Point-to-Point Encryption

Please Fill Out Form

to Request Document

Required Fields*

Protect your data from the point of capture through the entire lifecycle by integrating Futurex products with Point-to-Point Encryption functionality into your existing environment.  

Secure Every Endpoint

Point-to-Point Encryption is providing organizations with a secure method for transmitting sensitive data. This technology renders information unreadable during transit, with the data only legible once safely decrypted at its destination. This process removes the valuable target of in-the-clear data, giving no incentive for unauthorized individuals to tap into your lines of communication. With applications for all industries that need to securely receive, transmit, and process data, Futurex’s hardware-based solution for P2PE provides the versatility to integrate directly into your existing system with an additional layer of security for your sensitive data.

By implementing P2PE, organizations can enhance their data security infrastructure while simultaneously reducing PCI compliance scope and expense. The added cost and effort that accompany PCI compliance with in-the-clear processing of sensitive data can be significantly lessened or removed altogether when using Futurex’s Point-to-Point Encryption solution.


P2PE Features

From initial deployment to ongoing support, Futurex's Point-to-Point Encryption technology provides a robust system that reduces inconvenience and keeps sensitive data secure.

Futurex adds additional features and benefits with hardware-based solutions:

  • Increases security for sensitive data
  • Reduces the scope and cost of PCI DSS compliance
  • Easily expandable functionality as your needs grow
  • Supplies virtually limitless scalability
  • Integrates easily into existing environments
  • Role-based user permission system with enforced dual control


The Technology of Point-to-Point Encryption

In a compliant Point-to-Point Encryption environment, sensitive data is encrypted from the point of interaction and decrypted only within the secure boundary of a FIPS 140-2 Level 3 or PCI HSM-validated hardware security module. Take a retail environment for example: P2PE begins when cardholder data encryption keys are injected into retail point of sale terminal, either directly with the Futurex SKI9000 Secure Key Injector or remotely with the RKMS Series Remote Key Management Server. Cardholder data will now be automatically encrypted at the point of capture, and can be decrypted once safely held within the compliant Futurex hardware security module.

Futurex’s Solutions

The Point-to-Point Encryption Suite is a part of Futurex’s Hardened Enterprise Security Platform. This platform offers scalability, versatility, and security to users through a range of complementary Futurex solutions. Although they are consistently regarded as best-in-class independently, these devices are even more powerful and efficient when operating in unison. 


Key Injection

  • Direct Key Injection - Futurex Point-to-Point Encryption technology enables secure, standards-compliant transmission and validation of sensitive data. This process begins with injecting data encryption keys into each point of capture device. The Futurex SKI9000 Secure Key Injector allows the process of key injection to take place quickly and easily, enabling sensitive data to be encrypted instantaneously at the point of capture.
  • Remote Key Injection - In a remote key loading environment, devices are injected with a private key during the manufacturing process. Once deployed, the devices’ public keys are loaded on the Futurex RKMS Series remote key management server, establishing a PKI-secured connection between the two devices. Once the keys have been loaded into the devices, as soon as data is received, it is encrypted at that point and can be transmitted securely for processing.


Terminal Deployment and Data Processing

After the initial stage of key injection, each production device will be deployed and brought online for accepting payments or data at the business’ site. When the devices transmit sensitive data to the host application, that data is encrypted using the DUKPT key injected by the SKI9000 or RKMS Series.

When incoming data is encrypted at the point of capture, it can be transmitted securely to the host application for processing and validation. The host application packages that encrypted data in a message and sends it to the Futurex Excrypt SSP9000 HSM, which can decrypt it, send it to the host for validation, and complete the processing. With this method, your sensitive data has been securely captured, transmitted, and processed with encryption from end to end. 


Interested in Learning More?

  Contact us today to see how Futurex can provide your organization with a compliant and secure P2PE solution uniquely fitted to your needs, or click on one of the products below to find out information about its specific features and applications within a P2PE environment.

Devices for Point-to-Point Encryption

Excrypt SSP9000

Excrypt SSP9000

Industry-leading technology for financial and general-purpose transaction processing and data security

  • FIPS 140-2 Level 3 and PCI HSM-validated
  • Standardize HSM infrastructure onto a single platform
  • Scalable up to 2,250 transactions per second
  • Process EMV, RSA, P2PE, tokenization, and mobile transactions
Excrypt SSP9000 Enterprise

Excrypt SSP9000 Enterprise

Protect your sensitive data and transactions with industry-leading security in the fastest payment HSM in the world

  • Up to 8,000 transactions per second (TPS)
  • Meets or exceeds industry compliance standards
  • Allows for up to four separate data processing environments within a single physical platform
  • Increases the overall speed and functionality of your HSM network
ESM1000

ESM1000

Integrate small form-factor encryption devices directly into a variety of environments for on-site data security

  • Supports all common key types and protocols
  • Optional external self-contained enclosure
  • Optimized size, weight, power, and cooling characteristics
  • Supports mutual authentication under a trusted root certificate
Kryptos TLS Server

Kryptos TLS Server

Safeguard your sensitive data with Futurex’s general-purpose data security solution for protecting transmissions between remote locations

  • Seamless integration into any existing infrastructure
  • Encrypts a wide variety of data types 
  • Protects transmissions over TCP/IP (Ethernet)
  • Hardened steel interlocking rack mounted case
REM1000

REM1000

Secure retail data at the source with embeddable, small form-factor encryption devices

  • Supports mutual authentication to establish a trusted public key infrastructure
  • Tamper evident and resistant design
  • Automatic adjustment to power inputs
  • Simple installation and management procedures
RKMS Series

RKMS Series

A complete remote key management solution for your POS or ATM network

  • Eliminates the costly manual process of loading keys by managing them from one central location
  • Automates the manual key replacement process
  • Securely and remotely distributes encryption keys over a secured IP network
  • Integrates hardware-based disaster recovery and redundancy
SKI9000

SKI9000

Manage, inject, and store your Point of Sale encryption keys with Futurex’s all-in-one security solution

  • Supports large key injection batches
  • Provides flexibility in all your key loading operations
  • Integrates with all major POS device makers
  • Easy generation of Key reports
KMES Series

KMES Series

Hardened, enterprise-class key and certificate lifecycle management solutions

  • Full symmetric and asymmetric key and certificate management
  • Robust, versatile API for programmatic automation of repetitive tasks
  • Easy, convenient generation of certificate trees
  • Permission-based user management system with dual control
  • Customized monitoring and alerting