Point-to-Point Encryption

Please Fill Out Form

to Request Document

Required Fields*

Protect your data from the point of capture through the entire lifecycle by integrating Futurex products with Point-to-Point Encryption functionality into your existing environment.  

Secure Every Endpoint

Point-to-Point Encryption is providing organizations with a secure method for transmitting sensitive data. This technology renders information unreadable during transit, with the data only legible once safely decrypted at its destination. This process removes the valuable target of in-the-clear data, giving no incentive for unauthorized individuals to tap into your lines of communication. With applications for all industries that need to securely receive, transmit, and process data, Futurex’s hardware-based solution for P2PE provides the versatility to integrate directly into your existing system with an additional layer of security for your sensitive data.

By implementing P2PE, organizations can enhance their data security infrastructure while simultaneously reducing PCI compliance scope and expense. The added cost and effort that accompany PCI compliance with in-the-clear processing of sensitive data can be significantly lessened or removed altogether when using Futurex’s Point-to-Point Encryption solution.


P2PE Features

From initial deployment to ongoing support, Futurex's Point-to-Point Encryption technology provides a robust system that reduces inconvenience and keeps sensitive data secure.

Futurex adds additional features and benefits with hardware-based solutions:

  • Increases security for sensitive data
  • Reduces the scope and cost of PCI DSS compliance
  • Easily expandable functionality as your needs grow
  • Supplies virtually limitless scalability
  • Integrates easily into existing environments
  • Role-based user permission system with enforced dual control


The Technology of Point-to-Point Encryption

In a compliant Point-to-Point Encryption environment, sensitive data is encrypted from the point of interaction and decrypted only within the secure boundary of a FIPS 140-2 Level 3 or PCI HSM-validated hardware security module. Take a retail environment for example: P2PE begins when cardholder data encryption keys are injected into retail point of sale terminal, either directly with the Futurex Secure Key Injector (SKI) Series 3 or remotely with the Remote Key Management Server (RKMS) Series 3. Cardholder data will now be automatically encrypted at the point of capture, and can be decrypted once safely held within the compliant Futurex hardware security module.

Futurex’s Solutions

The Point-to-Point Encryption Suite is a part of Futurex’s Hardened Enterprise Security Platform. This platform offers scalability, versatility, and security to users through a range of complementary Futurex solutions. Although they are consistently regarded as best-in-class independently, these devices are even more powerful and efficient when operating in unison. 


Key Injection

  • Direct Key Injection - Futurex Point-to-Point Encryption technology enables secure, standards-compliant transmission and validation of sensitive data. This process begins with injecting data encryption keys into each point of capture device. The Futurex SKI Series 3 Secure Key Injector allows the process of key injection to take place quickly and easily, enabling sensitive data to be encrypted instantaneously at the point of capture.
  • Remote Key Injection - In a remote key loading environment, devices are injected with a private key during the manufacturing process. Once deployed, the devices’ public keys are loaded on the Futurex RKMS Series 3, establishing a PKI-secured connection between the two devices. Once the keys have been loaded into the devices, as soon as data is received, it is encrypted at that point and can be transmitted securely for processing.


Terminal Deployment and Data Processing

After the initial stage of key injection, each production device will be deployed and brought online for accepting payments or data at the business’ site. When the devices transmit sensitive data to the host application, that data is encrypted using the DUKPT key injected by the SKI Series 3 or RKMS Series 3.

When incoming data is encrypted at the point of capture, it can be transmitted securely to the host application for processing and validation. The host application packages that encrypted data in a message and sends it to the Futurex Excrypt HSM, which can decrypt it, send it to the host for validation, and complete the processing. With this method, your sensitive data has been securely captured, transmitted, and processed with encryption from end to end. 


Interested in Learning More?

  Contact us today to see how Futurex can provide your organization with a compliant and secure P2PE solution uniquely fitted to your needs, or click on one of the products below to find out information about its specific features and applications within a P2PE environment.

Devices for Point-to-Point Encryption

Excrypt Series

Excrypt Series

Industry-leading technology for financial and general-purpose transaction processing and data security

  • FIPS 140-2 Level 3 compliant and PCI HSM validated 
  • Standardize HSM infrastructure onto a single platform
  • Scalable up to 20,000 transactions per second
  • Process EMV, RSA, P2PE, tokenization, and mobile transactions
Excrypt SSP Enterprise v.2

Excrypt SSP Enterprise v.2

Protect your sensitive data and transactions with industry-leading security and speed:

  • Meets or exceeds industry compliance standards
  • Virtual HSMs allow for multiple independent data processing environments within a single physical platform
  • Increases the overall speed and functionality of your HSM network
Kryptos TLS Server

Kryptos TLS Server

Safeguard your sensitive data with Futurex’s general-purpose data security solution for protecting transmissions between remote locations

  • Seamless integration into any existing infrastructure
  • Encrypts a wide variety of data types 
  • Protects transmissions over TCP/IP (Ethernet)
  • Hardened steel interlocking rack mounted case
RKMS Series 3

RKMS Series 3

A complete remote key management solution for your POS or ATM network

  • Eliminates the costly manual process of loading keys by managing them from one central location
  • Automates the manual key replacement process
  • Securely and remotely distributes encryption keys over a secured IP network
  • Integrates hardware-based disaster recovery and redundancy
KMES Series 3

KMES Series 3

Hardened, enterprise-class key and certificate lifecycle management solutions

  • Full symmetric and asymmetric key and certificate management
  • Robust, versatile API for programmatic automation of repetitive tasks
  • Easy, convenient generation of certificate trees
  • Permission-based user management system with dual control
  • Customized monitoring and alerting
SKI Series 3

SKI Series 3

Manage, inject, and store your Point of Sale encryption keys with Futurex’s all-in-one security solution

  • Supports large key injection batches
  • Provides flexibility in all your key loading operations
  • Integrates with all major POS device makers
  • Easy generation of Key reports