Features & Integration
The MTG encryption key management system for the Internet of Things enables different applications in a company to access a detached, central security component that can perform all necessary crypto operations.
Product features MTG Key Management System (© MTG AG)
The entire key management lifecycle is already supported in the MTG KMS and can be utilized via the standardized KMIP interface. The platform supports multiple independent clients. MTG´s dedicated role and rights management ensures the correct distribution of access rights of clients to the respective keys.
MTG KMS manages the entire key management lifecycle (© MTG AG)
The KMIP interface enables the smooth and easy integration of existing applications. Many applications already support the KMIP interface, others can be easily integrated using adapters to MTG KMS. Adapters to other widely adopted interface, like for example PKCS#11 or JCA/JCE, further ease the integration of applications.
In case the KMIP protocol does not offer the necessary functionality (e.g. bulk jobs, legacy applications…), a REST interface can be used to support a variety of clients and applications.
A Public Key Infrastructure (PKI) can be easily integrated to the MTG KMS. Besides this, a specific IoT PKI is available at MTG.
In cooperation with our customers, MTG develops a detailed specification that takes into account the project´s individual requirements. Affected departments (e.g. the production team) are fully involved and interfaces are coordinated.
HSM Integration
MTG KMS supports different Hardware Security Module (HSM) vendors for the secure storage and generation of high-quality encryption keys.
Cost-effective Mini-HSM: MTG smartHSM (© REINER SCT)
The smartHSM ensures that high-quality key material is generated during key generation. The KMS also uses the HSM to protect the sensitive key material from external access. The HSM used here is particularly secure because it has been certified according to Common Criteria EAL 4+.
In addition, the legal requirements BSI-CC-PP-0095-2017 (protection profile Mini-HSM), BSI TR-03109 and CP Smart Metering PKI are fulfilled. MTG KMS is compatible with HSM from UTIMACO and Thales SafeNet-Luna. Other HSM manufacturers can be connected on request.
MTG KMS is compatible with HSM from UTIMACO and Thales SafeNet-Luna. Other HSM manufacturers can be connected on request.
Hochperformante Utimaco CSe Serie (© Utimaco)
Key Management Interoperability Protocol
The OASIS Standard Key Management Interoperability Protocol (KMIP) was developed as an interoperable protocol that defines the standard communication between key management servers and clients.
MTG KMS already supports all cryptographic functions from the KMIP standard (© MTG AG)
KMIP specifies all management operations for objects (e.g. digital certificates, private keys) that are stored and managed by a key management system. The KMIP standard includes operations for symmetric and asymmetric cryptographic keys, digital certificates and templates that simplify the creation of objects and control their use.
KMIP is already implemented and specifically supported by leading companies (e.g. Dell, HP, IBM, Oracle, SafeNet) on the Internet of Things.
Crypto-Agile and Quantum Safe
MTG is already prepared for post-quantum area
The probability to break RSA 2048 by 2031 is estimated at 50% (© MTG AG)
MTG KMS has been developed on the basis of a consistent crypto agile approach. Therefore, MTG KMS already supports post-quantum or quantum-safe cryptography today. If our customers need to use new standardized PQC algorithms, the central MTG KMS just needs to be updated without any significant changes on the application side. MTG KMS uses exclusively high quality PQC algorithms, which are part of the NIST selection process. The MTG KMIP interface has been extended with these chosen algorithms and is thus able to create PQC signatures and to encrypt and decrypt data accordingly.