Futurex Vectera Plus

Futurex — Vectera Plus

Common Models

  • Vectera Plus network HSM (general-purpose + payments), available as on-prem appliance and via VirtuCrypt cloud HSM service. futurex.com+1

FIPS Status

  • Current validation: FIPS 140-2 Level 3; PCI PTS HSM validated for payments use cases. futurex.com+1
  • Roadmap: Futurex positions Vectera Plus as PCI-validated and crypto-agile, with lifecycle governance we can align to FIPS 140-3 migration plans as certifications publish. futurex.com

PQC (Post-Quantum) Support

  • Positioning: Futurex publicly highlights PQC-ready payments HSM capability and engagement with the NIST PQC standards (FIPS 203 ML-KEM / Kyber, FIPS 204 ML-DSA / Dilithium; awareness of SPHINCS+ for hash-based signatures). We design dual-stack rollouts (classical + PQC) and enable PQC where licensed/supported in your firmware stream. futurex.com+1

Dual Private-Key Format Support (Seed vs Expanded)

  • Context: PQC introduces two private-key forms—compact seeds (~tens of bytes) and expanded keys (≈1.6–4 KB). IETF is progressing seed-only PKCS#12 profiles, which affects backup/interchange.
  • What we implement on Vectera Plus estates:
    • Seed custody inside the HSM: Store seeds as high-assurance objects; control export with dual control/split knowledge and partition policy.
    • Deterministic re-derivation: Materialize expanded keys from seeds inside the trust boundary for KEM/signing so large keys needn’t be persisted when policy forbids it.
    • Expanded-key import & lifecycle: When applications require expanded keys, we import/wrap under FIPS-approved configurations, with labeling, rotation, and archival controls.
    • Backup & portability: HSM-wrapped seed objects (and, if needed, expanded keys) with tamper-evident ceremonies; runbooks to transition from traditional PFX to seed-centric custody as standards finalize.

Payments Strength (Where Vectera Plus Shines)

  • TR-31/TR-34 key blocks, EMV, 3-D Secure, PIN translation, DUKPT, issuer/acquirer integrations, and audit evidence packs for PCI DSS & PCI PTS HSM. We tune throughput and HA clustering for authorization and card-issuing pipelines. futurex.com

How SafeCipher Helps (Procure • Deploy • Support)

  • Procurement & contracts: Sizing, pricing, spares/RMA logistics, co-termed renewals; PoCs for on-prem vs VirtuCrypt cloud HSM or hybrid. futurex.com
  • Deployment & integration: Cluster/HA design, client toolchains (PKCS#11/CNG/JCE), payments SDKs, TR-31 enforcement, firmware governance, and performance tuning. futurex.com
  • Operations: 24×7/BH support options, monitoring/telemetry, seed/expanded-key ceremonies, backup/escrow, PCI audit packs, and migration to PQC with provenance-preserving re-wraps. futurex.com

Bottom line

Whichever HSM or crypto platform you choose, we can help you buy it right, deploy it right, and keep it right—without locking you to a single vendor.