Securing an IoT product means that an IoT service provider will want to perform actions such as authentication of a specific device and exchanging confidential messages securely with a specific device. To accomplish this, the devices of an IoT product are provided with device-individual cryptographic keys during manufacturing. Such need for the secure exchanging of keys is found in other manufactured devices.