Key Injection

Key Injection

Key Injection gives every Device an Identity

Security by Design the route to secure identity. The number of connected devices in the Internet of Things (IoT) is growing exponentially, increasing the risk of manipulation of these devices. As a result, the authenticity, integrity and confidentiality of the device or the data needs to be guaranteed.

Key injection is the starting point for securely managing an IoT device over its product lifetime. To make sure that device identities are not hacked, keys need to be generated by an HSM.

Business value

Business value


Root of Trust for IoT

  • Ensuring that each device has a unique electronic identity that can be trusted and managed throughout the complete device life-cycle from manufacturing (key injection) through device operation (PKI) to end-of-operation (key termination). Secures key storage and processing inside the secure boundary of the HSM
  • Extensive key management with key authorization

Device & Data Security

  • Providing each device with a trusted ‘key injected’ identity using digital certificates
  • Ensuring secure communication and software updates over the lifetime of the device
  • Secures storage of data obtained and shared by devices in a database using encryption and secure key storage in an HSM
  • Device auditing & tracking
  • If a device demonstrates unusual behaviour, administrators can revoke privileges or decommission the device

Scalable and flexible

  • Seamless integration – supplying a key injection solution for establishing a secure, authenticated network of devices
  • Performs periodic key rotations in the instance of suspected or known key compromise by quickly and efficiently replacing terminal keys in the field
  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based.
  • Supports the requirements of Verifone Remote Key (VRK), allowing customers with their own Terminal Management Systems to build a remote keying facility.

Remote Access

Remote Key Delivery- Supporting the remote distribution of keys to deployed (POI) terminals


Software Simulator included

Included simulator allowing for evaluation and integration testing to benchmark the best possible solution for each specific case

Deployment options

Deployment options


On Premise

  • Useful for centralized use cases without a requirement of scalability or remote accessibility and existing legacy infrastructure
  • Defined total cost of ownership
  • Complete control on hardware and software, including configuration and upgrades
  • Secured uptime in areas with insatiable internet connectivity
  • Preferred choice in industry-segments where regulation imposes restrictions

In the Cloud

  • Strategic architectural fit & risk management for your high value assets
  • Provides flexibility, scalability and availability of HSM-as-a-service
  • Ideal for a multi-cloud strategy, supporting multi-cloud deployments & allows for migration flexibility
  • Allows you to seamlessly work with any Cloud Service Provider
  • Easy-to-use remote management and on-site key ceremony service option
  • Full control over data through  encryption key life-cycle and key administration
  • Secured data privacy through Bring-Your-Own-Key procedures

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.