The world’s most advanced payment HSM

An enterprise payment HSM is a cryptographic device that performs cryptographic operations within a physically secure environment. Enterprise payment HSMs are used to encrypt payment transactions and manage payment keys in high-throughput environments. The descriptor “enterprise” refers to the demanding environments where they are deployed. The fast and powerful Excrypt SSP Enterprise v.2 HSMs work in any enterprise IT infrastructure and are highly customizable for different use cases.

Transaction processing throughput is measured in transactions per second (TPS). Your organization’s TPS depends on  your operation’s scale, how many customers and partners you’re serving, and existing infrastructure. Enterprise organizations tend to need faster processing speeds that balance immanent needs with anticipated future demands. The Excrypt SSP Enterprise v.2 offers ultimate scalability when it comes to cryptographic functionality and processing speed, able to go from a few hundred TPS up to tens of thousands with a simple request..

Futurex hardware is designed and manufactured completely in-house. To both help our customers and partners meet compliance requirements, as well as to give them the best user experience, solutions like the Excrypt SSP Enterprise v.2 are made to withstand demanding IT environments. On the software level, Futurex HSMs operate with a sophisticated code base that allows them to support new and emerging algorithms, compliance standards, and cryptographic functions.

Scalability and customization are what defines an enterprise-class HSM. Aside from sheer processing power, which reaches upwards of 50,000 TPS, Futurex’s enterprise-grade HSMs can serve multiple applications at the same time with application partitioning. The number of application partitions extends into the hundreds, for unsurpassed scalability. As far as customization goes, the Excrypt SSP Enterprise v.2 includes custom command line interfaces (CLIs) and client libraries. These tools open up scripting and automation capabilities, organizing complicated operations into a single command.

HSM virtualization refers to an HSM’s ability to create and run virtual instances of itself. This effectively multiplies the number of HSMs a user has access to, allowing them to dedicate virtual HSMs to different  transaction processing environments, use cases, or business units. Each virtual HSM is truly independent, with unique firmware versions, users, security policies, and storage space. In short, HSM virtualization allows users to deploy multiple HSMs within a single device.

Protect Sensitive Payment Data at Rest, in Use, and in Motion

Electronic payment networks need data security solutions that scale in speed and expand over time to support emerging payment types and algorithms. The Excrypt SSP Enterprise v.2 is the world’s fastest hardware security module (HSM) for financial transaction processing. It offers robust functionality and full backward compatibility with the Excrypt SSP Series of HSMs. It has a high degree of scalability, offering speeds in excess of 50,000 transactions per second. All in a tamper-resistant, 1U rackmount chassis.

Integrated disaster recovery and redundancy features ensure rock-solid reliability. The device complies with key management best practices and contains some of the industry’s most advanced security features.

Payment Security Functionality

• Card/PIN Issuance
• Mobile Payments
• P2PE and Tokenization
• ATM Remote Key Loading
• Card/PIN Validation
• EMV Issuance/Validation
• MAC and Hashing
• General Purpose Functionality

HSM Virtualization

The Excrypt SSP Enterprise v.2 can create multiple logically independent HSMs inside a single host device for separate transaction processing environments.

• Increase the ROI of your HSM infrastructure
• Multiple methods of access including a web portal, API, the Guardian Series 3, and VirtuCrypt
• Test new firmware on an independent virtual instance
• Unique firmware versions, users, key storage space, and security policies on each virtual HSM

HSM Virtualization and Application Partitioning

• The Excrypt SSP Enterprise v.2 offers HSM virtualization and application partitioning. This allows multiple logically separated environments to be created within a single FIPS 140-2 Level 3 validated HSM boundary.

Universal Compatibility

• Turnkey compatibility with all major financial host application software, as well as support for standardsbased interfaces like PKCS #11 and Java for general purpose cryptographic processing.

The Excrypt SSP Enterprise v.2 provides virtualization capabilities that allow users to host logically separated virtual HSMs from within a single physical device.

Wide-Ranging Cryptograhic Functionality

• Magnetic Stripe and EMV Card Issuance and Verification
• MAC and Hashing
• Point-to-Point Encryption (P2PE)
• Format-Preserving Encryption
• ATM Remote Key Loading
• HCE and Cloud Payments
• Digital Signing
• General-Purpose Cryptography
• Mobile Payments
• PIN Management and Printing
• Tokenization
• Contactless/NFC
• 3-D Secure
• PCI Data Protection
• On Behalf Key Management (OBKM)
• Custom Functionality

HSM Virtualization, Application Partitioning, and Custom Command Extensions

• A single Excrypt SSP Enterprise v.2 HSM can be divided into multiple logically separated, completely independent virtual HSMs
• Design and deploy custom extensions within the HSM’s cryptographic boundary to add functionality to existing API commands
• Use application partitioning to segregate key storage locations, giving individual applications control over their own keys and security policies through API function blocking

Native Integration with Futurex Solutions

• The Excrypt SSP Enterprise v.2 integrates directly with other Futurex solutions for centralized configuration, management, monitoring, alerting, load balancing, cloud services, and more.

Disaster Recovery and High Availability

• Contains hot-swappable power supplies and dual Ethernet ports
• Integrates with VirtuCrypt for increased infrastructure visibility and uptime

Dimension and Weight

• Weight: 36 pounds (16.33 kg)
• Width: 19 inches (48.3 cm)
• Height: 1U – 1.7 inches (4.37 cm)
• Depth: 19.44 inches (49.38 cm)

Industry Compliance Standards

• FIPS 140-2 Level 3 validated
• PCI HSM
• RoHS
• FCC Part 15 – Class B
• ANSI X9.24 Part 1 and Part 2—TR-39

Guardian Series 3

Create a centrally managed network of devices communicating over encrypted TLS. The Guardian can manage groups of client Futurex devices from any location.

Functionality and Interfaces

Algorithms

• 3DES DUKPT
• RSA
• AES
• ECC

Interfaces

• RESTful API
• Java JCA/JCE
• PKCS #11
• And more

Key Block Formats

• TR-31
• Cryptograms
• AKB

Remote Management

Combine the Excrypt SSP Enterprise v.2 & the Excrypt Touch for remote access and management.

Available Configurations

Scalable as processing needs grow:

• 5,000 TPS
• 10,000 TPS
• 20,000+ TPS

Yes, the general payment HSM integration guide for the Excrypt SSP Enterprise v.2 may be viewed here. A PDF version of the integration guide may be downloaded from here.