Public Key Infrastructure PKI

When it comes to protecting subsystems and control units against a whole range of critical cyber threats, there is no way around identity and authentication control (IAC). Selectron's Public Key Infrastructure (PKI) is a solution that sets a new standard in cybersecurity for networked rail transport.

Public Key Infrastructure (PKI): puts a stop to cyber threats

Modern rail vehicles have evolved into networked, Internet-connected systems with data centers on wheels. This results in a threat landscape that is as real as it is dangerous; from intruders gaining remote access through network vulnerabilities to physical hacking attacks on the equipment of unmonitored vehicles. Thoughtful identity and authentication control (IAC) protects against threats. It is even becoming indispensable for the digitalization of business models in the transportation sector.

Flexibility and deployability on an unprecedented scale

It is a well-known principle that you can only protect what you have identified and know by a name, i.e., an identity. This is where Selectron's Public Key Infrastructure (PKI) solution comes into play. As a new fundamental cloud service within the Knorr-Bremse Group, it is responsible for identity and authentication control of vehicle control units and other subsystems. The PKI, developed jointly with specialist Irdeto, issues a hierarchy of security certificates and signs them digitally to protect against forgery and modification. The same PKI service can also be used for other protection mechanisms; for example, to provide a new software version with a forgery-proof identity. Any changes made to the software by an attacker are immediately detected and reported as a threat, or their installation is automatically prevented.

Specifically, Selectron embeds the certificates extensively in vehicle control units (VCUs) and other microcontrollers of Knorr-Bremse subsystems. This means that they can always be identified, checked, renewed and, if necessary, revoked within the transport communications infrastructure throughout their entire service life. Unlike many other commercial-off-the-shelf PKIs, the Selectron PKI can meet requirements in terms of security, compliance, flexibility and deployability to an unprecedented extent.


  • Secure Boot: In conjunction with hardware security chips in the devices, so-called Trusted Platform Modules or TPM, it is possible to check whether anything has been changed on the device since the last valid boot every time the device is switched on.
  • State-of-the-art encryption: With RSA, ECC, SHA2 and others, the most modern encryption algorithms are available to ensure secure identities and integrity verification.
  • High availability: The PKI service is available worldwide with a high availability of 99.5% with sophisticated standby, backup and disaster recovery concept.

  • Separate customer environment: Customers can request their own completely separate environment with the same security as KB devices, they can also request their own certificates and use them to protect their applications or other systems with the same PKI.
  • Flexibly extensible: The solution is open and flexible and can also be customized to meet specific customer needs. Talk to us about your requirements.

Contact us

Get more information

Selectron Systems AG
Bernstrasse 70
3250 Lyss

+41 32 387 61 61
(Charges may apply.)

Monday - Thursday:
08:00 - 12:00 and 13:30 - 17:00 (CET)

08:00 - 12:00 and 13:30 - 16:00 (CET)

Back to Cybersecurity Overview