IBM PCIe Cryptographic Coprocessors are a family of high-performance hardware security modules (HSM). These programmable PCIe cards work with certain IBM Z®, x64 and IBM Power® servers to offload computationally intensive cryptographic processes such as secure payments or transactions from the host server.
Accelerate cryptographic processes that safeguard and secure your data, while protecting against a wide variety of attacks. The IBM 4770, 4769, 4768 and 4767 HSMs deliver security-rich, high-speed cryptographic operations for sensitive business and customer information with the highest level of certification for commercial cryptographic devices.
Gain significant performance and architectural advantages and enable future growth by offloading cryptographic processing from the host server.
Safeguard data with a tamper-responding design and sensors that protect against module penetration and power or temperature manipulation attacks.
Available on select IBM z Systems® servers, on z/OS® or Linux®; IBM LinuxONE Emperor, Rockhopper; x64 servers with certain RHEL releases and Power servers.
Delivers high-speed cryptographic functions for data encryption and digital signing, secure storage of signing keys or custom cryptographic applications.
Validated to FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Overall Security Level 4, the highest level of certification achievable.
IBM 4769 can exceed 23,000 PIN conversion operations per second, contains custom symmetric key and hashing engines and supports asymmetric algorithms.
Sensors protect against a wide variety of attacks on the system and immediately destroy all keys and sensitive data if tampering is detected.
Performs cryptographic functionality common in the finance industry and business applications, with custom functions available through a programming toolkit.
Generates a unique public or private key pair with a certificate that is stored in the device, with safeguards to ensure that the HSM is genuine and untampered.
4770 / CEX8S
4769 / CEX7S
4768 / CEX6S
4769 / CEX7S
IBM Z
z16™ models
Select z15® models
Select z14® models
Select z13® models
z/OS®
Support provided by ICSF cryptographic services
Support provided by ICSF cryptographic services
Support provided by ICSF cryptographic services
Support provided by ICSF cryptographic services
Linux on IBM Z
Support provided by CCA and EP11 support programs
Support provided by CCA and EP11 support programs
Support provided by CCA and EP11 support programs
Support provided by CCA and EP11 support programs
x64 servers
Available as MTM 4769-001 with support for specific RHEL releases
Available as MTM 4767-002 with support for specific Windows, SLES and RHEL releases
Power10
Supported on IBM AIX®, IBM i and PowerLinux operating systems
POWER9®
Supported on IBM AIX®, IBM i and PowerLinux operating systems
POWER7
Supported by IBM AIX, IBM i and PowerLinux operating systems
More information
Centrally manage and secure the data set encryption keys on z/OS.
Amplify your user authorization capabilities, administrative efficiency and cybersecurity compliance with real-time threat detection for your mainframe.
Simplify the infrastructure management of z/VM-based Linux virtual machines.