In case a solution Package is NOT signed, due to:

• the user doesn’t have the certificate from the device (individual creation of a solution package at customer site by the customer to update).
• the device using customer specific certificates (tool that creates the solution package may not have access to these certificates).
• no PKI infrastructure is available.

It represents a potential security risk and to mitigates it, following considerations has been done:

1. Sub-package(s) itself are still signed by the vendor such as firmware packages, means no execution of unsigned data in the server though the sub packages. Sub-packages that can’t be signed by the vendor like configurations or applications, shall be signed by the customer or the tool shall inform the user about a usage unsigned content in a sub-package.

1. Trust relation between tool and server is in place based on UA connections and sessions.

Tool as trust anchor, similar as signature check outsourced by a PKI / GDS

Server is trusting the tool, allowing tool to do firmware update.

The tool has to authenticate and authorize itself through login/token and application trust list.

1. Solution packages is created by the tool that has this trust relation.

1. For 3rd instance created packages that has been imported, the tool should inform user Users shall be informed about possible risks when using this option of unsigned solution packages. (Informative)

The server can write to a log or send an event to the client