IT Security for Critical InfrastructuresSecurity Made in Germany


Range & Features

MTG smartHSM – the low-cost Mini-HSM

The smartHSM securely stores the key material and with it the cryptographic identity of a user. The smartHSM is also a highly reliable source of random numbers, ensuring that high-quality key material is generated during key generation. MTG smartHSM

Tasks & Functions

  • Generation and verification of digital signatures (e.g. for content data signature)
  • Encryption of transport layer via TLS
  • content data encryption
  • random number generation

 Certifications, Evaluations, Security

  • Common Criteria EAL4+ certified secure module / mini-HSM
  • BSI-CC-PP-0095/ TR-03109-2 annex  B
  • PKI according to BSI Smart Meter Certificate Policy and TR-03109-4
  • Secure firmwareupdate
  • Firewall for USB-communication
  • Conformitly CE, WEEE & RoHS II

CLS-Control & Smart Meter Gateway Communication according to BSI-TR 03109

CLS-Control & Smart Meter Gateway Communication according to BSI-TR 03109

The MTG smartHSM offers cost-effective possibilities for the secure CLS Control of IoT devices in the German Smart Grid. The MTG Mehrwert-Konnektor has already integrated the smartHSM and provides a central security system for value-added applications that need access through the Smart Meter Gateway. IoT devices can thus be controlled via the CLS channel of the Smart Meter Gateway while complying with the legal requirements of BSI-TR 03109.

Key Management System

Key Management System

The smartHSM is very well suited for the operation of Key Management Systems (KMS). MTG has developed a key management system specifically designed to meet the requirements of the Smart Metering market: It can be used by manufacturers in production as well as by utilities in the management of devices. In both use cases, the MTG KMS provides the central security system to which specific applications can be attached. Either on the manufacturer's side or at the utility company.

Customer-specific applications in the Smart Meter environment

Customer-specific applications in the Smart Meter environment

In general, own, customer-specific applications can also be connected to the smartHSM, if they provide their own cryptographic functionalities. The smartHSM is connected to the corresponding application via the standardized KMIP interface.

Utimaco HSM

Utimaco HSM

Utimaco HSM (Hardware Security Module) Utimaco Deutschland HSM (© Utimaco)

Utimaco's SecurityServer CSe provides tamper-proof technology and maximum security for the cryptographic key material for servers and applications. It is ideal for applications with the highest security requirements, such as government organizations or the banking and financial sector. The Deutschland-HSM (D-HSM) offers a special security solution in the eID environment as well as for smart metering in Germany.

MTG HSM-HA – High Availability & Scaleability

The large number of (parallel) key operations for TLS and content data protection requires flexible scalability, high availability and reliability, as demanded for example by the German Smart Meter Roll-out.

MTG-HSM HA – Cluster-capable High Availability solution MTG-HSM HA – Cluster-capable High Availability solution (© MTG AG)

MTG-HSM-HA Cluster is a software high availability layer for the Utimaco Deutschland-HSM resp. Utimaco CryptoServer LAN V4, which is already in use with the eID server for the new German electronical ID card.
The MTG solution is the only cluster-capable HSM-HA solution for the Utimaco Deutschland HSM. Both the primary and secondary systems are active and requests are processed in parallel. There is no recovery time.

The MTG HSM-HA Software provides the following features:

  • Geographical distribution possible (K-case scenario)
  • Availability (99.9%)
  • transparent integration (API Utimaco & HSM-HA API MTG transparent)

Specific advantages compared to "hot standby solutions" are:

  • Availability with fail-over function: i.e. one HSM can fail / be serviced during operation without disrupting the operation of the others)
  • Easy dynamic scalability ( because "stateless" is easily possible by connecting further HSM's)
  • Performance / Loadbalancing (easily possible by connecting additional HSM's)

MTG recommends an HSM-HA solution ( as of 2 HSM) to ensure maximum availability. In case of failure or maintenance of one HSM, the second HSM automatically takes over the operation.

Downloads & Links

Have we aroused your interest?

Contact us and get some advice from our experts...

Contact form