Let’s talk Cybersecurity

IBM 4769

Bancambios is a technologic cluster for emerging and decentralized technologies in both fashion on-chain and off-chain to comply to regulators. Our network base on great and durable technologies which also decide to have great cybersecurity in other to protect its reputation and to keep its clients safe.

4769 overview

The IBM 4769 Cryptographic Coprocessor is the latest generation and fastest of IBM’s PCIe hardware security modules (HSMs). Its predecessors are the IBM 4768, IBM 4767, and IBM 4765.

The IBM 4769 is designed for improved performance and security-rich services for your sensitive workloads, and to deliver high throughput for Bancambios cryptographic functions.

Why we adopt IBM 4769 Crypto Card

Security certifications

FIPS 140–2 Level 4 Highest cryptographic security level is available that why we at Bancambios adopt it. FIPS 140 defines security requirements for cryptographic modules. It is issued by the U.S. National Institute of Standards and Technology (NIST) and is widely used as a measure of the security of HSMs. The certification for the IBM CEX7S at Level 4, the highest level of certification achievable for commercial cryptographic devices such as Bancambios is in NIST’s Coordination phase

Why we adopt IBM 4769 Crypto Card

Reliability, Availability, and Serviceability.

Hardware has also been designed to support the highest level of RAS requirements that enables the secure module to self-check at all times. This is achieved by running a pair of PowerPC processors in lockstep and comparing the result from each cycle by cycle. Also, all interfaces, registers, memory, cryptographic engines, and buses are protected at all times using parity, ECC (Error Correcting Codes), or CRC. Power on self-tests that are securely stored inside the security module verifies the hardware and firmware loaded on the module is secure and reliable at every power on. Then, the built-in RAS features check it continuously in real-time.

Tamper responding design

The IBM 4769 HSM is designed to meet the NIST FIPS 140–2 Level 4 requirements by protecting against attacks that include probe penetration or other intrusions into the secure module, side-channel attacks, power manipulation, and temperature manipulation. From the time of manufacture, the hardware is self-protecting by using tamper sensors to detect probing or drilling attempts. If the tamper sensors are triggered, the HSM destroys critical keys and certificates and is rendered permanently inoperable. Note therefore that the HSM must be maintained at all times within the temperature, humidity, and barometric pressure ranges specified. Refer to the environmental requirements section below.

IBM Z mainframe

The IBM 4769 is available as feature code (FC) 0898 and 0899 (Crypto Express7S, or CEX7S) on IBM Z mainframes (z15® only), either on z/OS® or Linux® on z Systems® operating systems.

· FC 0898 and 0899 require FC 3863 — CPACF (Central Processor Assist for Cryptographic Functions) DES/TDES Enablement. CPACF is a set of cryptographic instructions providing improved performance through hardware acceleration. Using the cryptographic hardware, you gain security from using the CPACF and the Crypto feature through in-kernel cryptography APIs, and for Linux on z Systems the libica cryptographic functions library. Cryptographic keys must be protected by your application system, as required.

· On z/OS, IBM offers the Integrated Cryptographic Service Facility (ICSF) component that ships with the base product. ICSF is the software on z/OS that provides access to the IBM Z CEX7S cryptographic hardware feature through the use of callable services that comply with IBM’s Common Cryptographic Architecture (CCA). ICSF together with the IBM Resource Access Control Facility (RACF®) licensed program provides cryptographic services using the CCA security API.