Go To Content Go To Menu

MTG KMS

Fast and easy integration of the MTG IoT KMS

MTG offers a particularly simple way of connecting existing systems into the IoT KMS. Standard interfaces and specific adapters support the entire integration process, which is accompanied by our MTG security experts at all stages.

MTG IoT KMS

Features & Integration

The MTG encryption key management system for the Internet of Things enables different applications in a company to access a detached, central security component that can perform all necessary crypto operations.

Product features MTG Key Management System

Product features MTG Key Management System (© MTG AG)

The entire key management lifecycle is already supported in the MTG KMS and can be utilized via the standardized KMIP interface. The platform supports multiple independent clients. MTG´s dedicated role and rights management ensures the correct distribution of access rights of clients to the respective keys.

MTG KMS manages the entire key management lifecycle

MTG KMS manages the entire key management lifecycle (© MTG AG)

The KMIP interface enables the smooth and easy integration of existing applications. Many applications already support the KMIP interface, others can be easily integrated using adapters to MTG KMS. Adapters to other widely adopted interface, like for example PKCS#11 or JCA/JCE, further ease the integration of applications.

In case the KMIP protocol does not offer the necessary functionality (e.g. bulk jobs, legacy applications…), a REST interface can be used to support a variety of clients and applications.

A Public Key Infrastructure (PKI) can be easily integrated to the MTG KMS. Besides this, a specific IoT PKI is available at MTG.

In cooperation with our customers, MTG develops a detailed specification that takes into account the project´s individual requirements. Affected departments (e.g. the production team) are fully involved and interfaces are coordinated.

HSM Integration

MTG KMS supports different Hardware Security Module (HSM) vendors for the secure storage and generation of high-quality encryption keys.

Cost-effective Mini-HSM: MTG smartHSM

Cost-effective Mini-HSM: MTG smartHSM (© REINER SCT)

The smartHSM ensures that high-quality key material is generated during key generation. The KMS also uses the HSM to protect the sensitive key material from external access. The HSM used here is particularly secure because it has been certified according to Common Criteria EAL 4+.

In addition, the legal requirements BSI-CC-PP-0095-2017 (protection profile Mini-HSM), BSI TR-03109 and CP Smart Metering PKI are fulfilled. MTG KMS is compatible with HSM from UTIMACO and Thales SafeNet-Luna. Other HSM manufacturers can be connected on request.

MTG KMS is compatible with HSM from UTIMACO and Thales SafeNet-Luna. Other HSM manufacturers can be connected on request.

Hochperformante Utimaco CSe Serie

Hochperformante Utimaco CSe Serie (© Utimaco)

OASIS KMIP

Key Management Interoperability Protocol

The OASIS Standard Key Management Interoperability Protocol (KMIP) was developed as an interoperable protocol that defines the standard communication between key management servers and clients.

MTG KMS already supports all cryptographic functions from the KMIP standard

MTG KMS already supports all cryptographic functions from the KMIP standard (© MTG AG)

KMIP  specifies all management operations for objects (e.g. digital certificates, private keys) that are stored and managed by a key management system. The KMIP standard includes operations for symmetric and asymmetric cryptographic keys, digital certificates and templates that simplify the creation of objects and control their use.

KMIP Operations

KMIP is already implemented and specifically supported by leading companies (e.g. Dell, HP, IBM, Oracle, SafeNet) on the Internet of Things.

Crypto-Agile and Quantum Safe

MTG is already prepared for post-quantum area

The probability to break RSA 2048 by 2031 is estimated at 50%

The probability to break RSA 2048 by 2031 is estimated at 50% (© MTG AG)

MTG KMS has been developed on the basis of a consistent crypto agile approach. Therefore, MTG KMS already supports post-quantum or quantum-safe cryptography today. If our customers need to use new standardized PQC algorithms, the central MTG KMS just needs to be updated without any significant changes on the application side. MTG KMS uses exclusively high quality PQC algorithms, which are part of the NIST selection process. The MTG KMIP interface has been extended with these chosen algorithms and is thus able to create PQC signatures and to encrypt and decrypt data accordingly.

Downloads & Links

What can we do for you?

For further information feel free to contact us!

Lädt …