Excrypt SSP9000 Hardware Security Module (HSM) – Product Overview

Powered with Industry-Leading Functionality, Speed, and Security

Best Top Hardware security Module (HSM) Solutions for financial sector- TLS Server

Kryptoagile understands that cryptographic infrastructures need data encryption and security to be capable of scaling along with organizational development.There fore, Excrypt System Security Processor (SSP) Series offers complete and robust security at industry-leading transaction speeds, including a wide array of functionality to form a comprehensive and easy-to-use solution. This robust machine is exclusively designed for the fastest payment transactions.

Technology for Tomorrow

The Excrypt SSP9000 HSM module builds upon Futurex’s legacy of offering proven encryption technology with features designed to take organizations into the future with confidence. Futurex commits to developing and implementing HSM devices that are industry compliant, innovative, and effective for your security needs. The Excrypt SSP9000 HSM unit’s enhanced scalability and capability to integrate with other Hardened Enterprise Security Platform solutions, including the Guardian9000 and the Securus, ensures your organization will always have the capacity it needs.

Secure, Versatile, Compliant

  •   Fastest payment HSM in the world – up to 2,250 TPS
  •   Dual redundant power supplies and Ethernet ports for hassle-free encryption key management
  •   Support for AES, RSA, EMV (issuing and validating), PKCS #11 and more
  •   FIPS 140-2 Level 3, PCI HSM, ANSI X9.24 Part 1 and Part 2 – TR-39

Audit Tracking Capability

  •   Provides detailed audit records and the ability to generate certificate reports
  •   Easily manages internal and external audits
  •   Stores all tracking information and certificate authority activity for auditing requirements
  •   Maintains complete, authenticated log files of all data encryption activities and access

Excrypt SSP9000 HSM– Features and Benefits

Universal Compatibility

The Excrypt SSP9000 communicates using the Futurex Excrypt Universal Interface (UI), an intuitive and easily integrated API, supported by major host application software products sold around the world. This allows standardization between various HSM devices across all major platforms.


Integration with the Futurex Guardian9000 HSM’s centralized management platform allows an organization to combine the processing power of multiple HSM units into a single transaction processing entity. Users can easily create true active-active disaster recovery environments with monitoring available via SMTP, SNMP, and SMS.

Remote Management and Encryption Key Loading

The Excrypt SSP9000 HSM device works seamlessly with the Securus — Futurex’s portable, FIPS 140-2 Level 3-validated remote management and configuration device. The Securus touchscreen tablet eliminates the need for organizations to spend time and money traveling to perform routine maintenance, encryption key loading operations, and firmware updates, with configuration able to occur virtually anywhere in the world. A public key infrastructure (PKI) enables a secure, mutually authenticated connection between the end user and the Excrypt SSP9000 HSM unit.

Regulatory Compliance

Futurex maintains a policy of supporting all current and emerging regulatory standards on the EXP9000 cryptographic module. The device meets and adheres to Payment Card Industry (PCI) per data security standard, FIPS 140-2 Level 3, ANSI X9.24 part 1 and part 2—TR-39, and PCI HSM.

Cryptographic Algorithms Supported

The Excrypt SSP9000 HSM supports numerous cryptographic algorithms and APIs for both payment processing services and general purpose data encryption. These algorithms and APIs include Data Encryption Standard (DES), Triple-DES, Master/Session, AES, RSA, and PKCS #11.

Graphical User Interface

By default, the Excrypt SSP9000 HSM includes the easy-to-use Excrypt Manager. Through this GUI-based application, all settings may be configured, and the intuitive design cuts training and administrative costs through its easily comprehensible format.

Web-Based Interface for Remote Management

The Excrypt SSP9000 HSM contains dual, hot-swappable power supplies, allowing for redundancy in both physical hardware and power source if an organization wishes to use two separate circuits. The Excrypt SSP9000 hardware security module contains dual ethernet ports, adding another layer of hardware redundancy.

Integrated Smart Card Reader

Key components require secure storage. Organizations have typically used paper-based methods to record components, but Futurex’s support of smart card-based key loading removes that requirement. It facilitates the user to experience the robust cryptographic key management.

Syslog Support

Maintaining accurate and complete logs is a critical element of an IT ecosystem, which should be designed according to data privacy compliance. The Excrypt SSP9000 HSM outputs log files directly to an external syslog server, simplifying troubleshooting, development, and auditing.

M-of-N Key Fragmentation

Through the Excrypt SSP9000’s M-of-N key fragmentation functionality, loading encryption keys is simple and convenient. Organizations can define several required key officers for a key ceremony that is less than the total number of key officers, allowing enterprises to maintain security while dramatically reducing the inconvenience of coordinating busy schedules around key ceremonies.

Robust Hardware

The ExcryptHSM SSP9000 contains the Futurex EXP9000, the world’s fastest payment transaction cryptographic HSM module, which operates at up to 2,250 TPS. The Excrypt SSP9000 hardware security module complies with FIPS 140-2 Level 3 requirements and includes the following physical security features:

  •   1U hardened steel interlocking rack-mounted case
  •   Two unique faceplate bezel locks to protect the configuration port
  •   Secure Cryptographic Device (SCD) with tamper-responsive barrier to protect sensitive data
  •   Battery backup for encryption keys in SCD memory

Enhanced Functionality

The Excrypt HSM SSP9000 supports functionality modules for organizations seeking to use their HSM for specific tasks. Establishing an ATM remote key loading (RKL) environment is simple with the Excrypt SSP9000’s RSA and PKI functionality, which allows direct management of the key lifecycle for ATMs through compatible host software. Functionality for EMV (smart cards) 4.0/4.2/4.3 is available for organizations that require EMV transaction validation or card issuance functionality, and the Excrypt SSP9000 hardware security module also supports Point-to-Point Encryption (P2PE) using industry-standard DUKPT data encrypt, decrypt, and translate functionality.

© Kryptoagile Solutions Pvt. Ltd. All rights reserved (2017-2018).