Our story

01

Task

Providing their engineers with controlled access to sensitive ECU functions during the different phases of development. 

Previously, the customer employed a manual process of generating and distributing security tokens via email; however, it was neither scalable nor secure. 

Our customer wanted an improved system to develop a secure, web-based PKI system from scratch that only allowed trusted individuals to request cryptographically signed tokens securely.  Further, the platform also required enforcing strict access control, which helped maintain traceability and was easily accessible globally. 

02

Challenge

The main challenge of the project revolved around shifting the manual token distribution process to an automated solution that guaranteed a secure, scalable, and auditable infrastructure. 

However, the development of such a solution required both a technical as well as operational change, compliant with security guidelines. 

At the same time, as the tokens allowed access to sensitive ECU functions, ensuring traceability and prevention of unauthorized access were other critical challenges. 

03

Solution

To address the requirements of a secure and scalable token management solution, Diconium Germany's team defined clear objectives and implemented a web-based PKI-as-a-service solution. 

The backend of the architecture was developed using Python, FastAPI, and RestAPI, supported by PostgreSQL and SQLAlchemy  for data management. For cloud infrastructure, we relied on Microsoft Azure, using Docker and Kubernetes to streamline deployments and make them accessible across regions. 

On the front end, React and TypeScript provided a clean, user-friendly interface for authorized users to request and manage tokens. A Role-based access control (RBAC) was used to manage user permissions, while mutual TLS (mTLS) ensured secure, authenticated communication.. 

Furthermore, on-premise Hardware Security Modules (HSMs) were used to securely store the private keys that facilitated secure token signing, and a dedicated support team helped ensure comprehensive audit logging, full traceability, regular security assessments, and automated monitoring. 

04

Successes

Despite the challenging requirements, the platform successfully met the customers' needs to manage secure access to their ECUs. 

The solution is now being used across five countries with over 20,000 tokens securely generated, centralized access control, and 100% traceability. Furthermore, the system ensures 100% visibility into all token activities and supports rapid, secure access for engineering teams across five countries, enabling efficient testing, debugging, and field unit analysis.