fbpx
Wikipedia

IBM 4769

April 30, 2024

The IBM 4769[1] PCIe Cryptographic Coprocessor is a hardware security module[2] (HSM)[3] that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4769 is designed to meet FIPS PUB 140-2 Level 4,[4] the highest level of certification achievable for commercial cryptographic devices. The 4769 is part of IBM's pervasive encryption and enterprise security schemes.[5] The IBM 4769 data sheet[6] describes the coprocessor in detail.

IBM supplies two cryptographic-system implementations:

  • The PKCS#11[7] implementation, called IBM Enterprise PKCS11 (EP11),[8] creates a high-security solution for application programs developed for this industry-standard API.
  • The IBM Common Cryptographic Architecture (CCA)[9] implementation provides many functions of special interest in the finance industry, extensive support for distributed key management, and a base on which custom processing and cryptographic functions can be added.

Applications may include financial PIN transactions, bank-to-clearing-house transactions, EMV transactions for integrated circuit (chip) based credit cards, and general-purpose cryptographic applications using symmetric key algorithms, hashing algorithms, and public key algorithms.

The operational keys (symmetric or asymmetric private (RSA or Elliptic Curve)) are generated in the coprocessor and are then saved either in a keystore file or in application memory, encrypted under the master key of that coprocessor. Any coprocessor with an identical master key can use those keys. See elliptic curve cryptography (ECC) for more information about ECC. New hardware in the 4769 adds support to accelerate the Elliptic Curves 25519 and Ed448, as well as the format preserving encryption (FPE) algorithms FF1, FF2, FF2.1, FF3, and FF3.1.

IBM supports the 4769 on certain IBM Z mainframes as Crypto Express7S (CEX7S) - feature codes 0898 and 0899.[10] The 4769 / CEX7S is part of IBM's support for pervasive encryption[11][12] and drive to encrypt all data.

References edit

  1. ^ "IBM 4769 Overview". www.ibm.com. Retrieved 2020-02-18.
  2. ^ Attridge, Jim (2002-01-14). "Overview of Hardware Security Modules". SANS Institute. Retrieved 2020-02-18.
  3. ^ "Understanding Hardware Security Modules (HSMs)". Cryptomathic.com. 2017-09-13. Retrieved 2020-03-27.
  4. ^ "CSRC Modules in process list". 11 October 2016. Retrieved 2020-02-18.
  5. ^ "IBM enterprise security". IBM. Retrieved 2020-02-18.
  6. ^ "IBM CEX7S / 4769 Cryptographic Coprocessor (HSM)" (PDF). Retrieved 2020-02-18.
  7. ^ "PKCS#11: Cryptographic Token Interface Standard". Retrieved 2020-02-18.
  8. ^ "IBM CEX7S / 4769 EP11". IBM. Retrieved 2020-02-18.
  9. ^ "IBM CEX7S / 4769 CCA". IBM. Retrieved 2020-02-18.
  10. ^ IBM z15 Technical Introduction. 30 September 2016. Retrieved 2020-02-18.
  11. ^ "Encryption solutions on IBM Z". IBM. Retrieved 2020-02-18.
  12. ^ "Technical resources for pervasive encryption for IBM Z". IBM. 16 July 2018. Retrieved 2020-02-18.

External links edit

General overview of cryptography: https://www.garykessler.net/library/crypto.html

These links point to various relevant cryptographic standards.

ISO 13491 - Secure Cryptographic Devices: https://www.iso.org/standard/61137.html

ISO 9564 - PIN security: https://www.iso.org/standard/68669.html

ANSI X9.24 Part 1: Key Management using Symmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-1-2017

ANSI X9.24 Part 2: Key Management using Asymmetric Techniques: https://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.24-2-2016

FIPS 140-2: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf

Payment Card Industry (PCI) PIN Transaction Security (PTS): Hardware Security Module (HSM) Modular Security Requirements: search this site: https://www.pcisecuritystandards.org/document_library

April 30, 2024
4769, pcie, cryptographic, coprocessor, hardware, security, module, that, includes, secure, cryptoprocessor, implemented, high, security, tamper, resistant, programmable, pcie, board, specialized, cryptographic, electronics, microprocessor, memory, random, num. The IBM 4769 1 PCIe Cryptographic Coprocessor is a hardware security module 2 HSM 3 that includes a secure cryptoprocessor implemented on a high security tamper resistant programmable PCIe board Specialized cryptographic electronics microprocessor memory and random number generator housed within a tamper responding environment provide a highly secure subsystem in which data processing and cryptography can be performed Sensitive key material is never exposed outside the physical secure boundary in a clear format The IBM 4769 is designed to meet FIPS PUB 140 2 Level 4 4 the highest level of certification achievable for commercial cryptographic devices The 4769 is part of IBM s pervasive encryption and enterprise security schemes 5 The IBM 4769 data sheet 6 describes the coprocessor in detail IBM supplies two cryptographic system implementations The PKCS 11 7 implementation called IBM Enterprise PKCS11 EP11 8 creates a high security solution for application programs developed for this industry standard API The IBM Common Cryptographic Architecture CCA 9 implementation provides many functions of special interest in the finance industry extensive support for distributed key management and a base on which custom processing and cryptographic functions can be added Applications may include financial PIN transactions bank to clearing house transactions EMV transactions for integrated circuit chip based credit cards and general purpose cryptographic applications using symmetric key algorithms hashing algorithms and public key algorithms The operational keys symmetric or asymmetric private RSA or Elliptic Curve are generated in the coprocessor and are then saved either in a keystore file or in application memory encrypted under the master key of that coprocessor Any coprocessor with an identical master key can use those keys See elliptic curve cryptography ECC for more information about ECC New hardware in the 4769 adds support to accelerate the Elliptic Curves 25519 and Ed448 as well as the format preserving encryption FPE algorithms FF1 FF2 FF2 1 FF3 and FF3 1 IBM supports the 4769 on certain IBM Z mainframes as Crypto Express7S CEX7S feature codes 0898 and 0899 10 The 4769 CEX7S is part of IBM s support for pervasive encryption 11 12 and drive to encrypt all data References edit IBM 4769 Overview www ibm com Retrieved 2020 02 18 Attridge Jim 2002 01 14 Overview of Hardware Security Modules SANS Institute Retrieved 2020 02 18 Understanding Hardware Security Modules HSMs Cryptomathic com 2017 09 13 Retrieved 2020 03 27 CSRC Modules in process list 11 October 2016 Retrieved 2020 02 18 IBM enterprise security IBM Retrieved 2020 02 18 IBM CEX7S 4769 Cryptographic Coprocessor HSM PDF Retrieved 2020 02 18 PKCS 11 Cryptographic Token Interface Standard Retrieved 2020 02 18 IBM CEX7S 4769 EP11 IBM Retrieved 2020 02 18 IBM CEX7S 4769 CCA IBM Retrieved 2020 02 18 IBM z15 Technical Introduction 30 September 2016 Retrieved 2020 02 18 Encryption solutions on IBM Z IBM Retrieved 2020 02 18 Technical resources for pervasive encryption for IBM Z IBM 16 July 2018 Retrieved 2020 02 18 External links editGeneral overview of cryptography https www garykessler net library crypto htmlThese links point to various relevant cryptographic standards ISO 13491 Secure Cryptographic Devices https www iso org standard 61137 htmlISO 9564 PIN security https www iso org standard 68669 htmlANSI X9 24 Part 1 Key Management using Symmetric Techniques https webstore ansi org RecordDetail aspx sku ANSI X9 24 1 2017ANSI X9 24 Part 2 Key Management using Asymmetric Techniques https webstore ansi org RecordDetail aspx sku ANSI X9 24 2 2016FIPS 140 2 https nvlpubs nist gov nistpubs FIPS NIST FIPS 140 2 pdfPayment Card Industry PCI PIN Transaction Security PTS Hardware Security Module HSM Modular Security Requirements search this site https www pcisecuritystandards org document library Retrieved from https en wikipedia org w index php title IBM 4769 amp oldid 1177282074, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.