PCIe Cryptographic Coprocessor (FC 4807, FC 4808, and FC 4809; CCIN 4765)
Learn about the specifications for the PCIe Cryptographic Coprocessor.
The PCIe Cryptographic Coprocessor adapters (feature codes (FC) 4807, FC 4808, and FC 4809) provide the secure-key cryptographic accelerator and the Cryptographic Coprocessor functions in a single PCIe card. The coprocessor functions are targeted to banking and finance applications. The financial personal identification number (PIN) processing and Euro pay, Mastercard, Visa (EMV) credit card functions are provided. EMV is a standard for the integrated-chip based credit cards. The secure-key accelerator functions are targeted to improving the performance of Secure Sockets Layer (SSL) transactions. The (FC 4807, FC 4808, and FC 4809 provide the security and performance required to support emerging digital signature applications. The host application access to the cryptographic services of the (FC 4807, FC 4808, and FC 4809 are by the Common Cryptographic Architecture (CCA) application programming interfaces (APIs) and by the Public-Key Cryptographic Standards (PKCS11). The (FC 4807, FC 4808, and FC 4809 provide secure storage of cryptographic keys in a tamper-resistant hardware security module, which is designed to meet FIPS PUB 140-2 on security requirements.
- FC 4807 is not a blind-swap cassette
- FC 4808 is a generation-3 blind-swap cassette
- FC 4809 is a generation-4 blind-swap cassette
- PCIe 4x standard height - half length
- Integrated Dual PPC processors
- ASIC (Accelerator engines)
- Supports the Common Cryptographic Architecture (CCA) application programming interfaces (APIs) and the Public-Key Cryptographic Standards (PKCS11) on the single firmware load.
- 3072, 4096 bit RSA CRT HW (including routing)
- SHA 256 required HW or firmware within secure module (including routing)
- Secure Key AES 128, 192, 256 bit keys
- Fast path – symmetric and asymmetric (secure and clear key)
For details about slot priorities and placement rules, see PCIe adapter placement rules and slot priorities and select the system you are working on.
Operating system or partition requirements
If you are installing a new feature, ensure that you have the software that is required to support the new feature and that you determine whether any prerequisites must be met for this feature and attaching devices. To check for the prerequisites, see IBM Prerequisite website.
- AIX®
- AIX 7.1, or later
- AIX Version 6.1, or later
- IBM i
- IBM i Version 7.2 or later
- IBM i Version 7.1, or later
For support details, see the Linux Alert website.
The latest version of the device driver or iprutils can be downloaded from the IBM Service and Productivity Tools website.
Specifications and requirements
- FRU number:
- 45D7948
RoHS compliant with server exemption
- Placement information
- To view information about the PCI adapter placement rules, see the PCI adapter placement topic collection for your system.
- I/O bus architecture
- PCI Express v1.1a
- Storage
Shipping and storage temperature below -35°C ± 60°C (-31°F ± 140°F) or above 1°C ± 60°C (33.8°F ± 140°F) limits.
- Operation (ambient in system)
This component collects and controls all the sensors to prevent the physical penetration and any abnormal environmental condition within its wide operational range of 10°C ± 35°C (50°F ± 95°F).
- Tamper protection range
- Outside of the tamper protection range limits of -38°C ±3°C (-41.8°F to -31°F) to +90°C ± 2°C (190.4°F to 197.6°F), the card will be permanently disable.
- Handling requirements
- Each PCIe Cryptographic Coprocessor includes a certified device
key. This electronic key, which is stored in the adapter's battery-powered
and protected memory, digitally signs status messages to confirm that
the PCI Cryptographic Coprocessor is genuine and that no tampering
has occurred.
If any of the secure module's tamper sensors are triggered by tampering or by accident, the PCIe Cryptographic Coprocessor erases all data in the protected memory, including the certified device key. Incorrect removal of the batteries triggers the tamper sensors and destroys the certified device keys. The PCI Cryptographic Coprocessor cannot operate without the certified device keys. To protect the keys, follow the guidelines given in the documentation provided with the coprocessor.
Attention: The batteries keep the coprocessor powered on even when it is not installed in a system. When handling, installing, or removing the adapter, do not let the adapter circuits come in contact with any conductive surface or tools. Doing so can render the adapter permanently inoperable.Do not remove the batteries of the adapter. Data in the protected memory is lost when battery power is removed. For information about replacing the batteries, see the Installation Manual at the IBM Cryptocard website at http://www-03.ibm.com/security/cryptocards/.
Attention: While installing the coprocessor, observe the following precautions:- The coprocessor is always powered by the batteries, even when it is not installed in the system.
- The battery power is necessary to keep the coprocessor operational.
- The loss of battery power or a voltage drop triggers a tamper event and permanently renders the coprocessor inoperable.
- Any short on the battery power distribution circuits causes a voltage drop and a tamper event.
- Do not lay the coprocessor on or cause the coprocessor to come in contact with any conductive surface.
- Do not strike the coprocessor circuits with metal or conductive tools.
- Use static-protective measures at all times when handling the coprocessor.
