Success Stories

A leading automotive OEM

PKI solution for ECU security

Software engineering, integration & testing
For a leading automotive OEM, Diconium developed a secure and scalable PKI-as-a-service solution that helped them manage access to restricted features in Electronic Control Units (ECUs). Replacing their manual token issuance process with a centralized, web-based service for cryptographically signed token generation, we helped them gain better traceability, facilitating fast and scalable token generation for their engineering teams.

Our story

01

Task

Providing their engineers with controlled access to sensitive ECU functions during the different phases of development. 

Previously, the customer employed a manual process of generating and distributing security tokens via email; however, it was neither scalable nor secure. 

Our customer wanted an improved system to develop a secure, web-based PKI system from scratch that only allowed trusted individuals to request cryptographically signed tokens securely.  Further, the platform also required enforcing strict access control, which helped maintain traceability and was easily accessible globally. 

02

Challenge

The main challenge of the project revolved around shifting the manual token distribution process to an automated solution that guaranteed a secure, scalable, and auditable infrastructure. 

However, the development of such a solution required both a technical as well as operational change, compliant with security guidelines. 

At the same time, as the tokens allowed access to sensitive ECU functions, ensuring traceability and prevention of unauthorized access were other critical challenges. 

03

Solution

To address the requirements of a secure and scalable token management solution, Diconium Germany's team defined clear objectives and implemented a web-based PKI-as-a-service solution. 

The backend of the architecture was developed using Python, FastAPI, and RestAPI, supported by PostgreSQL and SQLAlchemy  for data management. For cloud infrastructure, we relied on Microsoft Azure, using Docker and Kubernetes to streamline deployments and make them accessible across regions. 

On the front end, React and TypeScript provided a clean, user-friendly interface for authorized users to request and manage tokens. A Role-based access control (RBAC) was used to manage user permissions, while mutual TLS (mTLS) ensured secure, authenticated communication.. 

Furthermore, on-premise Hardware Security Modules (HSMs) were used to securely store the private keys that facilitated secure token signing, and a dedicated support team helped ensure comprehensive audit logging, full traceability, regular security assessments, and automated monitoring. 

04

Successes

Despite the challenging requirements, the platform successfully met the customers' needs to manage secure access to their ECUs. 

The solution is now being used across five countries with over 20,000 tokens securely generated, centralized access control, and 100% traceability. Furthermore, the system ensures 100% visibility into all token activities and supports rapid, secure access for engineering teams across five countries, enabling efficient testing, debugging, and field unit analysis. 

abstract glassy elements connecion 2

A leading automotive OEM

Industry: Automotive

Business Area: B2B 

Technologies: Python, PostgreSQL, FastAPI, REST API, SQLAlchemy, TypeScript, React, ESLint, NPM, Microsoft Azure, Kubernetes, Docker, GitHub Workflows, mTLS, 1Password, SonarQube, Black Duck, Dependabot, On-prem Hardware Security Module, Pytest, Cypress, Chromatic

abstract data cubes abstract glassy elements connecion 2

READY TO UPDATE YOUR BUSINESS?

Let's talk!

Jürgen Wohler

expert business development manager

J%C3%BCrgen+Wohler

More success stories

Learn how we have empowered our customers and get to know our solutions

Increased+Business+value+through+app+optimization

Increased Business value through app optimization

For a leading automotive manufacturer, Diconium developed innovative end-to-end solutions to increase the business value of a subscription-based service.

Read our story
Automotive+infotainment+with+trusted+applications

Automotive infotainment with trusted applications

For a leading automotive software division, Diconium cybersecurity team designed and implemented a secure IDS logging solution to protect sensitive data within their in-vehicle infotainment (IVI) environment.

Read our story
PKI+solution+for+ECU+security

PKI solution for ECU security

For a leading automotive OEM, Diconium developed a secure and scalable PKI-as-a-service solution that helped them manage access to restricted features in Electronic Control Units (ECUs).

Read our story
Secure+ECU+communication+with+trusted+applications

Secure ECU communication with trusted applications

For a leading Tier-1 supplier aiming to secure UART communication, Diconium developed a robust solution that protects critical in-vehicle communication between the SoC and I/O Controller.

Read our story
Cybersecurity+Testing+on+AV%27s+for+Fernride

Cybersecurity Testing on AV's for Fernride

Diconium performed comprehensive security testing for ​FERNRIDE​​ to secure their autonomous vehicle systems against cyber threats.

Read our story
High-performance+e-commerce+platform+for+KiK

High-performance e-commerce platform for KiK

For our client KiK, we developed a high-performance e-commerce solution that stands out in the European market with its state-of-the-art architecture.

Read our story