Skip to main content
The KMES Series 3 provides a turnkey solution for offline enterprise-level Certificate Authority (CA) and Private Key Infrastructure (PKI) management. Root CAs can be issued offline, wherein the device may be powered down and disconnected from the network. Additionally, the KMES Series 3 enables you to import and export PKIs offline.

Business purpose

The primary business purpose for using the KMES Series 3 offline feature is to prevent unauthorized access to root CAs in the event of a network breach. As an added advantage, the offline feature provides an alternate method to securely manage root CAs during network downtime.

KMES Series 3 features overview

The KMES Series 3 enables you to deploy and maintain an Enterprise Key Management solution, giving users complete control over the lifecycle of security keys. Additionally, a comprehensive SDK is provided with the device to manage key distribution and administration. You can use this device effectively for the following enterprise-level business use cases:
FeatureDescription
Cloud Key ManagementThe KMES Series 3 remote cloud service enables you to independently manage key distribution by bringing your own key generated through the secure internal HSM and transferring to your cloud environment using encryption key wrapping.
End-to-end Data ProtectionYou can manage application encryption, Transparent Database Encryption (TDE), file encryption, and tokenization through the KMES Series 3 with the cryptographic protection validated by the FIPS 140-2 Level 3 standards that are enforced throughout the process.
PKI Management Businesses can use the KMES Series 3 to build an expansive and robust Public Key Infrastructure (PKI), enabling you to go offline and perform certificate signing and issuing to secure your PKI.
Code Signing Management The KMES Series 3 enables you to manage Code Signing Requests (CSRs) in a secure manner for Internet of Things (IoT) devices, Authenticode Digital Signatures, Java applications, and Continuous Integration/Continuous Development (CI/CD) for code deployments.
Financial Key Management The KMES Series 3 enables financial institutions to securely manage EMV payment processing operations with the option to remotely manage the entire key loading process, giving you the flexibility to control key loading from practically anywhere.
You can manage the KMES Series 3 by using the following different methods:
  • The Futurex Command Line Interface (FXCLI) application
  • The local application interface, an Excrypt Touch device
  • A remote desktop session
This guide illustrates how to manage keys and key groups by using the remote desktop interface and configure offline Root CA functionality on the KMES Series 3.