Central BSI-TR-compliant security infrastructure for everything

A central Cryptographic Module for all Applications

The MTG CryptoController (MCC) is a cryptographic middleware specially designed for the secure operation of a smart metering infrastructure. As the central cryptographic module for all applications for gateway administration (GWA), metering data reception as pEMT and for smart grid management and control as aEMT, the MCC ensures smooth and secure communication with the smart meter gateways (SMGW) and between the market partners - whether via AS4-based market communication (MAKO) or the BDEW Web API, for example change of suppliers (LFW 24) or transmitting switching commands.

In addition to the reliable decryption and encryption of content data, the MCC takes over the validation, signing and secure data transmission via TLS (Transport Layer Security) to the communication partners. The MCC also handles the connection to the root CA and the sub-CAs of the SM-PKI and manages all SM-PKI certificates of the communication partners. The system offers you the advantage of taking benefit from on a central cryptographic infrastructure in order to fulfill all legal requirements of the Smart Meter PKI and to operate all relevant applications independently of the manufacturer and in compliance with BSI TR-03109.

MTG CryptoController for AS4 based MAKO and BDEW-Web API

The respective application – whether AS4-based MAKO, BDEW Web-API-based supplier change (LFW24), or switching communication between grid operators and MSBs—can be quickly and easily connected to the required cryptography and Smart Meter PKI via the MCC API. This allows our partners to focus entirely on optimizing all other processes. The system is multi-tenant, scalable both horizontally and vertically, and designed for high availability.

These tasks are performed by the MTG CryptoController:

• Special modules for AS4-based MAKO, BDEW-Web API for 24 h supplier changeover (LFW24) and for switching communication
• Certificate management (triples per participant)
• Renewal of certificates
• Own certificates (via connected sub-CA, e.g. DARZ.CA)
• Third-party certificates are obtained from other sub-CAs (LDAPs)
• Revocation lists and checking certificates of SM-PKI participants (GWA, EMT, Root & Sub CAs)
• 4-eyes principle: Certificate application & certificate renewal (Web Service Sub-CA)
• Management of access data and certificates of third-party sub-CAs
• BDEW Directory Service & Directory Service Query
• HSM connection

MTG CryptoContoller for the active EMT

The MTG Mehrwert-Konnektor is a dedicated version of the MTG CryptoController, specifically designed for CLS management. It enables secure communication over the CLS channel and acts as a central security and communication hub for energy suppliers who, as active EMTs (aEMTs), aim to control end devices in a grid-friendly way and offer value-added services. In combination with the MTG-CLS stack, CLS devices can be easily connected to the SMGW infrastructure via TCP/IP, regardless of the protocol, ensuring fast and flexible integration. Detailed information can be found here.

MTG CryptoContoller (MCC) for SMGW manufacturers

Manufacturers of smart meter gateways can use the MTG Metering-CA (see Sub-CA Services DARZ.CA) and the MTG CryptoController to equip the hardware with the required initial production certificates very quickly and flexibly.