SciTransfer
CERTIFY · Project

Continuous Security Certification and Lifecycle Management for Connected IoT Devices

digitalPilotedTRL 7

Imagine if your smart devices had a digital health checkup that never ended, instead of just one check at the factory. This system acts like a lifelong security guard that watches for intruders and automatically updates the locks when a new threat is found. It ensures that a device stays safe from the day it is built until the day it is thrown away.

By the numbers
13
Total deliverables
9
Industry partners
69%
Industry ratio in consortium
The business problem

What needed solving

IoT devices are often insecure and become easy entry points for hackers. Once deployed, they are difficult to update and certify, making them a permanent liability for businesses.

The solution

What was built

A security management system that includes hardware-level protection (TEE/SE), a secure boot process, and a remote update mechanism for patching devices over-the-air.

Audience

Who needs this

IoT Hardware ManufacturersIndustrial Control System OperatorsCybersecurity Certification BodiesSmart City Infrastructure Providers
Business applications

Who can put this to work

Industrial Automation
enterprise
Target: Smart Factory Equipment Manufacturer

If you are a manufacturer dealing with the risk of factory floor devices being hacked—this project developed a system using RISC-V and secure microcontrollers that protects credentials and allows secure remote updates. This ensures your machines stay operational and secure without needing manual technician visits.

Critical Infrastructure
enterprise
Target: Utility Grid Operator

If you are an operator dealing with thousands of connected sensors in the field—this project developed a monitoring system that detects attacks in real-time and reconfigures device behavior to block threats. This prevents a single compromised sensor from taking down an entire power grid.

Consumer Electronics
SME
Target: IoT Home Appliance Brand

If you are a brand dealing with strict EU laws like the Cyber Resilience Act—this project developed a method for continuous security assessment and over-the-air patching. This helps you prove your products remain compliant with regulations throughout their entire use-life.

Frequently asked

Quick answers

What is the cost or pricing for implementing this system?

Based on available project data, specific pricing or cost structures are not provided.

Can this be scaled to millions of devices?

The project focuses on a modular architecture and decentralized response to handle a broad spectrum of IoT environments, suggesting scalability for large deployments.

Who owns the IP and how is it licensed?

Based on available project data, the licensing terms are not specified, though it utilizes open architectures like RISC-V.

Does this help with EU regulatory compliance?

Yes, it specifically addresses requirements from the Cybersecurity Act (CSA), the Cyber Resilience Act (CRA), and the NIS2 directive.

How is the system integrated into existing hardware?

It integrates at the device level using Trusted Execution Environments (TEE) and Secure Elements (SE) such as ST33 microcontrollers.

Consortium

Who built it

The project is heavily industry-driven, with 9 out of 13 partners coming from the private sector (69% industry ratio). This high concentration of companies, including 5 SMEs across 8 countries, indicates that the results are designed for commercial viability rather than just academic theory.

How to reach the team

Contact Universidad de Murcia

Next steps

Talk to the team behind this work.

Contact us to connect with the CERTIFY industrial partners for licensing and integration.