Todd W. Arnold

IBM 4765 cryptographic coprocessor

This paper provides an overview of the 4765 cryptographic coprocessor hardware and firmware architecture, its key design features, and an overview of the IBM System z® secure software stack. The hardware for the 4765 solution is shared across all IBM server platforms offering cryptographic hardware acceleration in a highly programmable coprocessor environment designed to meet the most stringent security requirements. Its internal hardware and firmware can be easily updated to meet new security standards and requirements, as well as new customer-specific functionality. It allows updates and customization to be executed with zero downtime, meeting the highest standard of reliability and availability. Standard cryptographic functions and specialized banking and financial functions are supported.

Cryptographic system enhancements for the IBM System z9

IBM has offered hardware-based cryptographic processors for its mainframe computers for nearly thirty years. Over that period, IBM has continued to update both the hardware and software, providing added features, higher performance, greater physical security, and improved management features. This commitment continues with the System z9TM, as demonstrated by the two improvements described in this paper. The first part of the paper describes enhancements to the System z9 to configure and control cryptographic features. The second part describes a new method for the cryptographic coprocessors to securely manage keys which are distributed to remote devices that are not necessarily in secure or well-controlled environments.