Compliant, flexible, and scalable
Deploy complete infrastructures or spin up individual cryptographic functions as needed–all with the same high performance and security of physical hardware, and at a more efficient cost. VirtuCrypt cloud HSMs are validated under FIPS 140-2 Level 3 and PCI HSM standards.
VirtuCrypt cloud HSM solutions
The power of the cloud is its flexibility. The Futurex cloud services are not a template to which you conform: they are a canvas on which you create and deploy your ideal cryptographic infrastructure. Our HSMs include vendor-neutral APIs to simplify integration and minimize the impact on existing infrastructure while laying the foundation for further cryptographic development.
- VirtuCrypt access point (VAP): Use a single set of cloud HSMs across multiple regions within a single public cloud provider
- Connect applications spanning multiple public cloud platforms to a single VirtuCrypt cloud HSM estate
- CryptoTunnels: Turnkey connection security between on-premises apps, cloud-hosted applications, and cloud HSMs
- Public cloud integration allows account management, invoicing, and billing to be handled from a single interface
- See it on AWS Marketplace!
- PIN translation and verification
- EMV validation
- Message Authentication Code (MAC) generation and verification
- Financial key management and derivation
- CVV generation and validation
- Mobile payment acceptance
- PIN and offset generation
- Mobile and web PIN management
- EMV key generation and derivation
- Mobile payment token issuance
Point-to-Point Encryption (P2PE)
- Cardholder data decryption (FPE & DUKPT)
- Cardholder data translation
- P2PE key management
Secure encryption key loading is crucial to building a secure environment. Administrators can securely load major keys into cloud payment HSMs by using several methods, including Bring Your Own Key (BYOK), key agent services, and HSM-generated keys.
Bring Your Own Key (BYOK)
Organizations requiring self-management of encryption keys to protect their most sensitive data can use bring your own key (BYOK) services to manage their keys in VirtuCrypt cloud payment HSMs. The Excrypt Touch is the Futurex FIPS 140-2 Level 3 and PCI HSM-validated tablet that allows organizations to manage their own encryption keys from anywhere in the world. With the Excrypt Touch, administrators can establish a remote TLS connection with mutual authentication and load clear master keys to VirtuCrypt cloud payment HSMs.
Transferring keys to VirtuCrypt cloud payment HSMs with the Excrypt Touch uses double encipherment for key components. Double encipherment adds additional security by requiring the components to be encrypted by two separate keys.
Key agent service
For organizations requiring key management assistance, the Futurex key agent team can load keys into VirtuCrypt cloud payment HSMs. With this service, VirtuCrypt handles the loading and storing of key components. The ownership of the keys remains with the customer throughout this process.
Administrators can randomly generate major keys by using the FIPS 140-2 Level-certified random number generator (RNG) of their cloud HSMs.
VirtuCrypt cloud HSMs come in different models. Organizations can choose a model depending on what level of functionality and power they need.
You can customize a financial HSM to include any hardware encryption function. Use VirtuCrypt’s cloud payment HSM service with your choice of profiles: transaction acquiring or card and mobile issuing.
Organizations can choose from different redundancy options. Having a single HSM at one site offers no redundancy. With site redundancy, two HSMs are active at one site, increasing the dependability of the system. A step up from that is full redundancy: with four HSMs at two different sites, the system is completely protected against hardware failures and data loss due to a lack of backup.
High availability goes beyond redundancy, and you can achieve this only by
eliminating single points of failure, having reliable crossover or failover points, and reacting to failures in real-time. Configure your infrastructure to be highly available by configuring and automating redundant cloud HSMs with SLA-backed uptime.
Direct integration with major public cloud providers
Direct integration with other services and applications housed outside the public cloud itself is an increasingly popular choice for public cloud usage. Cloud Payment HSMs offer direct integration with public clouds, and you can rapidly provision services through the public cloud marketplace.