J. A. Busby;E. N. Cohen;E. A. Dames;J. Doherty;S. Dragone;D. Evans;M. J. Fisher;N. Hadzic;C. Hagleitner;A. J. Higby;M. D. Hocker;L. S. Jagich;M. J. Jordan;R. Kisley;K. D. Lamb;M. D. Marik;J. Mayfield;T. E. Morris;T. D. Needham;W. Santiago-Fernandez;V. Urban;T. Visegrady;K. Werner
{"title":"The IBM 4769 Cryptographic Coprocessor","authors":"J. A. Busby;E. N. Cohen;E. A. Dames;J. Doherty;S. Dragone;D. Evans;M. J. Fisher;N. Hadzic;C. Hagleitner;A. J. Higby;M. D. Hocker;L. S. Jagich;M. J. Jordan;R. Kisley;K. D. Lamb;M. D. Marik;J. Mayfield;T. E. Morris;T. D. Needham;W. Santiago-Fernandez;V. Urban;T. Visegrady;K. Werner","doi":"10.1147/JRD.2020.3008145","DOIUrl":null,"url":null,"abstract":"System security is currently a main focus area for all IT infrastructure providers. New system features like pervasive encryption, the transition to cloud-based offerings, and the demand for quantum-safe platforms demand increased cryptographic performance as well as more cryptographic agility. The new IBM 4769 Cryptographic Coprocessor addresses these trends. It brings performance improvements that match the requirements of the new IBM z15. A combination of newly available features allows IBM z15 to scale to greater than 5,000 Virtual Hardware secure modules per system and makes it suitable to support virtualized client environments such as cloud-scale datacenters. To meet the dense packaging and energy requirements of those data centers, the form factor and power consumption of the card were reduced significantly. The card also offers an expanded set of algorithms to support state-of-the-art as well as future workloads. For the first time, the user interface provides access to a selected set of quantum-safe algorithms. Infrastructure extensions add hardware-embedded, attestation-friendly trusted boot services, which improve system resiliency by providing hardware enabled measurements of the secure and trusted boot process. These extensions simultaneously simplify the security certifications built on them. This article provides an overview of the IBM 4769 cryptographic coprocessor, highlighting security characteristics, internal hardware, form factor, and enhanced firmware.","PeriodicalId":55034,"journal":{"name":"IBM Journal of Research and Development","volume":null,"pages":null},"PeriodicalIF":1.3000,"publicationDate":"2020-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1147/JRD.2020.3008145","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IBM Journal of Research and Development","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/9138701/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 2
Abstract
System security is currently a main focus area for all IT infrastructure providers. New system features like pervasive encryption, the transition to cloud-based offerings, and the demand for quantum-safe platforms demand increased cryptographic performance as well as more cryptographic agility. The new IBM 4769 Cryptographic Coprocessor addresses these trends. It brings performance improvements that match the requirements of the new IBM z15. A combination of newly available features allows IBM z15 to scale to greater than 5,000 Virtual Hardware secure modules per system and makes it suitable to support virtualized client environments such as cloud-scale datacenters. To meet the dense packaging and energy requirements of those data centers, the form factor and power consumption of the card were reduced significantly. The card also offers an expanded set of algorithms to support state-of-the-art as well as future workloads. For the first time, the user interface provides access to a selected set of quantum-safe algorithms. Infrastructure extensions add hardware-embedded, attestation-friendly trusted boot services, which improve system resiliency by providing hardware enabled measurements of the secure and trusted boot process. These extensions simultaneously simplify the security certifications built on them. This article provides an overview of the IBM 4769 cryptographic coprocessor, highlighting security characteristics, internal hardware, form factor, and enhanced firmware.
期刊介绍:
The IBM Journal of Research and Development is a peer-reviewed technical journal, published bimonthly, which features the work of authors in the science, technology and engineering of information systems. Papers are written for the worldwide scientific research and development community and knowledgeable professionals.
Submitted papers are welcome from the IBM technical community and from non-IBM authors on topics relevant to the scientific and technical content of the Journal.