Go To Content Go To Menu


MTG IoT Key Management System

MTG´s cryptographic IoT Key Management System (MTG IoT KMS) was specially developed for manufacturers and operators of IoT devices, making the management of a large number of individual cryptographic keys in production and operation at the operators’ site considerably easier.

MTG IoT KMS Solution & Benefits

The MTG IoT Key Management System (IoT KMS)  was designed to support the special requirements of the IoT device manufacturers and operators in all processes relating to the management of key material.

MTG IoT KMS from device production to operation

MTG IoT KMS from device production to operation (© MTG AG)

The MTG IoT KMS enables manufacturer to generate high quality keys (e.g. AES keys) and to apply them during the production process. The ERP-systems will use the MTG IoT KMS to import keys from different devices. During the entire production, order and shipment process an effective identification and authentication of millions of devices are possible. On operation side (Onboarding, Operation, Monitoring / Maintenance) all device management applications manage the needed device keys with the central IoT KMS.

Tasks and Use-Cases

Key injection of IoT devices during production

The creation and injection of one or more specific keys, during production is an important process for more device safety. This ensures confidentiality, integrity and authentication of million individual keys of produced IoT devices.  

Secure Boot

Manufacturers of embedded systems should ensure that their devices only boot with original and unmodified firmware.  MTG IoT KMS uses digital signatures to ensure the trustworthiness of the embedded system throughout the device lifecycle and covers secure boot, configuration and update processes.
Find more information here. 

Customized production 

For a manufacturer a customer-specific production of the key material is essential and can be controlled with the MTG IoT KMS.

Separate key management of production processes 

MTG IoT KMS allows individual roles and access rights to be set up for the different production lines or products, each with its keys handled separately.

Key storage and deletion 

Customers may require that the manufacturer securely archives the keys for the delivered devices for a certain period of time. The MTG IoT KMS ensures that the archived keys can be accessed and assigned to the customer for individual periods. It is also possible to securely delete the key material for individual customers

Management of multiple internal and external production sites

Different sites of internal or even external suppliers could be integrated into the MTG IoT KMS. External suppliers who are not allowed to view the key material can be managed in this way, for example.

IoT device operation

For secure device management, various client applications are able to continuously access the key material managed centrally in the MTG IoT KMS throughout the entire device lifecycle.:

  • Onboarding: device storage, registration, workforce management
  • Operation: data processing & control of devices
  • Monitoring & Maintenance: device updates, status, configuration

Multi-vendor support

The MTG IoT KMS can support different manufacturers and products in the management of the devices in operation.

Task specific key material 

On production and operation side, keys are marked according to their function or tasks (administration, testing, updating, workforce management...) to be used by the authorized applications / users only. 

Replacement of the key material in the device

MTG IoT KMS allows to exchange key material in the devices. For example, before the validity of keys expires or broken algorithms.

Secure electronic shipment files

A secure handover of the key material when sending the physical devices to the customer or between production sites has to be ensured with an electronic shipment file. For the en- and decryption of an electronic shipment file we offer all necessary "crypto key functionalities". The application for the electronic shipment file can be connected quickly and easily to fulfill all encryption tasks. For the electronic shipment file, we rely on common standards such as  OMS-XKE (OMS XML Key-Exchange of the Open Metering System Group) and FNN eLS 2.1 (Germany).Thanks to the key transfer via standardized interfaces, it is always possible to work with a non-MTG KMS on the side of the manufacturer or its customer.

Downloads & Links

What can we do for you?

For further information feel free to contact us!

Lädt …