KMES Series 3
Enterprise-class key and certificate management
Complete lifecycle management with full automation
Key management system
The Key Management Enterprise Server (KMES) Series 3 is a powerful and scalable key management system. It enables organizations to manage cryptographic keys, digital certificates, and other encrypted data. Its key management processes can establish an offline root CA to form a public key infrastructure (PKI) for mutual authentication and digital signing operations.
The KMES Series 3 contains a built-in FIPS 140-2 Level 3-certified hardware security module (HSM) to handle cryptographic operations. Available on-premises and in the cloud, the KMES Series 3 is an all-in-one-box solution with endless key management use cases.
Data protection
- Application encryption
- File encryption
- Database encryption
- 3rd party application integration
Vaultless tokenization
- Prevent data theft through tokenization
- Format-preserving encryption (FPE)
- Reduce PCI DSS scope and cost
Enterprise PKI
- Certificate hierarchy and revocation (CRL and OCSP)
- Enterprise and IoT certificate issuing
- Define X.509 v3 certificate extensions
- Hybrid quantum-safe certificate authority
Cloud key management
- Encryption key lifecycle management
- Bring Your Own Key (BYOK)
- Encrypted key transfer
Financial key management
- Remote key loading and rotation
- Point-to-point encryption (P2PE)
- Create, store, encrypt, and sign keys
Digital signing
- E-Invoice, device, and code signing
- Offline CA and registration authority
- EMV certificate authority (CA)
Automation
Automate repetitive key management tasks and set automatic backups for encryption keys, databases, and logs by using the GUI or an API
Multi-application support
Segregated encryption key containers enable a single, logically-isolated cryptographic resource pool for multiple applications
Interoperability
Construct a highly available network of encryption key management devices with automatic key and certificate synchronization
Why choose the KMES Series 3?
The KMES Series 3 can replace any obsolete encryption algorithm in real-time, with ongoing support for emerging algorithms. From securing private keys to authenticating entire networks of devices, the KMES Series 3 can generate symmetric and asymmetric key pairs. Its key and certificate lifecycle management capabilities make it easy to strengthen data security, digitally sign objects and code, and establish a secure PKI.
Click diagram to enlarge
Simple, secure key management
Symmetric and asymmetric key management for 3DES DUKPT, X.509 v3, EMV and support for X9.17, AKB, and TR-31 (including custom optional fields) key block formats.
Customizable, role-based access management
Versatile, permission-based user access control system to enforce dual control and segregation of duties with exportable user activity logs.
Ease of use
Fully-functional graphical user interface (GUI), with no command-line tasks required for initial setup, regular auditing, firmware upgrades, or maintenance.
Versatile PKI functionality
Supports mutual authentication under a trusted offline root CA and generates and manages self-signed certificates to establish a trusted public key infrastructure (PKI).
Nth degree scalability
Highly scalable key management platform with automatic synchronization of objects with other Futurex devices centrally managed by the Guardian Series 3.
Automate auditing and reporting
Customizable reporting with automatic signing and transmission of activity logs to a remote syslog server for internal and external audits.
Multi-purpose and standards-compliant
Versatile key management solutions for enterprise and financial uses.
KMES Series 3 specifications
Hardware features
- Dual control-enabled, tamper-responsive
- Smart card reader for M-of-N key fragmentation and dual-factor authentication
- Dual, redundant gigabit Ethernet ports
- Dual, redundant, hot-swappable power supplies
- Automated, internal RAID-based backup of object management applications and databases
Operating conditions
- Power: 100 – 240 VAC 50/60 Hz. 225 Watts
- Operating temp: -40° to 140°F (-40° to 60°C)
- Storage temp: -40° to 140°F (-40° to 60°C)
- Operating humidity: 20% to 80% non-condensing
- Storage humidity: 5% to 95% non-condensing
Dimensions and weight
- Weight: 40.5 lbs (18.4 kg)
- Width: 19 inches (48.3 cm)
- Height: 2U – 3.47 inches (8.81 cm)
- Depth: 22.3 inches (56.7 cm)
Powering the VirtuCrypt cloud
VirtuCrypt key management services are backed by the KMES Series 3 with hardened, FIPS 140-2 Level 3 validated technology. Whether an organization requires complete infrastructure management or simply more functionality for existing Futurex infrastructure, VirtuCrypt offers a variety of service structures designed to meet security requirements.
Industry compliance standards
- FIPS 140-2 Level 3
- EMVCo
- PCI DSS
- ANS X9.24 – Part 1 and Part 2
- RoHS
- FCC Class B – Part 15
- Applicable future compliance mandates
Key types and protocols
- DES
- Triple DES
- DUKPT
- X.509 v3
- AES
- RSA
- EMVCo
- KMIP
EMV certificate management
- All major card brands supported
- Issuer self-signed certificate creation and export
- Creates ICC certificates to EMVCo specifications
