ZF Friedrichshafen AG secures wireless manufacturing with nCipher Security HSMs

Leading manufacturer uses nCipher HSMs to protect mission-critical processes and meet regulatory requirements

With more than 130,000 employees, ZF is one of the world’s leading manufacturers of automotive chassis and driveline technology. The company’s network of 230 manufacturing facilities stretches across 40 countries, producing the innovative transmissions, steering systems, axels, and chassis components that the world’s top vehicle makers need. ZF’s primary focus is on continuing its tradition of quality and innovation, but it realizes that today success requires reliance on advanced technology systems to power manufacturing and core business processes. To secure its systems from internal and external threats, ZF relies on Microsoft Windows Server PKI (public key infrastructure) technology and nCipher nShield hardware security modules (HSMs).

“nCipher HSMs give us auditable key protection for the computers that conduct our office-based processes, and they enable more cost-effective and scalable security for the technology that drives our production lines,” says Jürgen Paulmichl, information technology security manager for ZF


  • Reducing IT costs with enterprise-class e-security
  • Meeting the expectations of auditors and regulators
  • Managing HSMs remotely and cost-effectively
  • Protecting manufacturing processes from unauthorized access


ZF Friedrichshafen AG secures wireless manufacturing with nCipher Security HSMs

For several years ZF used PKIs to protect individual processes. Within the company’s PKIs, various certificate authorities (CA) issued digital certificates to machines, such as servers and desktop computers, in the company’s network. Using digital certificates, systems could be uniquely identified and authorized to access business systems, such as ZF’s SAP accounting applications.

As ZF operated these PKIs, the company realized that they presented two challenges. Managing thousands of certificates without a centralized process was time-consuming and inefficient, especially when it came to tracking and updating expiring certificates. And importantly from a security perspective, its PKIs were not completely secure or recoverable because the private keys underlying the certificate issuing process were not protected in a scalable, hardwarebased environment

ZF subsequently decided to establish an enterprise-wide PKI. Paulmichl says, “With an enterprise PKI, we can manage certificates more efficiently. We chose to use nCipher HSMs to secure our PKI and to enable a more reliable CA key storage environment. Implementing nCipher HSMs has proven to be a smart move, as they have allowed us to easily meet the escalating security expectations of auditors, governments, and company leaders.”


To issue certificates and manage its PKI, ZF decided to implement the PKI provided with Microsoft Windows Server. ZF undertook an extensive evaluation process for the HSMs securing the PKI, and it solicited proposals from four leading HSM vendors. The company was looking for seamless integration with Microsoft Windows Server, FIPS certification, and support for 64-bit Windows. Of the HSMs that met those basic requirements, nCipher nShield stood out thanks to its remote management capabilities and proven ability to integrate with Microsoft Windows Server.

“Only nCipher HSMs had reference customers available to confirm ease of integration with Microsoft Windows Server,” explains Paulmichl. “We were also impressed with the fact that we could manage nCipher HSMs remotely. It’s a capability that fit well with ZF’s global reach, allowing us to place HSMs as far away as Brazil while managing them from Germany. Being able to manage HSMs remotely cuts travel and management costs.”


After receiving training from the nCipher Advanced Services Group, ZF was able to integrate its nCipher nShield HSMs into its PKI environment using in-house resources. “nCipher provided all the insight we needed to manage our HSMs securely and remotely,” says Paulmichl. “When we do need to administer the HSMs, we do so using smartcards, which enforce separation of duties for added security and compliance validation.”

Today, ZF manages tens of thousands of machine certificates with its PKI, and it secures the CA issuing keys protecting each certificate with nCipher HSMs. Perhaps most crucially, the certificates serve to authenticate all of the machines involved in producing its products. Its machines are connected to each other over wireless networks, and the certificates ensure that no unauthorized machine can interfere with or eavesdrop on ZF’s manufacturing processes.

“Thanks to our nCipher HSMs, no one can issue, forge, or duplicate a certificate with our PKI. That is important to us from business perspective and to our auditors who must sign off on our processes,” explains Paulmichl.


In an effort to fight tax evasion and smuggling, the government of Brazil implemented regulations – called nota fiscal electronica – requiring that manufacturers produce electronic bills of lading “stamped” with a digital signature. The regulations mandate the use of HSMs to store and protect the time stamping certificates.


Headquartered in Friedrichshafen, Germany, ZF develops and manufactures driveline and chassis components for the global automotive industry. The company is best known for its innovative transmissions, including the world’s first 8-speed transmission.

To learn more about ZF Friedrichshafen, visit www.zf.com

For more information about nCipher HSMs, visit: www.thales-esecurity.com

While many manufacturers scrambled to implement compliant systems, ZF was ready. The company simply integrated its PKI with the SAP system it used to generate bills of lading.

“Brazil’s nota fiscal electronica is a good example of how regulations can require HSMs,” says Paulmichl. “Because our processes were already protected by HSMs, it was easy for us to comply. We are able to easily manage our HSMs in Brazil from Germany.”


When a process reengineering effort required that ZF update certificates for tens of thousands of machines in a 24 hour period, its IT security staff was pleased that the company’s nCipher nShields were more than up to the task. Paulmichl explains, “We rolled out certificates to all clients all over the world in one day. No location reported any errors. Our HSMs performed perfectly. You expect security from HSMs. nCipher HSMs also provide the superior performance, scalability, and reliability needed to protect our global manufacturing processes.”


Today’s fast moving digital environment enhances customer satisfaction, gives competitive advantage and improves operational efficiency. It also multiplies the security risks. nCipher Security empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.

Our cryptographic solutions secure emerging technologies – cloud, IoT, blockchain, digital payments – and help meet new compliance mandates, using the same proven technology that global organizations depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure. We deliver trust for your business critical applications, ensuring the integrity of your data and putting you in complete control – today, tomorrow, at all times.

To find out more how nCipher Security can deliver trust, integrity and control to your business critical information and applications, visit www.ncipher.com.