c4

Revised:  January 25, 2005.



Revised:  February 08, 2005.


57c257,258
4963 |A| PCI Cryptographic Coprocessor (FIPS-4)
4963 |N| PCI Cryptographic Coprocessor (FIPS-4)
4964 |A| PCI Cryptographic Coprocessor
13a815
  • (#4964) - PCI Cryptographic Coprocessor
    452a2455

    (No Longer Available as of February 8, 2005)

    529a2533,2610

    (#4964) PCI Cryptographic Coprocessor


    The IBM PCI Cryptographic Coprocessor is a 2/3 length PCI adapter
    combining hardware and software designed to provide high performance
    hardware engines for secure internet transactions such as data exchange,
    verifying electronic signatures, bulk data encryption and decryption.
    Cryptographic processes are performed within a tamper resistant
    enclosure on the adapter that is designed to meet FIPS PUB 140-1
    standard for commercial cryptographic devices at Level 3.

    Security functions supported by the adapter includes:


    • Data Encryption Standard (DES) (56 and 40 bit keys) encryption and
      decryption, with pre- and post-padding; the coprocessor uses both
      electronic and codebook (ECB) and cipher block chain (CBC) modes of
      encryption.
    • Message Authentication (MAC) and financial PIN processing
    • Triple DES encryption and decryption of general data
    • RSA key-pair generation
    • RSA signature generation and signature verification
    • Secure Hashing Algorithm (SHA-1) in hardware
    • Hardware random number generation
    • Protected data storage and retrieval
    • Other non-cryptographic security utilities can be carried out
      using the onboard processor

    IBM offers software to enable your use of the Coprocessors. Two
    different approaches to cryptographic functions are offered for
    download from:


    http://www.ibm.com/security/cryptocards


    • PKCS #11 Version 2.01, an implementation of the industry-standard
      API
    • IBM Common Cryptographic Architecture (CCA), featuring support of
      special interest to the finance industry.

    Under custom contract, IBM also offers toolkits that you can employ
    to develop extensions to the CCA offering and to develop your own
    application to exploit the secure computing environment and
    cryptographic hardware. For more information on custom contracts,
    refer to:


    http://www.ibm.com/security/cryptocards.

    For additional information on the IBM PCI Cryptographic Coprocessor,
    refer to the following World Wide Web page:


    Limitations:


    • The IBM PCI Cryptographic Coprocessor Adapter is a field only
      installed
      device in order to meet restrictive shipping requirements.

    Note: This adapter may have AIX 5.1 support limitations. Go to the
    following URL to view the latest AIX 5.1 support limitation statements:


    http://www.ibm.com/servers/aix/os/adapters/51.html



    • Attributes provided: Data encryption via PCI bus to host
    • Attributes required: 1 PCI slot
    • For 7311-D10: (#4964)

      • Minimum required: 0
      • Maximum allowed: 6 (Initial order maximum: 6 )
      • OS level required: AIX V5.1 or 5.2 or later.
        For Linux informaion, refer to:
        http://www.ibm.com/servers/eservers/pseries/hardware/
        
 factsfeatures.html
        
  

      • Initial Order/MES/Both/Supported: Both
      • CSU: Yes
      • Return parts MES: No