A proven protection against identity theft of a server is to outsource the private keys to a dedicated hardware security module (HSM). The HSM makes it more difficult for unauthorized parties to access these keys. At the same time, the systems can request these keys and thus continue to use them.
The use of hardware security modules is especially in the context of smart metering required by TR-03109 for gateway administrators (GWA) as well as external market participants (EMP, e.g. as meter data receivers). However, purchasing such an HSM is very expensive and the integration is somewhat complex. Moreover, appropriately trained personnel is needed to operate and maintain an HSM.
[Translate to Englisch:]
Therefore, we offer HSM operation as a service (HSMaaS). The customer can be provided with an entity (client) on the HSM under which its users and keys are managed. A connection to your target system ensures that the keys stored in the HSM can be used in this system.
In this regard, we comply with the applicable requirements from the Certificate Policy of the Smart Metering PKI and, in particular, with TR-03109-6 for GWA application operation.
All operational requirements (user installation, key generation) can be made by a customer of Robotron via KIX-Ticket. The operational tasks are handled by the Security Services department in coordination with the Metrology department. For efficient access to your ephemeral keys, Robotron provides you with a suitable software component as an additional service.