Please Fill Out Form

to Request Document

Required Fields*

An Easier Way to Manage Keys

Organizations who are responsible for managing a large number of encryption keys are well aware of the difficulties and inconveniences associated with the process, especially if the key management system relies on multi-vendor solutions. The KMES Series simplifies the key management process while increasing security, providing a single-source solution for all of your encryption key and certificate tasks.

Encryption keys and certificates need constant security, both in storage and in production environments. That’s why the KMES Series is built around a lifecycle approach; from initial generation to distribution to eventual deletion or revocation, the KMES Series ensures your keys and certificates are kept safe while promoting ease of use through an extensive set of organizational features, such as object grouping and custom attributes.

The Security Your System Needs

The KMES Series is a Secure Cryptographic Device (SCD) that utilizes robust, hardened security to protect key and certificates at the source as well as extensive logical measures, such as dual control and a role-based permission system, that secure sensitive data from both external and internal threats. FIPS 140-2 Level 3-validated, the KMES Series’ hardware utilizes a reinforced steel chassis, unique bezel locks, and a hardened epoxy barrier containing tamper-responsive sensor wires that instantly zeroize sensitive data during any physical intrusion attempt.

Diverse Functionality

From device authentication to the generation of keys for POS environments, the KMES Series is able to handle the symmetric and asymmetric key processes for your industry. The KMES Series supports all major key types, algorithms, and protocols, with more being continually added as new technologies emerge. Futurex can also develop solutions that are fully customized for your organization’s key and certificate needs, relying on years of successful experiences with previous custom initiatives.

Establish a public key infrastructure (PKI) by using the KMES to manage certificate trees, individual certificates, private keys, signing requests, and more through import, export, generation, tracking, storage, and revocation. Symmetric key processes are made simple through the KMES’ functionality for batch generation, import, and export; automatic expiration; key templates; key group format cloning; and key component printing.

Versatile Functionality

  • Supports all common key types and protocols, including DES, Triple DES, DUKPT, X.509 v3, AES, RSA, and EMVCo
  • X9.17, AKB, and TR-31 (including custom optional fields) key block formats are available for use
  • Encryption keys, including major keys, can be imported, exported, and backed up onto smart cards using M of N fragmentation
  • Custom, user-defined attributes and object grouping simplifying the management and organization process
  • Supports mutual authentication under a trusted root certificate to establish a trusted public key infrastructure (PKI)
  • Capable of generating and managing self-signed root certificates

Scalable Integration

  • Capable of storing millions of keys and certificates
  • Scalable to the Nth degree with multiple KMES Series devices centrally managed by the Guardian9000
  • Customized, real-time monitoring and alerting via SMS, SMTP, and SNMP
  • Automatic synchronization of objects with other KMES Series devices
  • Object sharing with other Hardened Enterprise Security Platform devices and optional object segregation between remote applications


  • Compliant with emerging and current compliance standards such as FIPS 140-2 Level 3, EMVCo, PCI DSS, ANSI X9.24 - Part 1 and Part 2, RoHS, and FCC Class B - Part 15
  • Automatically transmit data logs to a remote syslog server for internal and external audits
  • Digitally signed log files, which ensure that data integrity is maintained and that logs cannot be altered

Ease of Use

  • Fully functional graphical user interface (GUI) with no command line tasks required for initial setup, regular auditing, firmware upgrades, or maintenance
  • Simple installation and management procedures, resulting in minimal training for administrative personnel
  • Automated, network-based backups, providing peace of mind and fulfillment of best practices


  • 2U hardened steel chassis with “Puzzle Box” tamper-resistant design
  • Detachable front panel with two unique locks, enabling dual control over front panel controls
  • Versatile, permission-based user system for enforcement of dual control and segregation of duties
  • Software enforcement of split knowledge principles
  • Battery-backed Secure Cryptographic Device (SCD) with epoxy barrier and tamper-responsive sensor wires

Dimensions and Weight

  • Weight: 40.5 lbs (18.4 kg)
  • Width: 19 inches (48.3 cm)
  • Height: 2U - 3.47 inches (8.81 cm)
  • Depth: 22.3 inches (56.7 cm)

Industry Compliance Standards Met

  • FIPS 140-2 Level 3
  • EMVCo
  • ANS X9.24 - Part 1 and Part 2
  • RoHS
  • FCC Class B - Part 15
  • Applicable future compliance mandates

EMV Certificate Management

  • All major card brands supported
  • Supports issuer self-signed certificate creation and export
  • Creates ICC certificates according to EMVCo specifications

KMES Series Unit Includes

  • KMES Series application CD
  • KMES Series documentation CD
  • User guide
  • Mounting brackets
  • Two sets of two SCD barrel keys
  • Cables

Operating Conditions

  • Power requirements: 100 - 240 VAC 50/60 Hz. 225 Watts
  • Operating temperature: 50° to 95°F (10° to 35°C)
  • Storage temperature: 41° to 149°F (5° to 65°C)
  • Operating relative humidity: 20% to 80% non-condensing
  • Storage relative humidity: 5% to 95% non-condensing


  • Dual control-enabled, tamper-responsive and evident design
  • Smart card reader for M-of-N key fragmentation and dual-factor authentication
  • Dual, redundant gigabit Ethernet ports
  • Dual, redundant, hot-swappable power supplies
  • Automated, internal RAID-based backup of object management application and databases

Supported Key Types and Protocols

  • DES
  • Triple DES
  • X.509 v3
  • AES
  • RSA
  • EMVCo
  • KMIP