Security of IoT Components

Machine Identity Management & Security of IoT Components

Protecting IoT Components & Devices with Key Injection

An IoT ecosystem has far reaching application areas - from home networks to medical and automotive industries, through to national defence. When considering these, it’s important to focus on the supply chain as a whole- various global suppliers, distributors, manufacturers and multiple technologies coupled with processes for contracting and logistics. Add this to the engineering beyond what makes the end product or device possible- an interconnected IoT ecosystem where protection of components is critical - any poorly-built component can cause a systematic failure and therefore, security is paramount.

Giving each component a unique electronic identity increases the authenticity of the device, and this is achievable by injecting a unique identity in each component- key injection. The integrity of the key injection process is of extreme importance and can be achieved by using HSMs to establish a Root of Trust for this process.

Utimaco provides industry-grade key injection solutions and a remote key loading Hardware Security Module (HSM) enabling remote key lifecycle management and tracking, including distribution control - creating, securing, and managing required keys and monitoring the full key lifecycle from creation to termination.

Business value

Business value


Root of Trust for IoT

  • Ensuring that each device has a unique electronic identity that can be trusted and managed throughout the complete device life-cycle from manufacturing (key injection) through device operation (PKI) to end-of-operation (key termination).
  • Secures key storage and processing inside the secure boundary of the HSM
  • Provides the ability to update the System Master Key (SMK) for periodic key rotation

Remote Access

  • Remote Key Delivery- Supporting the remote distribution of keys to deployed (POI) terminals

Device & Data Security

  • Providing each device with a trusted ‘key injected’ identity using digital certificates
  • Ensuring secure communication and software updates over the lifetime of the device
  • Allows users to securely store secret data such as HSM master key components, passwords, PINs, safe combinations, access codes, and derivation data.
  • Secures storage of data obtained and shared by devices in a database using encryption and secure key storage in an HSM
  • Device auditing & tracking
  • If a device demonstrates unusual behaviour, administrators can revoke privileges or decommission the device

Scalable and flexible

  • Recently introduced feature- the ARCKTM API (API for Remote Centralized Key Management) that allows for new schemas to be included for support
    • The API can even be used for the purposes of issuing Cryptographic Signing Requests to third party Certificate Authorities.
  • Seamless integration- supplying a key injection solution for establishing a secure, authenticated network of devices
  • Provides additional terminal-specific functionality supported through the KeyBRIDGE injection dashboard for each supported device.
  • Performs periodic key rotations in the instance of suspected or known key compromise by quickly and efficiently replacing terminal keys in the field
  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based.
  • Supports the requirements of Verifone Remote Key (VRK), allowing customers with their own Terminal Management Systems to build a remote keying facility.

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.