Introduction to Financial Remote Key Loading (Part 4)
This post is a continuation of our series on financial remote key loading. Other posts in the series are available here: Part 1 (Introduction to Financial RKL), Part 2 (The Role of the Manufacturer), Part 3 (Cryptographic Techniques for RKL).
Futurex and VirtuCrypt's Solutions for Remote Key Loading
Futurex and VirtuCrypt are the industry’s only single-vendor providers of complete cryptographic infrastructures for payment security. Many of Futurex’s most important services, like PIN encryption and validation, P2PE, and tokenization, rely on secure and compliant key management.
In response to the growing demand for RKL with the financial services industry, Futurex and VirtuCrypt have developed the most robust RKL solutions in the industry. Whether choosing cloud functionality through VirtuCrypt, on-premises hardware through Futurex, or a combination of both, each solution has the functionality needed to build a comprehensive, single-vendor solution for all cryptographic processes related to financial services and payment processing.
On-Premises Hardware Solution: the Futurex Hardened Enterprise Security Platform
Futurex’s Hardened Enterprise Encryption Platform is an advanced product line of HSMs, key management servers, and payment data security solutions.Within the Hardened Enterprise Security Platform, the primary RKL platform is the Remote Key Management Server (RKMS) Series 3. The RKMS is a complete key management solution for generating, distributing, and injecting POS and ATM encryption keys. The RKMS was designed from the outset with RKL as its primary purpose. It is a sophisticated single-device solution for organizations seeking to transition from direct key distribution to RKL. The RKMS is equipped with an internal Secure Cryptographic Device (SCD) for key storage. It is fully compliant with Federal Information Processing Standards (FIPS) 140-2 Level 3, PCI HSM, and all other major industry standards for security.
The flexibility of the RKMS Series 3 allows individual customers to choose how automated, or how much user interaction is required, which is typically predefined by the customer’s security policy. The RKMS Series 3 can be fully automated after initial setup and loading of the major keys. For the RKMS Series 3 to be fully automated, it requires integration by incorporating the RKMS Series 3’s application programming interface (API) into the host system. The integration application can be written in any language that allows for basic TCP/IP support (Java, C, C++, etc.). The RKMS Series 3 uses the Futurex proprietary interface with a fully-functioning GUI.
Cloud Solution: the VirtuCrypt Cloud Payments Platform
For clients who prefer “as-a-service” cryptographic functionality, Futurex key loading solutions are available through the VirtuCrypt Hardened Enterprise Security Cloud. VirtuCrypt is best-suited for organizations who prefer hosted cryptographic services as opposed to maintaining their own on-premises hardware. With the VirtuCrypt Elements RKL Service, VirtuCrypt will act as a key distribution host by securely automating the manual key replacement process by managing and loading keys from one central location over a secure IP network. VirtuCrypt is powered by Futurex hardware, which means that VirtuCrypt clients will receive the same security and compliance benefits that would come from owning Futurex hardware, in particular FIPS 140-2 Level 3 and PCI HSM compliance.
Security concerns about the cloud usually revolve around the idea that sensitive data being transferred or stored within the cloud may be viewed by unauthorized people. However, VirtuCrypt’s innovative approach to the cloud alleviates these concerns, with all sensitive data being encrypted, decrypted, and authenticated in FIPS 140-2 Level 3 compliant Secure Cryptographic Devices located within SSAE 16 (SOC 1, 2, and 3), PCI, TIA-942 Tier 4, and HIPAA-compliant data centers.
The VirtuCrypt Intelligence Portal (VIP) Dashboard gives customers this centralized management platform for all their VirtuCrypt hosted services. With the VIP Dashboard, users can securely communicate directly with the Futurex device performing the service at the VirtuCrypt data centers. This allows users to import keys and manage key receiving devices. Additionally, users can view and export audit logs detailing past key injections and various other individual user actions.
This concludes our series on financial remote key loading. If you're looking for more information on RKL for ATM, Point of Sale, or IoT, please read our whitepaper on financial remote key loading.