Blog

Point-to-Point Encryption (P2PE)

Written by David Close, Chief Solutions Architect | Jan 28, 2022 3:46:00 PM

Increase security for your organization’s sensitive data while in transit with P2PE

Secure Every Endpoint

Protect your data from the point of capture through the entire lifecycle by integrating Futurex products with Point-to-Point Encryption functionality into your existing environment.  

Point-to-Point Encryption is providing organizations with a secure method for transmitting sensitive data. This technology renders information unreadable during transit, with the data only legible once safely decrypted at its destination. This process removes the valuable target of in-the-clear data, giving no incentive for unauthorized individuals to tap into your lines of communication. With applications for all industries that need to securely receive, transmit, and process data, Futurex’s hardware-based solution for P2PE provides the versatility to integrate directly into your existing system with an additional layer of security for your sensitive data.

By implementing P2PE, organizations can enhance their data security infrastructure while simultaneously reducing PCI compliance scope and expense. The added cost and effort that accompany PCI compliance with in-the-clear processing of sensitive data can be significantly lessened or removed altogether when using Futurex’s Point-to-Point Encryption solution.

P2PE Features

From initial deployment to ongoing support, Futurex’s Point-to-Point Encryption technology provides a robust system that reduces inconvenience and keeps sensitive data secure.

Futurex adds additional features and benefits with hardware-based solutions:

  • Increases security for sensitive data
  • Reduces the scope and cost of PCI DSS compliance
  • Easily expandable functionality as your needs grow
  • Supplies virtually limitless scalability
  • Integrates easily into existing environments
  • Role-based user permission system with enforced dual control

The Technology of Point-to-Point Encryption

In a compliant Point-to-Point Encryption environment, sensitive data is encrypted from the point of interaction and decrypted only within the secure boundary of a FIPS 140-2 Level 3 or PCI HSM-validated hardware security module. Take a retail environment for example: P2PE begins when cardholder data encryption keys are injected into retail point of sale terminal, either directly with the Futurex Secure Key Injector (SKI) Series 3 or remotely with the Remote Key Management Server (RKMS) Series 3. Cardholder data will now be automatically encrypted at the point of capture, and can be decrypted once safely held within the compliant Futurex hardware security module.

Futurex’s P2PE Solutions

The Point-to-Point Encryption Suite is a part of Futurex’s Hardened Enterprise Security Platform. This platform offers scalability, versatility, and security to users through a range of complementary Futurex solutions. Although they are consistently regarded as best-in-class independently, these devices are even more powerful and efficient when operating in unison.

Key Injection

  • Direct Key Injection – Futurex Point-to-Point Encryption technology enables secure, standards-compliant transmission and validation of sensitive data. This process begins with injecting data encryption keys into each point of capture device. The Futurex SKI Series 3 Secure Key Injector allows the process of key injection to take place quickly and easily, enabling sensitive data to be encrypted instantaneously at the point of capture.
  • Remote Key Injection – In a remote key loading environment, devices are injected with a private key during the manufacturing process. Once deployed, the devices’ public keys are loaded on the Futurex RKMS Series 3, establishing a PKI-secured connection between the two devices. Once the keys have been loaded into the devices, as soon as data is received, it is encrypted at that point and can be transmitted securely for processing.

Terminal Deployment and Data Processing

After the initial stage of key injection, each production device will be deployed and brought online for accepting payments or data at the business’ site. When the devices transmit sensitive data to the host application, that data is encrypted using the DUKPT key injected by the SKI Series 3 or RKMS Series 3.

When incoming data is encrypted at the point of capture, it can be transmitted securely to the host application for processing and validation. The host application packages that encrypted data in a message and sends it to the Futurex Excrypt HSM, which can decrypt it, send it to the host for validation, and complete the processing. With this method, your sensitive data has been securely captured, transmitted, and processed with encryption from end to end.

Interested in Learning More About P2PE?

Contact us today to see how Futurex can provide your organization with a compliant and secure P2PE solution uniquely fitted to your needs, or request a demo to find out information about specific features and applications within a P2PE environment.