Secure management of cryptographic keys has become a requirement for all organizations operating their own data security infrastructure. However, when making a critical decision based around protecting sensitive company data, knowing which key management solution to choose can be a bit confusing. It’s easier to tell the difference between the Futurex Excrypt Touch and our other key management solutions due to its remote configuration and key management capabilities as well as its portability, but Futurex offers a wide variety of other key management servers with different functionalities designed for a range of needs.
In this post, I would like to break down the benefits of each Futurex FIPS 140-2 Level 3-validated key management solution so you can choose the server that would work best for your organizational desires:
Manufacturer-Class Certificate Authority Server (MCCAS)
The Manufacturer-Class Certificate Authority Server is a secure, scalable, and easy-to-use solution for creating and storing high volumes of asymmetric key pairs for the encryption, decryption, signature, and validation of arbitrary data in a public key infrastructure (PKI). Using PKI, the MCCAS combines the strong physical security of FIPS 140-2 Level 3-validated hardware with an efficient system for covering all stages of the certificate lifecycle within large-scale manufacturing environments. The MCCAS also has the ability to securely and directly inject private keys into electronic devices during the assembly process. The MCCAS is ideal for organizations needing to perform bulk signing, validating, and certificate tracking at the manufacturing level.
The RKMS Series Remote Key Management Server provides remote management and distribution of cryptographic keys for ATM and Point of Sale (POS) terminals. The RKMS Series handles a broad range of encryption and key management functions including key generation, distribution, deletion, and tracking. It remotely disperses both symmetric and asymmetric encryption keys over a secured IP network, which allows management of keys from a single location and removes the costly and time-consuming process of having to manually input keys. The RKMS Series also offers Certificate Authority management as well as allows the ability to design templates and print secure key mailers. The RKMS Series is ideal for organizations needing to manage and perform remote key injections for POS terminals or ATMs.
The KMES Series Key Management Enterprise Server is a general purpose solution used to create and store symmetric and asymmetric key pairs for encrypting and decrypting data as well as signing and validating anything that relies on a PKI, including certificates, firmware updates, code, electronic devices and other items requiring a digital signature. Full key and certificate lifecycle management is built directly into the KMES Series, with support for all major key types, algorithms, and protocols. The KMES Series also supports key component printing and enables users to create specific templates for varying needs through a template designer system. The KMES Series is ideal for organizations across a wide range of industries needing custom solutions for general purpose key management requirements.
The SKI9000 Secure Key Injector provides a cost-effective, all-in-one security solution designed for loading, managing, and storing POS encryption keys. The SKI9000 manages symmetric encryption keys and consolidate them into one centralized key injection solution, which helps to eliminate the cumbersome process of performing more key loading ceremonies than are necessary. It is also capable of injecting keys into up to sixteen POS devices at one time.The unique design and graphical user interface of the SKI9000 makes key injection as simple as point-and-click. It also includes the capability of injecting more than one type of key at a time. The SKI9000 is ideal for organizations needing to directly inject encryption keys into POS terminals.
Still unsure which key management server is right for your organization?
Our Xceptional Support team is available to answer any questions you may have about these standards-compliant solutions.