Public Key Infrastructure
Communication across public networks is more than a convenience; it’s a necessity. Use Futurex’s strong encryption and authentication to ensure your transmitted data is always secure.
A Framework for Safe Communication
Global communication is increasing at an extraordinary rate, and that communication often involves sensitive data that proves a valuable target for malicious entities. In order to ensure that data is only accessible by authorized individuals, the most secure solution is a public key infrastructure (PKI). PKI is a technology involving asymmetric encryption, in which certificates comprised of public and private keys are used for both the encryption and decryption of information.
The public key cannot decrypt data, only encrypt it, and so it can be widely distributed to anyone without fear of exposing sensitive data. The private key must be kept highly secure as it is used to decrypt the data that was encrypted by the public key. These asymmetric keys are created by a device called a certificate authority, which is capable of managing entire trees of keys and certificates from trusted roots all the way down to individual keys injected into devices.
The first step to creating a PKI is to use the certificate authority to create a certificate tree. Starting with a highly secure root certificate, a hierarchy of new certificates is created beneath it, and these certificates are distributed to individual devices, users, or objects that need to be part of the line of secure communication. By using the same certificate authority to distribute certificates to all devices within a network, that system becomes a circle of trust for mutually authenticated communication.
When parties wish to communicate securely, they begin by exchanging public keys. Each party uses the public key they received from their partner to encrypt the message, then sends that encrypted value to the other person. Once that value is received, it is decrypted with the private key corresponding to the public key that encrypted the message. This process allows for information to be shared easily while maintaining full security, because if the message is intercepted, it will be unreadable due to encryption.
Futurex’s Approach to PKI
Futurex’s certificate authority and key management servers offer powerful and effective PKI technology through a format far more secure than software alone: robust hardware. Futurex’s FIPS 140-2 Level 3-validated devices generate, manage, and track all keys and certificates within physically reinforced hardware in order to maintain total security of your PKI.
The devices within Futurex’s Hardened Enterprise Security Platform are designed to provide organizations with all the functionality they need to establish and maintain a secure public key infrastructure. This encompasses processes such as:
- Generating trusted roots
- Creating expansive certificate trees
- Exporting certificate signing requests
- Exporting and importing mass certificate files
- Assigning certificate expiration periods
- Signing and verifying files
- Validating objects such as devices, users, and documents
- Tracking and revoking certificates through certificate revocation lists
Futurex’s key management servers have support for the entire key and certificate lifecycle, providing protection and functionality from initial generation to end of life decommission, and everything in between. This cradle to grave approach allows organizations to use a single solution for all of their encryption key processes, without having to sacrifice security or flexibility by integrating multiple devices or vendors in order to achieve the same functionality.
Interested in incorporating PKI technology into your organization’s infrastructure? See our hardened solutions below, or contact one of our CTGA-accredited Solutions Architects today!
Devices for Establishing PKI
KMES Series 3
Hardened, enterprise-class key and certificate lifecycle management solutions
- Full symmetric and asymmetric key and certificate management
- Robust, versatile API for programmatic automation of repetitive tasks
- Easy, convenient generation of certificate trees
- Permission-based user management system with dual control
- Customized monitoring and alerting
RKMS Series 3
A complete remote key management solution for your POS or ATM network
- Eliminates the costly manual process of loading keys by managing them from one central location
- Automates the manual key replacement process
- Securely and remotely distributes encryption keys over a secured IP network
- Integrates hardware-based disaster recovery and redundancy
Compliantly and securely load keys and perform device configuration from anywhere in the world
- Easily manage your worldwide data encryption presence from a single location
- Capable of configuring multiple devices
- Eliminates the manual process of transferring key components
- Provides detailed audit records
- FIPS 140-2 Level 3-compliant