Navigation
  • en
  • SECURE SERVICES

Secure Services

Our secure services division, called StepNexus, develops solutions for Certificate Authorities (CAs) and advanced cryptographic key management requirements and operates secure hosted services at our facility in the UK. The team of experts have been involved in developing, delivering and operating Key Management (KMA) and Certificate Authority solutions for customers across banking, government and device management markets. The group’s experience initiated from the early involvement in the very first MULTOS Key Management Authority (KMA) service some 20 years ago, and then to the first customer-operated MULTOS KMA solutions for national government identity programs. That expertise building high-security systems for root key management, with the generation of hundreds of millions of digital certificates and delivering those to high-throughput production systems was a key competency that led to our next phase of solution offering – Certificate Authority solutions supporting a wider range of cryptographic methods. We now offer solutions and/or hosted services for a variety of Certificate Authority requirements, including:

  • MULTOS KMA. Providing the central Key Management Authority for MULTOS devices. Solution options include the standard hosted model, using our StepXpress web interface to access the global MULTOS KMA, where we have secured over 1 billion devices; or a software license solution that can be installed and operated at the customer premises (often desirable for government programs to ensure full end-to-end key sovereignty)

  • EMV CA. Solution for any EMV payment network to provide the root Payment System Keys. Suitable for any payment network including domestic schemes, private label brands, closed-loop systems and more. This solution is available as either a cloud-based hosted service or installed at the customer premises as a s/w license solution. Our hosted service offer, where we host the payment CA system keys in our secure premises and provide a web-based portal for each payment network owner, via a role-based access management system, has been serving numerous payment brands for nearly 10 years.  

  • IoT/X.509 PKI CA. We also offer a generic CA solution servicing standard X.509 certificate formats for a range of cryptography options, similar to our EMVCA solution, and is offered in either hosted mode or installed at the customer site. This PKI CA solution is capable of servicing customers building secure IoT platforms, or inter-connecting IoT devices for industrial use (Industrial IoT) or any other general PKI scheme. Various cryptographic certificate formats and digital key options are possible, please contact us for availability or customisation.

  • NFC CA. A central root key generation and certificate signing service that can be put in place for single-shot production runs, or connected to the device manufacturing facility to provide certificates per-device


Our StepNexus secure services group has a particular expertise in developing, delivering and operating cloud-based hosted services, with significant capability in Certificate Authority services and Root Key generation/management.  

Please contact us for any customised service or solution.  services@stepnexus.com.