MTG IoT – Key Management System
The MTG IoT Key Management System (IoT KMS) was designed to support the special requirements of the IoT device manufacturers and operators in all processes related to the management of key material.
The MTG IoT KMS enables manufacturer to generate high quality keys (e.g. AES keys) and to apply them during the production process. The ERP-systems uses the MTG IoT KMS to import keys from different devices. During the entire production, order and shipment process an effective identification and authentication of millions of devices are possible. On operation side (Onboarding, Operation, Monitoring / Maintenance) all device management applications manage the needed device keys with the central IoT KMS.
Secure electronic shipment files
A secure handover of the key material when sending the physical devices to the customer or between production sites has to be ensured with an electronic shipment file. For the en- and decryption of an electronic shipment file we offer all necessary "crypto key functionalities". The application for the electronic shipment file can be connected quickly and easily to fulfill all encryption tasks. For the electronic shipment file, we rely on common standards such as OMS-XKE (OMS XML Key-Exchange of the Open Metering System Group) and FNN eLS 2.1 (Germany).Thanks to the key transfer via standardized interfaces, it is always possible to work with a non-MTG KMS on the side of the manufacturer or its customer.
MTG Corporate PKI for IoT
In the Internet of Things, a large number of devices communicate with each other in network infrastructures. In order to protect these systems, no device may have access unless it has proven that it is trustworthy. The secure identity of a device is ensured by the respective use of an individual, unique and secret key.
The MTG Corporate PKI provides the necessary certificates for asymmetric encryption procedures and is and is designed to be optimally compatible with the MTG IoT KMS.
MTG Secure Boot
Manufacturers of embedded systems should ensure that their devices only start with original and unmodified firmware and that only authorized configuration files and updates can be used. The required key material must be stored in a highly protected environment and only authorized users should have access to it. If this is not implemented consistently and end-to-end, there is a high risk of manipulation and misuse. The original software may run on faked hardware or vice versa, faked or manipulated software may run on the original hardware.
MTG Secure Boot is responsible for all crypto operations (encryption, signing, key generation…), which are needed for secure boot, configuration and update of embedded systems. The initial boot process will be secured with the customer encryption key.
All required symmetric and asymmetric keys are securely protected in the MTG Key Storage respectively HSM.
MTG Secure Boot is delivered as RPM package or on request on a pre-installed and configured server with a compatible HSM. It can be quickly and easily put into operation at a central and secure location. The connection of the development and production environment can be implemented very flexibly. Code signing tools of the chip manufacturers (e.g., NXP) are integrated into the system according to customer requirements. MTG provides support for all IT security relevant questions regarding the configuration of the firmware. The optional Hardware Security Modules are pre-configured and provided on a fail-safe basis.
Evaluation Facility for IT Security
Our BSI accredited Evaluation Facility for IT-Security supports you in all questions regarding the implementation of the policies of the IEC 62443 standard. IEC 62443 is an international series of standards on "Industrial communication networks - IT security for networks and systems". These standards specify both technical and procedural aspects of industrial cybersecurity.
IEC 62443 can be applied to the Policies & Procedures, System and Component / Product aspects. Certification is ideal to prove that there is no negligence in securing an industrial facility. MTG is a member of the VDE standardization committee.
Security schemes according to IEC 62443 significantly reduce the possibility of production downtimes resulting from cyberattacks.