MTG Enterprise KMS
The MTG Enterprise KMS (often also called encryption key management system) enables different applications in a company to access a detached, central security module that can perform all necessary crypto operations.
The entire key management lifecycle is already supported in the MTG KMS and can be utilized via the standardized KMIP interface. KMS users are also prepared for future developments. For example, HSMs from different manufacturers can be flexibly integrated, depending on changed performance and availability requirements. Encryption and cryptography methods are constantly being further developed and updated.
The platform supports multiple independent clients. MTG´s dedicated role and rights management ensures the correct distribution of access rights of clients to the respective keys. In the company's internal infrastructure, a fast and easy integration of storage devices, networking devices, personal devices with embedded storage (e.g. personal computers, handheld computers, cell phones), databases etc. is possible. With the KMIP protocol, the connection of different systems is standardized.
With industry specific modules the MTG KMS can be adopted for a large variety of industries. These includes, for example, the Internet of Things (IoT), Smart Metering, automotive, banking and financial sector, healthcare and industry 4.0 applications.
The MTG KMS can also be connected to Hardware Security Modules (HSM) for the secure storage of encryption keys and/or a Public Key Infrastructure (PKI) for certificate management.
As an option, communication (TLS/DLMS) can also be offered as an additional component.
The smartHSM ensures that high-quality key material is generated during key generation. The KMS also uses the HSM to protect the sensitive key material from external access. The HSM used here is particularly secure because it has been certified according to Common Criteria EAL 4+.
In addition, the legal requirements BSI-CC-PP-0095-2017 (protection profile Mini-HSM), BSI TR-03109 and CP Smart Metering PKI are fulfilled. MTG KMS is compatible with HSM from UTIMACO and gemalto/Thales SafeNet-Luna. Other HSM manufacturers can be connected on request.
MTG KMS is compatible with HSM from UTIMACO and gemalto / Thales SafeNet-Luna. Other HSM manufacturers can be connected on request.
Key Management Interoperability Protocol
The OASIS Standard Key Management Interoperability Protocol (KMIP) was developed as an interoperable protocol that defines the standard communication between key management servers and clients.
KMIP specifies all management operations for objects (e.g. digital certificates, private keys) that are stored and managed by a key management system. The KMIP standard includes operations for symmetric and asymmetric cryptographic keys, digital certificates and templates that simplify the creation of objects and control their use.
KMIP is already implemented and specifically supported by leading companies (e.g. Dell, HP, IBM, Oracle, SafeNet) on the Internet of Things. (OASIS KMIP Implementation).