Skip to content
CryptoHub is 2024 Data Protection Solution of the Year!
  • There are no suggestions because the search field is empty.
Check out the CryptoHub press release.

Excrypt Plus Payment HSM for Robust Protection

Versatile HSM for payments and general-purpose

excrypt plus payment hsm

Excrypt Plus: Versatile HSM for Payment and General Use

The Excrypt Plus is a hardware security module (HSM) for both payment and general-purpose use. It supports every major encryption algorithm and API to deliver excellent security and smooth integration with host applications, and complies with strict standards such as FIPS 140-2 Level 3 and PCI PTS HSM v3. The Excrypt Plus leads the industry in scalable functionality and endless utility.

Transaction Acquiring

  • EMV key generation and derivation
  • Online and mobile PIN management
  • Mobile token issuance (Apple Pay, Google Pay, Samsung Pay, and host card emulation tokens)
  • PIN and offset generation

Card and Mobile Issuing

  • EMV key generation and derivation
  • Online and mobile PIN management
  • Mobile token issuance (Apple Pay, Google Pay, Samsung Pay, and host card emulation tokens)
  • PIN and offset generation

Point-to-Point Encryption

  • Cardholder data decryption
  • Cardholder data translation
  • Symmetric encryption algorithms
  • Point-to-point encryption key management

Testing and Development

Perform testing, development, and rapid prototyping leveraging from multi-API support

Key Benefits of Excrypt Plus

icon_safety

Scalability

Scale Excrypt Plus deployment according to transaction processing speed, redundancy, and remote access

icon_code signing

Flexibility

Support cryptographic processing for financial key management, P2PE (Point-to-Point Encryption), and online and mobile PIN management

icon_encryption

Multi-API support

Integrate the Excrypt Plus with host payment applications with extensive support for all common APIs

Excrypt Plus: User-Centric HSM for Scalable Payment Solutions

Like every Futurex solution, the Excrypt Plus is the first payment HSM designed with the user in mind. To that end, it supports all major APIs, payment types, and algorithms, as well as near-universal compliance with international standards. With highly scalable processing power and cryptographic functionality, as well as powerful virtualization capabilities, the Excrypt Plus is a transaction processing powerhouse for organizations of any size, in any industry.

icon_web safety
Integration

Support for all common interfaces enables fast integration with payment applications.

icon_code signing
Application partitioning

Multiple applications can simultaneously connect to and use Excrypt resources through key storage table segmentation.

icon_safety
High availability and disaster recovery

Combine the Excrypt Plus with Futurex's Guardian Series 3 to manage device clusters for HA and DR architecture with synchronous peering.

Features of Excrypt Plus

icon_data security

Universal compatibility

The Excrypt Universal Interface is an API that communicates with host transaction processing applications for easy integration.

icon_application

Versatile cryptographic functionality

The Excrypt Plus performs cryptographic processing and key management for payment and general-purpose use cases.

icon_safety

Easy scripting and automation

The Futurex Client Library (FXCL) and interface-based wrapper (FXCLI) enable easy scripting and automation of management and operational tasks.

icon_web safety

Disaster recovery and high availability

The Excrypt Plus integrates with the Futurex Guardian Series 3 to achieve automatic synchronization and data backup functionality.

icon_certificate folder

Strategic integration

Integrating the Excrypt Plus with other Futurex products amplifies speed, availability, and range of functionality to meet any cryptographic requirement.

icon_saas

Compliance

Futurex solutions comply with current and emerging regulatory requirements, including PCI DSS, PCI PTS HSM, PCI PIN, PCI P2PE, FIPS 140-2 Level 3, ANSI X9.24 part 1 and 2 – TR-39, and FCC part 15 – class B.

Frequently Asked Questions

How are payment HSMs different from general-purpose HSM?

Payment and general-purpose HSMs are optimized for different IT environments. A payment HSM might be designed to handle hundreds or even thousands of payment transactions per second. On the other hand, a general-purpose HSM might specialize in use cases outside of payments. This could be encrypting files and applications, creating and signing encryption keys, acting as a certificate authority (CA), and authenticating client devices across a network. In summary, the use cases an HSM must fulfill are determined by the environment in which it will be deployed.

How many transactions-per-second (TPS) should we plan for?

Your processing throughput (in transactions per second, or TPS) will depend on several factors, such as the scale of your operation, number of customers and partners, and how your infrastructure is setup. Small and mid-range organizations typically start with between 250-500 TPS and scale upward. Larger organizations tend to base their estimated processing needs on their previous needs as well as any planned expansions. The Excrypt Plus offers highly scalable transaction processing speeds, from a few hundred TPS up to several thousand.

What is a payment HSM?

A payment HSM is a physically and logically secure device that performs cryptographic operations. Payment HSMs are often used to encrypt payment transactions and manage payment keys. The descriptor “payment” refers to the payment processing environments in which they are commonly deployed. They can be integrated into a wide variety of different environments and customized for diverse use cases.

What do payment and general-purpose HSMs have in common?

Payment and general-purpose HSMs have several things in common. They both protect sensitive data by carrying out cryptographic functions. For example, payment and general-purpose HSMs might run encryption algorithms, create keys, or manage sensitive data. The key difference is what kind of IT environment they’ll be deployed in, and which use cases that will entail.

What makes the Excrypt Plus the world’s most advanced payment HSM?

Rapidly encrypt & decrypt sensitive payment data in a PCI-DSS compliant HSM
Electronic payment networks need data security solutions that scale in speed and can expand over time to support emerging payment types and algorithms. The Excrypt Plus meets and exceed those needs, offering complete and robust transaction security at speeds of up to 5,000 transactions per second (TPS). With integrated disaster recover and redundancy features to ensure rock-solid reliability, the device complies with key management best practices and contains some of the industry’s most advanced security features.

Strategic integration
Strategically integrating the Excrypt Plus with other Futurex products paves the way for even faster speeds, higher availability, and fuller functionality to meet the most demanding requirements. It is compatible with Futurex solutions including the Guardian Series 3 and the Excrypt Touch, to create a fully redundant, remotely managed cryptographic infrastructure.  

Available Excypt Plus functionality
Strategically integrating the Excrypt Plus with

  • Card/PIN issuance & validation
  • Mobile payments
  • P2PE & tokenization
  • ATM remote key loading
  • EMV issuance & validation
  • MAC & hashing
  • General purpose crypto

What are the Excrypt Plus Payment HSM specifications?

Hardware features

  • Dual control-enabled, tamper-responsive
  • Smart card reader for M-of-N key fragmentation and dual-factor authentication
  • Dual, redundant gigabit Ethernet ports
  • Dual, redundant, hot-swappable power supplies
  • Secure Cryptographic Device (SCD) with tamper responsive barrier to protect sensitive data

Operating conditions

  • Power: 100 – 240 VAC 50/60 Hz. 225 Watts
  • Operating temp: -40° to 140°F (-40° to 60°C) Storage temp: -40° to 140°F (-40° to 60°C)
  • Operating humidity: 20% to 80% non-condensing
  • Storage humidity: 5% to 95% non-condensing

Dimensions and weight

  • Weight: 36 lbs (16.33 kg)
  • Width: 19 inches (48.26 cm)
  • Height: 1U – 1.72 inches (4.37 cm)
  • Depth: 19.4 inches (49.38 cm)

Compliance and keys

Industry compliance standards

  • FIPS 140-2 Level 3
  • PCI HSM
  • ASC X9.24 Part 1 and Part 2 – TR-39
  • RoHS
  • FCC Part 15 – Class B

Supported cryptographic functionality

  • EMV
  • DES
  • Triple-DES
  • Master/Session
  • AES
  • RSA
  • Tokenization
  • Point-to-Point Encryption (P2PE)
  • PKCS #11

What are the Excrypt Plus Payment HSM product details?

The Excrypt Plus is available in varying models, providing the transaction speeds your organization needs. Need to expand more? Increase speeds in the field to 5,000 TPS and beyond—or upgrade to the Excrypt SSP Enterprise v.2 to achieve speeds of 20,000 TPS and beyond.

Supports wide-ranging crypto functionality

  • Magnetic Stripe and EMV Card
  • Issuance and Verification
  • MAC and Hashing
  • Point-to-Point Encryption
  • Format-Preserving Encryption
  • ATM Remote Key Loading
  • HCE and Cloud Payments
  • Digital Signing
  • General-Purpose Cryptography
  • Mobile Payments
  • PIN Management and Printing
  • Tokenization
  • Contactless/NFC
  • 3-D Secure
  • PCI Data Protection
  • On Behalf Key Management (OBKM)
  • Custom Functionality

Hardened Enterprise Security Platform integration

The Excrypt Plus integrates directly with Futurex’s full solution suite, the Hardened Enterprise Security Platform, for centralized configuration, management, monitoring, alerting, load balancing, scalability, cloud-based services, and more.

Disaster recovery and high availability

  • Contains hot-swappable power supplies and dual Ethernet ports
  • Integrates with VirtuCrypt Plus Monitoring and Alerting and Disaster Recovery services for increased infrastructure visibility and uptime
  • Can be peered and configured into functional groups using the Guardian Series 3 centralized management platform for load balancing and failover support

Application partitioning

  • Use application partitioning to segregate key storage locations, giving individual applications control over their own keys and security policies through API function blocking
  • Up to 250 application partitions are supported with a single Excrypt Plus
  • Each partition has its own unique identity, key storage, and API function blocking

Universal compatibility

Turnkey compatibility with all major financial host application software sold around the world, as well as support for standardsbased interfaces like PKCS #11 and Java for general purpose cryptographic processing.

HSM management tools

  • Excrypt Manager: Dedicated, GUI-based application for secure HSM configuration, management, and key loading
  • Web Portal: A secure, web-based application for configuring virtually all aspects of the Excrypt Plus, monitoring logs, and more

Industry compliance standards

  • FIPS 140-2 level 3 compliant
  • ANSI X9.24 part 1 and part 2 – TR-39
  • Payment card industry data security standard (PCI DSS)
  • FCC part 15 – class B

Available functions & interface

Algorithms

  • 3DES DUKPT
  • RSA
  • AES
  • ECC

Interfaces

  • Excrypt API
  • Java JCA/JCE
  • PKCS #11
  • And more

Key block formats

  • TR-31
  • Cryptograms
  • AKB

Is there an integration guide for the Excrypt Plus?

A PDF version of the integration guide may be downloaded from here.

Featured Resources

"By deploying Futurex devices, Ecentric will be the first payments provider in Africa to deploy "point-to-point" encryption thereby establishing a competitive advantage to achieve compliance with the most rigorous industry standard, PCI DSS.”

 

- Hassen Sheik CEO

Ecentric

Enterprise Data Encryption Solutions

Futurex provides HSMs and key management servers that handle encryption, bring-your-own-key (BYOK). Futurex helps enterprise organizations deploy a modern cloud data security environment that complies with the latest standards and regulations.

bc4595180ea915c553ac6ecf67ca4b0b
Bank_of_America_logo
wells fargo
RBC_Bank logo
Discover_Card_logo