PCI Express-driven Cryptographic Systems Tech Challenges
by Will Shirley, on Jan 4, 2018 9:55:01 AM
Correctly routing PCIe signal traces is a design challenge that few companies can handle well, and taking short cuts in single board computer and backplane designs which utilize the PCI Express interface will always result in suboptimal system performance particularly in rugged cyrptographic systems.
For example, it was previously best practice to keep PCIe traces well below 16 inches to ensure optimum performance, but updated PCIe specifications coupled with critical data throughput requirements in system security applications makes the PCIe trace length requirement even more restrictive. The the IBM® 4767-002 PCIe Cryptographic Coprocessor Hardware Security Module (HSM) that forms the heart of our line of Trenton Cryptographic Systems (TCS) is driven by a PCIe interface.
It's critical for the security of the system that the HSM plugs into a backplane controlled by a single board computer that have both been designed for optimum PCI Express link performance. These considerations are critical in the design of the SBC and backplanes used in all of the Trenton Cryptographic Systems. For example, the IBM® 4767-002 PCIe Cryptographic Coprocessor Hardware Security Module (HSM) shown above with the HDB8228 PCI Express backplane is used in the THS4086 4U cryptographic system.
The IBM® Harware Security Module System Security Difference
The IBM® 4767-002 PCIe Cryptographic Coprocessor (HSM) is a high-end, secure coprocessor implemented on a PCIe card with a multi-chip embedded module. It is a foundation for secure applications such as high-assurance digital signature generation or financial transaction processing, utilizing the IBM® common Cryptographic Architecture (CCA) API and security architecture, as well as custom software options.
This robust hardware security module affords high-security processing and high-speed cryptographic operations at maximum flexibility and maximum trust for a computing system while operating in physically insecure environments. The IBM® 4767-002 has tamper-responding programmable secure hardware designed to meet FIPS 140-2 Level 4 certification, the highest U.S. government accreditation standard for cryptographic modules and is currently undergoing NIST validation. Click here to learn more about the IBM® 4767-002 PCIe Cryptographic Coprocessor (HSM).
Rugged Cryptographic Systems Explained
Rugged cryptographic systems enable the protection of privacy and confidentiality of data in a wide variety of business, government and military computing applications. Trenton Cryptographic Systems are rugged rackmount computers that feature IBM® approved x86 architecture servers featuring the IBM® 4767-002 PCIe Cryptographic Coprocessor Hardware Security Module (HSM). Unlike commercial servers, the Trenton system platfroms are housed in rugged aluminum enclosures and specifically designed for robust computing.
Trenton Cryptographic Systems deliver the long-term computer configuration stability and performance demanded in secure computing applications. We have two different 2U (TCS2503 and TCS2504) and 4U (TCS4503 and TCS4504) models available for deployment in either server room or robust field locations. Here's a short list of features for the Trenton Cryptographic Systems:
- Dual or Single-Processor System Host Board (SHB) Options
- Choice of long-life Intel® Xeon® or Intel® Core™ Processors
- Robust 19” 2U or 4U Rackmount Chassis Configurations
- Advanced PCI Express 3.0 Backplanes
- Programmable Tamper–Responding Secure Hardware Security Module
- IBM® 4767-002 HSM Designed to meet FIPS 140-2 Level 4 certification
- TCS Configurations Fully Tested with the RHEL 7.2 O/S (additional O/S testing available)
- TCS Made In America, 5-year Factory Warranty, and 7+ Years of SHB Availability