The exchange of public and private keys encrypts and decrypts messages; however, in this simplified environment, there is no authentication process to validate the origin or ownership of these shared keys. A certificate authority (CA) does just this, issuing certificates to create a larger circle of trust between keys. A CA is capable of managing entire trees of keys, along with the certificates which validate those keys. The root of the certificate tree must be highly secure because as the root, all new certificates are created beneath it. It issues signed (encrypted) certificates that are distributed to users, individual devices, or objects. The CA creates and signs the asymmetric keys, which are used for data exchange, and when the same CA is used throughout a network, it further expands the circle of trust for that organization by verifying the authenticity of users, devices, communications, and the organization as a whole.
Certificates add validity to a trove of critical organizational structures, procedures, and information. As such, protecting this infrastructure is essential. The KMES Series 3 is Futurex’s enterprise certificate authority solution, giving organizations a cryptographic solution for managing high volumes of symmetric and asymmetric keys across every step of the key management and certificate management lifecycle. The KMES is compliant with all major security standards for HSMs, including PCI HSM and FIPS 140-2 Level 3. The KMES Series 3 is powered by a high performance cryptographic module and has the capability to rapidly generate tokens through its easy-to-use interface and REST API. The process of creating tokens can be fully automated, so once the functionality is set up within the host system, an organization can be on its way to secure data storage and reduced PCI compliance scope and cost.
