If you are a vehicle manufacturer dealing with insecure third-party sensors — this project developed a Device Security Passport that provides a machine-readable security overview throughout the device's lifecycle.
Secure IoT Supply Chain Management and Automated Cybersecurity Certification System
Imagine every electronic part in a smart device came with a digital birth certificate and a health record. This system tracks every piece of software and hardware from the factory to your home to ensure no 'hidden doors' were left open for hackers. It uses a digital twin—a virtual copy of the system—to simulate attacks and find weaknesses before they happen in real life.
What needed solving
IoT supply chains are vulnerable because a single compromised supplier can impact thousands of end customers. Companies currently lack a standardized way to verify the security of third-party hardware and software components throughout their lifecycle.
What was built
A 'Device Security Passport' (DSP) that aggregates SBOM, HBOM, and MUD files. A Digital Cybersecurity Twin and an automated Architecture Security Validator for pre-certification.
Who needs this
Who can put this to work
If you are a grid operator dealing with complex IoT architectures — this project developed a Digital Cybersecurity Twin that uses AI to discover attack surfaces and suggest protective measures.
If you are a smart home brand dealing with compliance for the European Cyber Resilience Act — this project developed an automated Architecture Security Validator to provide pre-certification against security standards.
Quick answers
What is the cost or pricing for this solution?
Based on available project data, pricing and cost structures are not specified as this is a Horizon-RIA research project.
Can this be deployed at an industrial scale?
The project validates its technology in three major domains: automotive, energy, and smart home, suggesting a design intended for industrial-scale application.
What are the IP and licensing terms?
Based on available project data, specific licensing terms are not listed, though the project contributes to standardisation and policy recommendations.
How does this help with EU regulations?
The system is an early implementation of the requirements of the European Cyber Resilience Act, providing an operational reference model for compliance.
How is the technology integrated into existing workflows?
It integrates existing descriptors like SBOM, HBOM, MUD, and VEX into a central Device Security Passport Platform with version control and audit trails.
Who built it
The consortium is well-balanced for commercialization, featuring 11 partners across 6 countries. With an industry ratio of 45% and 5 SMEs involved, there is a strong lean toward practical application rather than pure academic research, supported by 4 research organizations and 2 universities.
Contact ATOS MAGYARORSZAG KORLATOLT FELELOSSSEGU TARSASAG in Hungary
Talk to the team behind this work.
Contact us to explore licensing opportunities for the Device Security Passport technology.