MTG smartHSM (Mini-HSM)
The smartHSM securely stores the key material and with it the cryptographic identity of a user. The smartHSM is also a highly reliable source of random numbers, ensuring that high-quality key material is generated during key generation. There are different possible fields of application for the smartHSM.
"Passive EMT" (external market participants) in the German Smart Metering will need a certified Hardware Security Module (HSM) to decrypt signed meter data from a Smart Meter Gateway (SMGW). "Active EMT" who want to control IoT devices via the CLS channel also need a HSM.
The new MTG smartHSM is designed to meet the performance requirements of this special target group and enables significantly lower investment and operating costs.
Tasks & Functions
- Generation and verification of digital signatures (e.g. for content data signature)
- Encryption of transport layer via TLS
- Content data encryption
- Random number generation
Certifications, Evaluations, Security
- Common Criteria (CC EAL4+) certified secure module / mini-HSM
- BSI-CC-PP-0095/ TR-03109-2 annex B
- PKI according to BSI Smart Meter Certificate Policy and TR-03109-4
- Secure firmware update
- Firewall for USB-communication
- Conformitly CE, WEEE & RoHS II
Potential use-cases for the MTG smartHSM
- Meter Data Management
- CLS control
- Key Management Systems
- Market partner communication
- XML Encryption FNN eLS 2.1
- Specific applications in the smart meter environment
CLS Control & Smart Meter Gateway Communication according to BSI TR-03109
The MTG smartHSM offers cost-effective possibilities for the secure CLS Control of IoT devices in the German Smart Grid. The MTG Mehrwert-Konnektor has already integrated the smartHSM and provides a central security system for value-added applications that need access through the Smart Meter Gateway. IoT devices can thus be controlled via the CLS channel of the Smart Meter Gateway while complying with the legal requirements of BSI TR-03109.
Key Management System
The smartHSM is very well suited for the operation of the MTG Key Management System (KMS). MTG has developed a key management system specifically designed to meet the requirements of manufacturers of IoT devices: It can be used by manufacturers in production as well as by their customers in the management of devices. In both use cases, the MTG KMS provides the central security system to which specific applications can be attached.
Customer-specific applications within the smart meter environment
In general, it is also possible to connect own, customer-specific applications to the smartHSM, as long as they have their own cryptographic functionalities. The smartHSM is connected to the corresponding application via the standardized KMIP interface.