MTG IoT KMS Solution & Benefits
The MTG IoT Key Management System (IoT KMS) was designed to support the special requirements of the IoT device manufacturers and operators in all processes relating to the management of key material.
MTG IoT KMS from device production to operation (© MTG AG)
The MTG IoT KMS enables manufacturer to generate high quality keys (e.g. AES keys) and to apply them during the production process. The ERP-systems will use the MTG IoT KMS to import keys from different devices. During the entire production, order and shipment process an effective identification and authentication of millions of devices are possible. On operation side (Onboarding, Operation, Monitoring / Maintenance) all device management applications manage the needed device keys with the central IoT KMS.
Tasks and Use-Cases
|
Key injection of IoT devices during production |
The creation and injection of one or more specific keys, during production is an important process for more device safety. This ensures confidentiality, integrity and authentication of million individual keys of produced IoT devices. |
|
Secure Boot |
Manufacturers of embedded systems should ensure that their devices only boot with original and unmodified firmware. MTG IoT KMS uses digital signatures to ensure the trustworthiness of the embedded system throughout the device lifecycle and covers secure boot, configuration and update processes. |
|
Customized production |
For a manufacturer a customer-specific production of the key material is essential and can be controlled with the MTG IoT KMS. |
|
Separate key management of production processes |
MTG IoT KMS allows individual roles and access rights to be set up for the different production lines or products, each with its keys handled separately. |
|
Key storage and deletion |
Customers may require that the manufacturer securely archives the keys for the delivered devices for a certain period of time. The MTG IoT KMS ensures that the archived keys can be accessed and assigned to the customer for individual periods. It is also possible to securely delete the key material for individual customers |
|
Management of multiple internal and external production sites |
Different sites of internal or even external suppliers could be integrated into the MTG IoT KMS. External suppliers who are not allowed to view the key material can be managed in this way, for example. |
|
IoT device operation |
For secure device management, various client applications are able to continuously access the key material managed centrally in the MTG IoT KMS throughout the entire device lifecycle.:
|
|
Multi-vendor support |
The MTG IoT KMS can support different manufacturers and products in the management of the devices in operation. |
|
Task specific key material |
On production and operation side, keys are marked according to their function or tasks (administration, testing, updating, workforce management...) to be used by the authorized applications / users only. |
|
Replacement of the key material in the device |
MTG IoT KMS allows to exchange key material in the devices. For example, before the validity of keys expires or broken algorithms. |
Secure electronic shipment files
A secure handover of the key material when sending the physical devices to the customer or between production sites has to be ensured with an electronic shipment file. For the en- and decryption of an electronic shipment file we offer all necessary "crypto key functionalities". The application for the electronic shipment file can be connected quickly and easily to fulfill all encryption tasks. For the electronic shipment file, we rely on common standards such as OMS-XKE (OMS XML Key-Exchange of the Open Metering System Group) and FNN eLS 2.1 (Germany).Thanks to the key transfer via standardized interfaces, it is always possible to work with a non-MTG KMS on the side of the manufacturer or its customer.