MTG smartHSM, the low-cost mini HSM
The smartHSM securely stores the key material and with it the cryptographic identity of a user. The smartHSM is also a highly reliable source of random numbers, ensuring that high-quality key material is generated during key generation.
Tasks & Functions
- Generation and verification of digital signatures (e.g. for content data signature)
- Encryption of transport layer via TLS
- content data encryption
- random number generation
Certifications, Evaluations, Security
- Common Criteria EAL4+ certified secure module / mini-HSM
- BSI-CC-PP-0095/ TR-03109-2 annex B
- PKI according to BSI Smart Meter Certificate Policy and TR-03109-4
- Secure firmwareupdate
- Firewall for USB-communication
- Conformitly CE, WEEE & RoHS II
CLS Control & Smart Meter Gateway Communication
according to BSI TR-03109
The MTG smartHSM offers cost-effective possibilities for the secure CLS Control of IoT devices in the German Smart Grid. The MTG Mehrwert-Konnektor has already integrated the smartHSM and provides a central security system for value-added applications that need access through the Smart Meter Gateway. IoT devices can thus be controlled via the CLS channel of the Smart Meter Gateway while complying with the legal requirements of BSI TR-03109.
Key Management System
The smartHSM is very well suited for the operation of Key Management Systems (KMS). MTG has developed a key management system specifically designed to meet the requirements of the Smart Metering market: It can be used by manufacturers in production as well as by utilities in the management of devices. In both use cases, the MTG KMS provides the central security system to which specific applications can be attached. Either on the manufacturer's side or at the utility company.
in the smart meter environment
Hardware Security Modules
Utimaco's SecurityServer CSe provides tamper-proof technology and maximum security for the cryptographic key material for servers and applications. It is ideal for applications with the highest security requirements, such as government organizations or the banking and financial sector. The Deutschland-HSM (D-HSM) offers a special security solution in the eID environment as well as for smart metering in Germany.
High Availability & Scaleability
The large number of (parallel) key operations for TLS and content data protection requires flexible scalability, high availability and reliability, as demanded for example by the German Smart Meter Roll-out.
MTG HSM-HA Cluster is a software high availability layer for the Utimaco Deutschland-HSM resp. Utimaco CryptoServer LAN V4, which is already in use with the eID server for the new German electronical ID card.
The MTG solution is the only cluster-capable HSM-HA solution for the Utimaco Deutschland HSM. Both the primary and secondary systems are active and requests are processed in parallel. There is no recovery time.
The MTG HSM-HA Software provides the following features:
- Geographical distribution possible (K-case scenario)
- transparente Integration (API Utimaco & HSM-HA API MTG transparent)
- Availability (99.9%)
Specific advantages compared to "hot standby solutions" are:
- Availability with fail-over function: i.e. one HSM can fail / be serviced during operation without disrupting the operation of the others)
- Easy dynamic scalability ( because "stateless" is easily possible by connecting further HSM's)
- Performance / Loadbalancing (easily possible by connecting additional HSM's)
MTG recommends an HSM-HA solution ( as of 2 HSM) to ensure maximum availability. In case of failure or maintenance of one HSM, the second HSM automatically takes over the operation.