IoT Device PKI Implementation

Design and implementation of an overarching PKI for different device families and generations with different managed PKI service providers.

CASE

Brief

A major German consumer devices manufacturer required support in designing and implementing a Public Key Infrastructure (PKI) for their consumer devices ecosystem. The customer aimed at securing the lifecycle of their devices, including secure provisioning of firmware updates, secure connection to the service backend, and protecting customer content processed by the devices.

BxC was asked to support the design of an overarching PKI for different device families and generations, including the subsequent PKI integration with different managed PKI service providers.

4

Service Regions

15 Mio

Produced Devices per Year

50+

PKI Components and Services

The Process

Areas of Activity

PKI Hierarchy & Certificate Design

Designed and implemented a comprehensive PKI (Public Key Infrastructure) architecture optimized for global operations. Our solution encompassed the complete certificate lifecycle management, from secure generation and distribution to automated renewal and validation processes. The infrastructure was specifically engineered to deliver cost-efficient security services while ensuring regulatory compliance across worldwide operations and maintaining robust security standards.

Operationalization Of PKI Services

Developed and implemented a tailored Target Operating Model for seamless PKI integration, including comprehensive operational documentation and onboarding procedures. This systematic approach enabled swift operationalization of the PKI infrastructure while ensuring secure integration into device manufacturing processes and digital service delivery. The structured knowledge transfer and documentation framework facilitated smooth adoption by operational teams and sustainable long-term management.

Implementation of PKI Services

Led the technical implementation of comprehensive PKI services, leveraging deep process expertise and solution knowledge. Successfully deployed and operationalized on-site Factory Certificate Authorities across multiple production facilities. Our team orchestrated the seamless integration of Managed PKI services into the client's service portfolio, enabling end-to-end certificate management throughout the complete device lifecycle, from production to decommissioning.

Results

Our Contribution to Success

PKI Hierarchy Implementation

Implementation of a 4-Tier PKI hierarchy with more than 20 Issuing CA’s of a mix of on-premise and Managed PKI service components and setup of all PKI administration and lifecycle processes.

Factory CA Implementation

Implementation of 4 Factory CA’s in production facilities for device mass production and integration of CAs and certificate repositories into the product and service lifecycle.

Organization Enablement

Integration of PKI into product and software development with more than 15 teams and integration of PKI lifecycle processes into the operational processes of all teams with least impact.