Compliant, flexible, and scalable
Deploy complete infrastructures or spin up individual cryptographic functions as needed–all with the same high performance and security of physical hardware, and at a more efficient cost. VirtuCrypt cloud HSMs are validated under FIPS 140-2 Level 3 and PCI HSM standards.
VirtuCrypt cloud HSM solutions
The power of the cloud is its flexibility. The Futurex cloud services are not a template to which you conform: they are a canvas on which you create and deploy your ideal cryptographic infrastructure. Our HSMs include vendor-neutral APIs to simplify integration and minimize the impact on existing infrastructure while laying the foundation for further cryptographic development.
- VirtuCrypt access point (VAP): Use a single set of cloud HSMs across multiple regions within a single public cloud provider
- Connect applications spanning multiple public cloud platforms to a single VirtuCrypt cloud HSM estate
- CryptoTunnels: Turnkey connection security between on-premises apps, cloud-hosted applications, and cloud HSMs
- Public cloud integration allows account management, invoicing, and billing to be handled from a single interface
- See it on AWS Marketplace!
- PIN translation and verification
- EMV validation
- Message Authentication Code (MAC) generation and verification
- Financial key management and derivation
- CVV generation and validation
- Mobile payment acceptance
- PIN and offset generation
- Mobile and web PIN management
- EMV key generation and derivation
- Mobile payment token issuance
Point-to-Point Encryption (P2PE)
- Cardholder data decryption (FPE & DUKPT)
- Cardholder data translation
- P2PE key management
Secure encryption key loading is crucial to building a secure environment. Administrators can securely load major keys into cloud payment HSMs by using several methods, including Bring Your Own Key (BYOK), key agent services, and HSM-generated keys.
Bring Your Own Key (BYOK)
Organizations requiring self-management of encryption keys to protect their most sensitive data can use bring your own key (BYOK) services to manage their keys in VirtuCrypt cloud payment HSMs. The Excrypt Touch is the Futurex FIPS 140-2 Level 3 and PCI HSM-validated tablet that allows organizations to manage their own encryption keys from anywhere in the world. With the Excrypt Touch, administrators can establish a remote TLS connection with mutual authentication and load clear master keys to VirtuCrypt cloud payment HSMs.
Transferring keys to VirtuCrypt cloud payment HSMs with the Excrypt Touch uses double encipherment for key components. Double encipherment adds additional security by requiring the components to be encrypted by two separate keys.
Key agent service
For organizations requiring key management assistance, the Futurex key agent team can load keys into VirtuCrypt cloud payment HSMs. With this service, VirtuCrypt handles the loading and storing of key components. The ownership of the keys remains with the customer throughout this process.
Administrators can randomly generate major keys by using the FIPS 140-2 Level-certified random number generator (RNG) of their cloud HSMs.
VirtuCrypt cloud HSMs come in different models. Organizations can choose a model depending on what level of functionality and power they need.
You can customize a financial HSM to include any hardware encryption function. Use VirtuCrypt’s cloud payment HSM service with your choice of profiles: transaction acquiring or card and mobile issuing.
Organizations can choose from different redundancy options. Having a single HSM at one site offers no redundancy. With site redundancy, two HSMs are active at one site, increasing the dependability of the system. A step up from that is full redundancy: with four HSMs at two different sites, the system is completely protected against hardware failures and data loss due to a lack of backup.
High availability goes beyond redundancy, and you can achieve this only by
eliminating single points of failure, having reliable crossover or failover points, and reacting to failures in real-time. Configure your infrastructure to be highly available by configuring and automating redundant cloud HSMs with SLA-backed uptime.
Direct integration with major public cloud providers
Direct integration with other services and applications housed outside the public cloud itself is an increasingly popular choice for public cloud usage. Cloud Payment HSMs offer direct integration with public clouds, and you can rapidly provision services through the public cloud marketplace.
Frequently Asked Questions
VirtuCrypt is a cloud-based cryptographic platform that enables you to deploy HSM encryption, key management, PKI and CA, and more, all from a central location. VirtuCrypt operates data centers in every geographic region for lower latency and higher compliance.
The VirtuCrypt Enterprise service offers a complete, comprehensive platform for secure key management, data processing, storage, infrastructure backup and disaster recovery, and more. With white labeling services available, VirtuCrypt is your single source cloud provider for your entire core cryptographic infrastructure.
VirtuCrypt Elements provides specific functionality on a per-transaction basis, with virtually limitless scalability.
Complementing the Futurex solution suite, VirtuCrypt Plus services use the cloud to enhance visibility, ease compliance burdens, and increase redundancy.
Imagine a hardened cloud service that combines scalable, fully redundant data processing capabilities along with the convenience of remote access and the robust physical and logical security of FIPS 140-2 Level 3-validated hardware security modules, key and certificate management servers, and more. That concept is now a reality, with organizations of all sizes able to benefit from the VirtuCrypt cloud service based on Futurex’s globally trusted Hardened Enterprise Security Platform.
VirtuCrypt’s far-reaching functionality is separated into multiple levels of service, differing based on the environments into which it will be implemented. It provides organizations exactly the technology they need, in a format most conducive to the total system.
The wide range of applications for existing and new IT infrastructures include but are not limited to:
- HSM-based data processing
- Key and certificate management
- Registration authority
- Object signing
- P2PE and tokenization
- Secure key, certificate, and data storage
- Public key infrastructure generation and injection
- Cyber security
- SSL/TLS link encryption
The VIP Dashboard provides an intuitive way to securely control and monitor your entire cryptographic environment from one location. Users can configure their VIP Dashboard to include only the information that is most useful to them and define custom alerts through VirtuCrypt’s active environment monitoring utility.
Organizations also have the opportunity to rebrand the VirtuCrypt Dashboard so that it can be offered to customers with the cohesive look and feel they’ve worked hard to build. This includes adjusting color schemes, logos, and imagery to match the company’s brand and create instant product recognition for customer base.
The multiple geographically separate data centers selected by VirtuCrypt showcase its high regard for uncompromising security. Not only are these data centers outfitted with state-of-the art technology, but they enforce physical and logical security measures, such as biometric access controls and dual authentication, that ensure the integrity of your most sensitive data.