Today, a remote maintenance solution is only accepted if the plant operators have governance of all online connections. The mbNET.rokey industrial router bys MB connect line offers a two-stage security concept for this purpose. The integrated key switch of the router is used by the on-site operator to control whether only data collection is allowed – or additionally remote maintenance and routing. The collection of system data, for example for visualisation, monitoring or archiving, is then independent of remote maintenance. In "Data collection " (ONL) mode, the router is visible in the portal, but cannot be connected. Remote access with routing must be authorised by the system operator via a key switch (REM). Only with this setting remote maintenance and access to the network behind the router are possible. After remote maintenance has been completed, the switch should be set back to the "Data collection " level. The two-stage security concept allows the remote maintenance of the system to be disabled if it is not needed. This offers additional security and increases the acceptance of the remote access solution.
The system security of the router itself is ensured by hardware-based storage of certificates and encryption of data communication. A security chip (Secure Element) serves as a secure safe for passwords, certificates and keys. These are neither readable nor manipulable - not even by a hardware hack. The process and application data, such as remote maintenance connections or the web interface, are stored in encrypted containers, each are protected against the others and to against outside. This protects the user data against spying and manipulation. A permanently programmed boot loader (Secure Boot), which only accepts signed firmware updates matching the stored security certificate (Secure Firmware), ensures security during system startup.