useful life of the coprocessor, protecting this private key, as well as all other keys and sensitive data. The coprocessor public key is certified at the factory by an IBM private key and the certificate is retained in the coprocessor. Subsequently, the coprocessor private key is used to sign coprocessor status responses which, in conjunction with a series of public key certificates, demonstrate that the coprocessor remains intact and is genuine.
Tamper responding design
The coprocessor includes sensors to protect against attacks involving probe penetration, power sequencing, and temperature manipulation, consistent with the FIPS 140-2 Level 4 requirements. From the time of manufacture, if the tamper sensors are triggered, the coprocessor zeroizes its critical keys, destroys its certification, and is rendered permanently inoperable. Note therefore that the 4765 HSM must be maintained at all times within the temperature, humidity, and barometric pressure ranges specified. Refer to the environmental requirements section below.

IBM 4765 Technical specifications
Physical characteristics
Card type: Half-length PCIe card
PCI Local Bus Specification 2.2
PCIe specification 1.1
Voltage: +3.3 VDC ± 10% 23.44 W max
System requirements
This section describes requirements for the system in which the IBM 4765 is installed.
Software IBM CCA Support Program for use on:
- SUSE Linux 11 Service Pack 1 (32-bit)
- CCA can be installed on other operating systems by purchasing a separate add-on feature. See Select IBM-approved x86 servers above for details.
Hardware The coprocessor can be installed in an IBM-approved x86 server.
Environmental requirements
From the time of manufacture, the IBM 4765 cryptographic card must be shipped, stored, and used within the following environmental specifications. Outside of these specifications, the IBM 4765 tamper sensors can be activated and render the IBM 4765 permanently inoperable.
Shipping: The card should be shipped in original IBM packaging (electrostatic discharge bag with desiccant and thermally insulated box with gel packs).
Temp shipping -40°C to +60°C
Pressure shipping min 550 mbar
Humidity shipping 5% to 100% RH
Storage: The card should be stored in electrostatic discharge bag with desiccant.
Temp storage +1°C to +60°C
Pressure storage min 700 mbar
Humidity storage 5% to 80% RH
Operation: (ambient in system)
Temp operating +10°C to +35°C
Humidity operating 8% to 80% RH
Operating altitude (max) 10 000 ft equivalent to 700 mbar min
Batteries
A pair of batteries mounted on the coprocessor board provides backup power when the 4765 HSM is not in a powered-on machine. These batteries must only be removed according to the documented battery replacement procedure to avoid zeroizing the coprocessor and rendering it permanently inoperable. A battery replacement kit can be obtained from IBM. See the How to order page for details.