Security at Every Endpoint
Core cryptographic infrastructure security isn’t a one-sided approach. It requires securing every endpoint that sends or receives sensitive data. The ESM1000 provides that security with embeddable cryptographic hardware that encrypts data at the source. Using a public key infrastructure to establish a circle of trust between all ESM1000 HSMs throughout your network, the ESM1000 is a reliable and convenient method for securing your entire IT system.
An intuitive and comprehensive GUI enables easy configuration, monitoring, and management of your ESM1000 network along with the ability, using the Guardian9000, to segregate ESM1000 HSM groups and push out updates selectively or to all devices. Within the GUI, logging functionality simplifies the auditing process; all transactions, configuration changes, and user activities tracked in authenticated logs that can be exported for internal and external audits.
The ESM1000 has support for all major key types, protocols, and cryptographic algorithms, including both asymmetric and symmetric key functionality. No matter the industry, the ESM1000’s versatile design allows for easy integration into a variety of environments and device types, including:
- Fuel dispensers
- Bank teller stations
- Smart devices such as cars, electric grid meters, and household appliances
- Unattended payments terminals
- Casino gaming machines
- Government devices such as UAVs and satellites
The ESM1000 is fully developed in-house at Futurex’s main engineering campus. Intended for large-scale implementation across entire networks of devices, Futurex’s legacy of expedited delivery to market ensures you’ll have the data security devices needed right when you need them. Planning for the future is also no concern with the ESM1000, as the device’s built-in forward compatibility stays conducive to future upgrades and emerging technologies.
In order to provide flexibility for a wide variety of environments, the ESM1000 was designed with multiple connectivity and enclosure options. It can be embedded directly into devices or operate externally within a self-contained enclosure. The ESM1000’s cryptographic module features a tamper-evident and responsive design through a hardened epoxy barrier and tamper wires that will instantaneously erase sensitive data in the event of a physical intrusion attempt, keeping your data integrity intact at all times.
Meeting hardware compliance standards such as FIPS 140-2 level 3, RoHS, and FCC Class B - Part 15, the ESM1000 maintains absolute security without compromising on functionality. Optimized SWaP-C (size, weight, power, and cooling) characteristics further ensure on-site integration will not be a burden on your devices, with minimal power consumption and wide temperature ranges for operation and storage.
- Supports all common key types and protocols, including DES, Triple DES, DUKPT, X.509 v3, AES, RSA, EMVCo, and PKCS #11
- AKB and TR-31 (including custom optional fields) key block formats are available for use
- Supports mutual authentication under a trusted root certificate to establish a trusted public key infrastructure (PKI)
- Mass product of devices for total on-site integration
- Simple installation and management procedures, resulting in minimal training for administrative personnel
- Intuitive GUI for simple configuration and device network management
- Centralized management of all ESM1000 devices through the Guardian9000
- Compliant with emerging and current compliance standards such as FIPS 140-2 Level 3, EMVCo, PCI DSS, RoHS, and FCC Class B - Part 15
- Automatically transmit data logs to a remote syslog server for internal and external audits
- Small form-factor device
- Tamper evident and responsive design
- Optimized size, weight, power, and cooling characteristics
- Automatic adjustment to power inputs
- Embeddable into existing devices
- External self-contained enclosure
Industry Compliance Standards Met
- FIPS 140-2 Level 3
- PCI DSS
- FCC Class B - Part 15
- Applicable future compliance mandates
Supported Key Types and Protocols
- Triple DES
- X.509 v3
- PKCS #11
- Tamper-responsive and evident design
- Integrated Ethernet and USB ports
- Optional self-contained enclosure
- External DC power supply