Crypto Store By ID3 > Products > Futurex > KMES Series 3

KMES Series 3

Enterprise Key and Certificate Management

Symmetric key lifecycle management, certificate authority & PKI, data protection, and vaultless tokenization from a single FIPS 140-2 Level 3 validated platform

The Key Management Enterprise Server (KMES) Series 3 is a versatile and secure solution for organizations charged with managing large volumes of keys, certificates, and other cryptographic objects. Whether it be key generation, transfer, storage, or deletion, the KMES brings full spectrum key management into a single device.

The KMES is a Secure Cryptographic Device (SCD) that utilizes robust, hardened security to protect keys and certificates at the source as well as extensive logical measures, such as dual control and a role-based permission systems, that secure sensitive data from both external and internal threats.



Note: RRP shown only. Accurate pricing, specification and availability will be provided upon quote issuance.


An Easier Way to Securely Manage Keys

FIPS 140-2 Level 3-compliant, the KMES’ hardware utilizes a reinforced steel chassis, unique bezel locks, and a hardened epoxy barrier containing tamper-responsive sensor wires that instantly zeroize sensitive data during any physical intrusion attempt.

Enterprise-Class Use Cases

– Symmetric key lifecycle management
– Enterprise certificate authority and public key infrastructure (PKI) for offline root, EMV CA, and more
– Registration authority
– Data protection, application encryption, and integration with 3rd-party applications
– Vaultless tokenization
– Quantum-safe hybrid certificate authority issuance

Perfect for Manufacturers
The KMES’ capacity for high-volume key management makes it an ideal solution for manufacturers. Organizations, such as internet of things (IoT) providers, who are responsible for managing a large number of encryption keys are well aware of the difficulties and inconveniences associated with the process, especially if the key management system relies on multi-vendor solutions. The KMES simplifies the key management process by providing a single-source solution for injecting keys and certificates, all the while increasing key security and compliance.

The KMES is adaptable enough to fit into the cryptographic infrastructures of large-scale manufacturers. Additionally, Futurex’s custom development program can provide an additional level of integration for manufacturers needing additional resources.

Diverse Functionality
From device authentication to the generation of keys for POS environments, the KMES is able to handle the symmetric and asymmetric key processes for your industry. The KMES supports all major key types, algorithms, and protocols, with more being continually added as new technologies emerge. Futurex can also develop solutions that are fully customized for your organization’s key and certificate needs, relying on years of successful experiences with previous custom initiatives.

Establish a public key infrastructure (PKI) by using the KMES to manage certificate trees, individual certificates, private keys, signing requests, and more through import, export, generation, tracking, storage, and revocation. Symmetric key processes are made simple through the KMES’ functionality for batch generation, import, and export; automatic expiration; key templates; key group format cloning; and key component printing.

The Quantum Computing Shift
The KMES Series 3 offers expansion functionality to support quantum-safe hybrid certificate authorities. This allows organizations to issue a single certificate that contains both conventional public key algorithms such as RSA and ECC, or quantum-safe ones. This mitigates the inevitable quantum computing risk and allows organizations to make the transition on their own timelines.

Additional information

Weight 18.4 kg
Dimensions 56.7 × 48.3 × 8.81 cm
Industry Compliance Standards Met

FIPS 140-2 Level 3
ANS X9.24 – Part 1 and Part 2
FCC Class B – Part 15
Applicable future compliance mandates

EMV Certificate Management

All major card brands supported
Supports issuer self-signed certificate creation and export
Creates ICC certificates according to EMVCo specifications

KMES Series Unit Includes

KMES Series 3 application CD
KMES Series 3 documentation CD
User guide
Mounting brackets
Two sets of two SCD barrel keys

Operating Conditions

Power requirements: 100 – 240 VAC 50/60 Hz. 225 Watts
Operating temperature: -40° to 140°F (-40° to 60°C)
Storage temperature: -40° to 140°F (-40° to 60°C)
Operating relative humidity: 20% to 80% non-condensing
Storage relative humidity: 5% to 95% non-condensing


Dual control-enabled, tamper-responsive and evident design
Smart card reader for M-of-N key fragmentation and dual-factor authentication
Dual, redundant gigabit Ethernet ports
Dual, redundant, hot-swappable power supplies
Automated, internal RAID-based backup of object management application and databases

Supported Key Types and Protocols

Triple DES
X.509 v3


2U hardened steel chassis with “Puzzle Box” tamper-resistant design
Detachable front panel with two unique locks, enabling dual control over front panel controls
Versatile, permission-based user system for enforcement of dual control and segregation of duties
Software enforcement of split knowledge principles
Battery-backed Secure Cryptographic Device (SCD) with epoxy barrier and tamper-responsive sensor wires

Scalable Integration

Capable of storing millions of keys and certificates
Scalable to the Nth degree with multiple KMES devices centrally managed by the Guardian Series 3
Customized, real-time monitoring and alerting via SMS, SMTP, and SNMP
Automatic synchronization of objects with other KMES devices
Object sharing with other Hardened Enterprise Security Platform devices and optional object segregation between remote applications

Enterprise Application Encryption

FIPS compliant security for application-based data protection
Centrally manage the full key, certificate, and policy lifecycle
Easy-to-use architecture simplifies and expedites deployment
Segregated key containers, enabling the creation of a single cryptographic resource pool for multiple independent applications
Web-based workflow management for automation of key lifecycle tasks
Standards-based libraries for easy integration: KMIP, C# .NET, Java

Versatile Functionality

Supports all common key types and protocols, including DES, Triple DES, DUKPT, X.509 v3, AES, RSA, and EMVCo
X9.17, AKB, and TR-31 (including custom optional fields) key block formats are available for use
Encryption keys, including major keys, can be imported, exported, and backed up onto smart cards using M of N fragmentation
Custom, user-defined attributes and object grouping simplifying the management and organization process
Supports mutual authentication under a trusted root certificate to establish a trusted public key infrastructure (PKI)
Capable of generating and managing self-signed root certificates


KMES Series 3

Customer Reviews

Customer Rating

0 Ratings
Stars 5
Stars 4
Stars 3
Stars 2
Stars 1
Be the first to review “KMES Series 3”

Your email address will not be published. Required fields are marked *


There are no reviews yet.

Item added To cart