If you are a manufacturer dealing with the risk of factory floor devices being hacked—this project developed a system using RISC-V and secure microcontrollers that protects credentials and allows secure remote updates. This ensures your machines stay operational and secure without needing manual technician visits.
Continuous Security Certification and Lifecycle Management for Connected IoT Devices
Imagine if your smart devices had a digital health checkup that never ended, instead of just one check at the factory. This system acts like a lifelong security guard that watches for intruders and automatically updates the locks when a new threat is found. It ensures that a device stays safe from the day it is built until the day it is thrown away.
What needed solving
IoT devices are often insecure and become easy entry points for hackers. Once deployed, they are difficult to update and certify, making them a permanent liability for businesses.
What was built
A security management system that includes hardware-level protection (TEE/SE), a secure boot process, and a remote update mechanism for patching devices over-the-air.
Who needs this
Who can put this to work
If you are an operator dealing with thousands of connected sensors in the field—this project developed a monitoring system that detects attacks in real-time and reconfigures device behavior to block threats. This prevents a single compromised sensor from taking down an entire power grid.
If you are a brand dealing with strict EU laws like the Cyber Resilience Act—this project developed a method for continuous security assessment and over-the-air patching. This helps you prove your products remain compliant with regulations throughout their entire use-life.
Quick answers
What is the cost or pricing for implementing this system?
Based on available project data, specific pricing or cost structures are not provided.
Can this be scaled to millions of devices?
The project focuses on a modular architecture and decentralized response to handle a broad spectrum of IoT environments, suggesting scalability for large deployments.
Who owns the IP and how is it licensed?
Based on available project data, the licensing terms are not specified, though it utilizes open architectures like RISC-V.
Does this help with EU regulatory compliance?
Yes, it specifically addresses requirements from the Cybersecurity Act (CSA), the Cyber Resilience Act (CRA), and the NIS2 directive.
How is the system integrated into existing hardware?
It integrates at the device level using Trusted Execution Environments (TEE) and Secure Elements (SE) such as ST33 microcontrollers.
Who built it
The project is heavily industry-driven, with 9 out of 13 partners coming from the private sector (69% industry ratio). This high concentration of companies, including 5 SMEs across 8 countries, indicates that the results are designed for commercial viability rather than just academic theory.
Contact Universidad de Murcia
Talk to the team behind this work.
Contact us to connect with the CERTIFY industrial partners for licensing and integration.