February 4, 2021
Enterprises and financial institutions have used IBM mainframes to handle sensitive business and customer information for decades. While mainframes are very secure because of their architecture, structured processes, and controlled access, today’s distributed environments and networks require additional layers of security to guard against targeted attacks by hackers. IBM’s experience with the mainframe cryptography led to clients requesting similar alternatives for distributed platforms.
IBM manufactures several versions of their Hardware Security Module (HSM) Crypto-Coprocessors, including IBM Z, LinuxONE, x64, and Power servers. The Payment Card Industry Data Security Standard (PCI DSS) specifically requires HSMs to protect cryptographic keys to protect account payment data for business in financial services and retail banking. IBM’s Common Cryptographic Architecture (CCA) has achieved certification under the PCI PIN Transaction Security (PTS) HSM Program, benefiting companies in many industries using payment systems.
The Cost of Risk
According to the 2020 Cost of a Data Breach Report, the average financial impact of a data breach is $3.86 million, with an average of 280 days to identify and contain a breach.
Enterprises and financial organizations need to build and maintain a reputation of being trustworthy to win over and retain clients. If they suffer a major breach, become infected with malware, ransomware, or compromise sensitive data, they will forfeit this trust. Many organizations may also face the cost of litigation, breach mitigation, fines for not meeting compliance regulations, and customer attrition.
Why Choose IBM PCIe Cryptographic Coprocessor HSM?
CryptoCards from IBM empower companies to protect data and workloads from physical and logistical attacks through cryptography. Cryptography is crucial for secure processing when applications must communicate with distributed elements or assess the validity of the data being processed.
The IBM 4767, 4768, and 4769 PCIe Cryptographic Coprocessors provide a high-performance hardware security module (HSM) that can perform top-level security processing and high-speed cryptographic operations. Cryptographic functions are offloaded from the central processor and carried out with a high throughput rate that reduces latency and eliminates bottlenecks.
CryptoCard is designed to provide security services for sensitive workloads. The technology enables secure payment and internet transactions, such as those carried out by ATMs and point of sale (POS) systems. With CryptoCard, companies can secure online payment applications and credit card transactions, processes that are carried out by all kinds of businesses.
Features of the PCIe Cryptographic Coprocessor
IBM introduced the 4769-001 PCIe Cryptographic Coprocessor in early 2021 to replace the 4767-002. It is a security-rich PCIe coprocessor designed to support cryptographic functions on select x64 architecture servers with a PCIe slot. It is designed to comply with FIPS 140-2, the highest level of certification achievable for commercial cryptographic devices. This PCIe coprocessor offloads compute-intensive cryptographic processes from the host server to perform tasks that require extra security measures.
The 4769-001 PCIe Cryptographic Coprocessor is designed to protect your cryptographic keys and sensitive applications. The software running in the coprocessor offers a rich programmable environment to meet unique business needs such as:
- Implementing systems requiring high security for cryptographic keys and high assurance the coprocessor has not been tampered with or modified.
- Implementing applications which process financial transactions including ATMs, PINS, and credit cards.
- Implementing support for EMV smart card applications.
- Implementing secure cryptographic key management.
- Implementing card personalization systems.
- Using RSA public key cryptography for digital signatures or key management.
- x.509 certificate services.
- Using Elliptic curve public key cryptography for digital signatures and key agreement.
- Supporting Visa DSP P2PE.
- Desiring the security or compatibility afforded by implementation of portions of the IBM CCA.
Finding a PCIe Cryptographic Coprocessor Vendor
Only select IBM Business partners are permitted to sell the 4769-001 and 4767-002.
As a trusted IBM business partner, PSR is an authorized vendor authorized to sell and distribute IBM 4769-001 and 4767-002 Cryptographic Coprocessors. We make it easy to purchase these products so you can protect your most sensitive workloads.