Operating Instructions

SENSE MCE IBC Operating Instruction

Page 22 of 46 Release Rev. D, 2020-12-15

2.8 Sense MCE IBC Security

Security is anchored inside the Sense MCE IBC via the Trusted Platform Module (TPM). The

TPM is a special designed and crypto logical hardened HW, able to store secrets.

The communication between the MYNXG controller and

▪ the MYNXG Service and Transformation Layer is secured with TLS means,

▪ TLS encryption of all data for data protection

▪ the MYNXG communication with the sensors is protected through DTLS / TLS

means.

Through the MYNXG public key infrastructure (PKI) the following functions are provided:

▪ Provisioning of Certificates

▪ Provisioning of permanently changing TLS secrets

▪ Provisioning of permanently changing DTLS secrets

▪ Secure SW Over The Air (OTA) downloads towards the

▪ Secure SW Over The Air (OTA) downloads to the sensor

IMPORTAN T NOTICE

The Sense MCE IBC is designed in line with the methods defined under

ISO 27001. Security hardened boot sequence according to CC-EAL, and

CC-EAL based security analysis and counteractions. Every cloud

communication over 3GPP or Wi-FI networks is encrypted at any time.

MYNXG development processes and the MYNXG products are designed in line with the

methods defined under ISO 27001, MYNXG is audited through the TÜV Rheinland. MYNXG

Digital Products and Digital Services are developed within a secured ISO 27001 compliant

development environment.

MYNXG has implemented and is provisioning the entire needed infrastructure including:

• Certification Authority (CA) and PKI for the generation and distribution of secrets.

• Production environment for Gateways and Sensors.

• R&D environment to produce software and hardware in line with the ISO 27001.

The MYNXG architecture is compliant with the BSI recommended “Protection Profile for the

Gateway of a Smart Metering System”. The gateways are not security certified as they are

delivered but contain all functions and features for the security.