Manufacturing & IoT

Cryptographic Identity for Components

A final good may contain the products (or ‘components’) of several different manufacturers. Many of them are connected devices with direct or indirect access to the IoT and with onboard software and firmware. Before any product enters the market, manufacturing considerations to component authentication is a crucial element of a security and safety strategy in order to ensure secure communication as well as updates to software and firmware over the product's lifetime.

  • Authentication - every component requires a ‘trusted’ identity for efficient point-to-point network configuration.
  • Integrity - mission-critical communications (i.e, firmware updates) must be digitally signed
  • Data encryption - Ensuring data privacy at rest and in transit

Counterfeit components entering the market can also provide cause for concern- damage to brand and reputation, as well as the safety of the end device leading to liability issues. In this instance, visibility is key- components entering the connected network must prove that they are genuine with a cryptographic authentication.

With identifiable components, manufacturers open the door to service business models around their product, either directly or as ecosystem-service members of the final goods manufacturers. Such service opportunities rely on the security and trustworthiness of the cryptographic identity over the good’s life-time.

Utimaco assures device security and data privacy throughout the complete device life-cycle from manufacturing (key injection) through device operation (PKI) to end-of-operation (key termination).

Safe Processes

Safe Digital Processes


Key Injection for Points of Interaction

PCI compliant attested devices are the starting point in the secure payment processing chain, initiating a non-repudiable and tamper-protected transaction. To make sure device identities can not be hacked, the keys need to be generated by an HSM.


Digital Signatures

Electronic seals leverage PKI certificates to offer the highest levels of security for safety-critical and sensitive collaboration use cases of service providers and cross-corporate integrated automation processes. In compliance with regulations such as eIDAS, they also provide legal assertion and probative evidence throughout the lifespan of the manufactured product or system.


Public Key Infrastructure (PKI)

Automotive devices are operated within PKI-Infrastructures, ensuring confidentiality, integrity, authenticity and non-repudiation of sensitive information. Encrypting data at rest and in transit guards it against manipulation or interception.



Get in touch with us

Talk to one of our specialists and find out how Utimaco can help you today.