Publication
IBM J. Res. Dev
Paper

The next generation of highly reliable and secure encryption for the IBM z13

View publication

Abstract

New business opportunities for cloud, analytics, mobile, and social applications depend on a secure computing infrastructure. The introduction of the IBM 4767 cryptographic coprocessor continues IBM leadership in marketplace security. The IBM 4767/Crypto Express5S is a versatile solution, offering three modes of operations on the IBM z13™ System: 1) Accelerator, 2) Common Cryptographic Architecture (CCA) Coprocessor, and 3) Enterprise PKCS #11 (public-key cryptography standard) Coprocessor. The highly programmable cryptographic coprocessor environment features a new ASIC (application-specific integrated circuit), FPGA (field-programmable gate array), and enhanced performance. The innovative internal hardware and firmware can be easily updated to achieve new security standards and requirements as well as new customer-specific functionality. The secure APIs (application programming interfaces) are designed to support standard cryptographic functions as well as specialized banking and financial functions. This is done in a way that allows the sensitive key material never to be exposed outside the physical secure boundary in a clear format. Performance benefits include the incorporation of elliptic curve cryptography (ECC) and format preserving encryption (FPE) in the hardware. For the z13, the number of logical domains has been increased from 16 to 85, allowing more system versatility. This new design also supports SRIOV (single root I/O virtualization) and the ability to customize arbitration to target SRIOV or quality of service.