Excrypt Plus Payment HSM
Versatile HSM for payments and general-purpose
From SMBs to Tier 1 enterprises
A powerful payment HSM for any industry
The Excrypt Plus is a hardware security module (HSM) for both payment and general-purpose use. It supports every major encryption algorithm and API to deliver excellent security and smooth integration with host applications, and complies with strict standards such as FIPS 140-2 Level 3 and PCI PTS HSM v3. The Excrypt Plus leads the industry in scalable functionality and endless utility.
Transaction acquiring
- CVV generation and validation
- EMV validation
- Mobile payment acceptance
- PIN translation and verification
- Payment key management
- MAC generation and verification
Card and mobile issuing
- EMV key generation and derivation
- Online and mobile PIN management
- Mobile token issuance (Apple Pay, Google Pay, Samsung Pay, and host card emulation tokens)
- PIN and offset generation
Point-to-point encryption
- Cardholder data decryption
- Cardholder data translation
- Symmetric encryption algorithms
- Point-to-point encryption key management
Testing and development
Perform testing, development, and rapid prototyping within a secure code environment (SCE).
Scale Excrypt Plus deployment according to transaction processing speed, redundancy, and remote access
Support cryptographic processing for multiple applications at once with hundreds of application partitions
Integrate the Excrypt Plus with host payment applications with extensive support for all common APIs
Why choose the Excrypt Plus Payment HSM?
Like every Futurex solution, the Excrypt Plus is the first payment HSM designed with the user in mind. To that end, it supports all major APIs, payment types, and algorithms, as well as near-universal compliance with international standards. With highly scalable processing power and cryptographic functionality, as well as powerful virtualization capabilities, the Excrypt Plus is a transaction processing powerhouse for organizations of any size, in any industry.
Universal compatibility
The Excrypt Universal Interface is an API that communicates with host transaction processing applications for easy integration
Versatile cryptographic functionality
The Excrypt Plus performs cryptographic processing and key management for payment and general-purpose use cases
Easy scripting and automation
The Futurex Client Library (FXCL) and interface-based wrapper (FXCLI) enable easy scripting and automation of management and operational tasks
Disaster recovery and high availability
The Excrypt Plus integrates with the Futurex Guardian Series 3 to achieve automatic synchronization and data backup functionality
Strategic integration
Integrating the Excrypt Plus with other Futurex products amplifies speed, availability, and range of functionality to meet any cryptographic requirement
Compliance
Futurex solutions comply with current and emerging regulatory requirements including PCI DSS, FIPS 140-2 Level 3, ANSI X9.24 part 1 and 2 – TR-39, and FCC part 15 – class B
Comprehensive cryptographic functionality
Data security solutions for payments and general purposes
Excrypt Plus Payment HSM specifications
Hardware features
- Dual control-enabled, tamper-responsive
- Smart card reader for M-of-N key fragmentation and dual-factor authentication
- Dual, redundant gigabit Ethernet ports
- Dual, redundant, hot-swappable power supplies
- Secure Cryptographic Device (SCD) with tamper responsive barrier to protect sensitive data
Operating conditions
- Power: 100 – 240 VAC 50/60 Hz. 225 Watts
- Operating temp: -40° to 140°F (-40° to 60°C)
- Storage temp: -40° to 140°F (-40° to 60°C)
- Operating humidity: 20% to 80% non-condensing
- Storage humidity: 5% to 95% non-condensing
Dimensions and weight
- Weight: 36 lbs (16.33 kg)
- Width: 19 inches (48.26 cm)
- Height: 1U – 1.72 inches (4.37 cm)
- Depth: 19.4 inches (49.38 cm)
Powering the VirtuCrypt cloud
VirtuCrypt cloud HSM services are backed by the Excrypt Plus with hardened, FIPS 140-2 Level 3 validated technology. Whether an organization requires complete infrastructure management or more functionality for current infrastructure, VirtuCrypt can meet any security requirement.
Industry compliance standards
- FIPS 140-2 Level 3
- PCI HSM
- ASC X9.24 Part 1 and Part 2 – TR-39
- RoHS
- FCC Part 15 – Class B
Supported cryptographic functionality
- EMV
- DES
- Triple-DES
- Master/Session
- AES
- RSA
- Tokenization
- Point-to-Point Encryption (P2PE)
- PKCS #11
Frequently asked questions
Payment and general-purpose HSMs are optimized for different IT environments. A payment HSM might be designed to handle hundreds or even thousands of payment transactions per second. On the other hand, a general-purpose HSM might specialize in use cases outside of payments. This could be encrypting files and applications, creating and signing encryption keys, acting as a certificate authority (CA), and authenticating client devices across a network. In summary, the use cases an HSM must fulfill are determined by the environment in which it will be deployed.
Your processing throughput (in transactions per second, or TPS) will depend on several factors, such as the scale of your operation, number of customers and partners, and how your infrastructure is setup. Small and mid-range organizations typically start with between 250-500 TPS and scale upward. Larger organizations tend to base their estimated processing needs on their previous needs as well as any planned expansions. The Excrypt Plus offers highly scalable transaction processing speeds, from a few hundred TPS up to several thousand.
A payment HSM is a physically and logically secure device that performs cryptographic operations. Payment HSMs are often used to encrypt payment transactions and manage payment keys. The descriptor “payment” refers to the payment processing environments in which they are commonly deployed. They can be integrated into a wide variety of different environments and customized for diverse use cases.
Payment and general-purpose HSMs have several things in common. They both protect sensitive data by carrying out cryptographic functions. For example, payment and general-purpose HSMs might run encryption algorithms, create keys, or manage sensitive data. The key difference is what kind of IT environment they’ll be deployed in, and which use cases that will entail.
