Security of IoT Components

Machine Identity Management & Security of IoT Components

Protecting IoT Components & Devices with Key Injection

An IoT ecosystem has far reaching application areas - from home networks to medical and automotive industries, through to national defence. When considering these, it’s important to focus on the supply chain as a whole- various global suppliers, distributors, manufacturers and multiple technologies coupled with processes for contracting and logistics. Add this to the engineering beyond what makes the end product or device possible- an interconnected IoT ecosystem where protection of components is critical - any poorly-built component can cause a systematic failure and therefore, security is paramount.

Giving each component a unique electronic identity increases the authenticity of the device, and this is achievable by injecting a unique identity in each component- key injection. The integrity of the key injection process is of extreme importance and can be achieved by using HSMs to establish a Root of Trust for this process.

Utimaco provides industry-grade key injection solutions and a remote key loading Hardware Security Module (HSM) enabling remote key lifecycle management and tracking, including distribution control - creating, securing, and managing required keys and monitoring the full key lifecycle from creation to termination.

Business value

Business value


Root of Trust for IoT

  • Ensuring that each device has a unique electronic identity that can be trusted and managed throughout the complete device life-cycle from manufacturing (key injection) through device operation (PKI) to end-of-operation (key termination).
  • Secures key storage and processing inside the secure boundary of the HSM
  • Provides the ability to update the System Master Key (SMK) for periodic key rotation

Remote Access

Remote Key Delivery- Supporting the remote distribution of keys to deployed (POI) terminals


Device & Data Security

  • Providing each device with a trusted ‘key injected’ identity using digital certificates
  • Ensuring secure communication and software updates over the lifetime of the device
  • Allows users to securely store secret data such as HSM master key components, passwords, PINs, safe combinations, access codes, and derivation data.
  • Secures storage of data obtained and shared by devices in a database using encryption and secure key storage in an HSM
  • Device auditing & tracking
  • If a device demonstrates unusual behaviour, administrators can revoke privileges or decommission the device

Scalable and flexible

  • Recently introduced feature- the ARCKTM API (API for Remote Centralized Key Management) that allows for new schemas to be included for support
    • The API can even be used for the purposes of issuing Cryptographic Signing Requests to third party Certificate Authorities.
  • Seamless integration- supplying a key injection solution for establishing a secure, authenticated network of devices
  • Provides additional terminal-specific functionality supported through the KeyBRIDGE injection dashboard for each supported device.
  • Performs periodic key rotations in the instance of suspected or known key compromise by quickly and efficiently replacing terminal keys in the field
  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based.
  • Supports the requirements of Verifone Remote Key (VRK), allowing customers with their own Terminal Management Systems to build a remote keying facility.
Deployment options

Deployment options


On Premise

  • Useful for centralized use cases without a requirement of scalability or remote accessibility and existing legacy infrastructure
  • Defined total cost of ownership
  • Complete control on hardware and software, including configuration and upgrades
  • Secured uptime in areas with insatiable internet connectivity
  • Preferred choice in industry-segments where regulation imposes restrictions

In the Cloud

  • Strategic architectural fit & risk management for your high value assets
  • Provides flexibility, scalability and availability of HSM-as-a-service
  • Ideal for a multi-cloud strategy, supporting multi-cloud deployments & allows for migration flexibility
  • Allows you to seamlessly work with any Cloud Service Provider
  • Easy-to-use remote management and on-site key ceremony service option
  • Full control over data through encryption key life-cycle and key administration
  • Secured data privacy through Bring-Your-Own-Key procedures


Ihre Fragen beantworten wir sehr gerne.

Wie können wir Ihnen helfen?

Sprechen Sie mit einem unserer Spezialisten und erfahren Sie, wie Utimaco Sie unterstützen kann.