Cryptographic key generation and management

Reducing risks with cryptographic key management standards

The creation and management of cryptographic keys is a vital step in IoT device security. New keys are needed when existing keys expire, a new certificate (identity) is required and a communication session is set up (session keys). Key management is not limited to key generation, however. Keys often must be certified by a certification authority, jointly established by two parties or derived from other keys. Establishing a root key on a secured chip at the manufacturing stage reduces risk, supporting subsequent key generation, key management and security updates.

Secured foundation for future cryptographic operations

Our OPTIGA™ TPM and OPTIGA™ Trust product families are designed from the ground up to meet the strictest cryptographic key management standards. They achieve this in a number of ways:

  1. All private and secret keys are safely stored in a secured vault
  2. With built-in hardware crypto modules, our security chips can generate intermediate keys (session keys, blob keys)
  3. They can sign and/or verify data internally without exposing private keys

Benefits at a glance

  • IoT system and device manufacturers can offer robust key management functionality
  • Service providers can manage their private and secret keys securely
  • Best practice cryptography gives consumers greater confidence in the security of their IoT devices and systems


Application brochure


Videos: IoT security demonstrations

Experience our broad range of demonstrations including the embedded security solutions of our OPTIGA™ product family