Security of IoT Components

Machine Identity Management & Security of IoT Components

Protecting IoT Components & Devices with Key Injection

An IoT ecosystem has far reaching application areas - from home networks to medical and automotive industries, through to national defence. When considering these, it’s important to focus on the supply chain as a whole- various global suppliers, distributors, manufacturers and multiple technologies coupled with processes for contracting and logistics. Add this to the engineering beyond what makes the end product or device possible- an interconnected IoT ecosystem where protection of components is critical - any poorly-built component can cause a systematic failure and therefore, security is paramount.

Giving each component a unique electronic identity increases the authenticity of the device, and this is achievable by injecting a unique identity in each component- key injection. The integrity of the key injection process is of extreme importance and can be achieved by using HSMs to establish a Root of Trust for this process.

Utimaco provides industry-grade key injection solutions and a remote key loading Hardware Security Module (HSM) enabling remote key lifecycle management and tracking, including distribution control - creating, securing, and managing required keys and monitoring the full key lifecycle from creation to termination.

Business value

Business value


Root of Trust for IoT

  • Ensuring that each device has a unique electronic identity that can be trusted and managed throughout the complete device life-cycle from manufacturing (key injection) through device operation (PKI) to end-of-operation (key termination).
  • Secures key storage and processing inside the secure boundary of the HSM
  • Provides the ability to update the System Master Key (SMK) for periodic key rotation

Remote Access

Remote Key Delivery- Supporting the remote distribution of keys to deployed (POI) terminals


Device & Data Security

  • Providing each device with a trusted ‘key injected’ identity using digital certificates
  • Ensuring secure communication and software updates over the lifetime of the device
  • Allows users to securely store secret data such as HSM master key components, passwords, PINs, safe combinations, access codes, and derivation data.
  • Secures storage of data obtained and shared by devices in a database using encryption and secure key storage in an HSM
  • Device auditing & tracking
  • If a device demonstrates unusual behaviour, administrators can revoke privileges or decommission the device

Scalable and flexible

  • Recently introduced feature- the ARCKTM API (API for Remote Centralized Key Management) that allows for new schemas to be included for support
  • The API can even be used for the purposes of issuing Cryptographic Signing Requests to third party Certificate Authorities.
  • Seamless integration- supplying a key injection solution for establishing a secure, authenticated network of devices
  • Provides additional terminal-specific functionality supported through the KeyBRIDGE injection dashboard for each supported device.
  • Performs periodic key rotations in the instance of suspected or known key compromise by quickly and efficiently replacing terminal keys in the field
  • Multiple integrations with PKI applications, database encryption
  • PKI can be managed on-premise or cloud-based.
  • Supports the requirements of Verifone Remote Key (VRK), allowing customers with their own Terminal Management Systems to build a remote keying facility.
Deployment options

Deployment options


On Premise

  • Useful for centralized use cases without a requirement of scalability or remote accessibility and existing legacy infrastructure
  • Defined total cost of ownership
  • Complete control on hardware and software, including configuration and upgrades
  • Secured uptime in areas with insatiable internet connectivity
  • Preferred choice in industry-segments where regulation imposes restrictions

In the Cloud

  • Strategic architectural fit & risk management for your high value assets
  • Provides flexibility, scalability and availability of HSM-as-a-service
  • Ideal for a multi-cloud strategy, supporting multi-cloud deployments & allows for migration flexibility
  • Allows you to seamlessly work with any Cloud Service Provider
  • Easy-to-use remote management and on-site key ceremony service option
  • Full control over data through encryption key life-cycle and key administration
  • Secured data privacy through Bring-Your-Own-Key procedures

Contact us

We look forward to answering your questions.

Get in touch with us

Talk to one of our specialists and find out how Utimaco can help you today.