We decided to engage Kudelski IoT because they facilitated meaningful conversations and could deliver the device security expertise we sought from a trusted partner. Their team took our mission seriously from the start. As a startup, that meant a lot.
biped faced challenges familiar to any startup. However, the company faces these challenges in an environment where the user’s physical safety is continually at risk while using the device. In addition, biped provides access to its device and services using a subscription model that allows users to rent or buy their biped device and receive the newest models at no additional cost. biped’s device hardware must be updated and secured remotely, maintained without impeding the user’s independence, and proactively managed for failures or security vulnerabilities. As a result, biped’s team sought to expand its team of IoT and cybersecurity resources by engaging a partner with the resources to help.
"It’s critical to have a device security partner who can ask the right questions and treat innovation as an ongoing conversation. Kudelski IoT is that partner for us."
Bruno Vollmer, biped Co-Founder & CTO
biped’s stakeholders understood that the concept’s minimal risk tolerance required an affordable investment in an enterprise-level depth of expertise the startup could sustain and scale over time. The global cybersecurity talent shortage was deeply rooted within the IoT security landscape. biped was proactively searching for a partner to navigate the IoT security journey end-to-end, with minimal roadblocks or gaps in the necessary resources.
biped’s stakeholders sought the depth of IT security experience to provide a trusted foundation for its device to deliver an optimal and secure user experience, capable of adapting to improve its users’ quality of life over time.
Because biped’s user environments, demographics, challenges, and security requirements will continue to evolve, the company’s stakeholders sought IoT security consulting from resources with the repertoire of experience and depth of IoT technology and security resources to take a malleable, security-first approach to build biped's vision with minimal risk and time to market.
biped’s device functionalities require the right capabilities to adapt to its changing surroundings and evolving use cases. Therefore, biped's developers were looking to take a proactive approach to IoT security by engaging expert resources to help implement a security-by-design approach for developing a device capable of adapting to changing user and threat environments throughout the device’s entire lifecycle.
The primary challenge faced during biped’s development phase was designing a solution to manage the security of the IoT devices remotely without disrupting user accessibility or data security. The goal was to minimize cybersecurity risks by:
biped knew they needed a custom solution for success and sought deeper IoT expertise to ensure they invested in both a solution they could rely on and a device security partner they could trust to act as part of the biped team.
biped recognized the advantages of having a partner with the right expertise to navigate their unique challenges. After meeting with Kudelski IoT at the 2022 CES tradeshow, biped’s stakeholders decided to engage Kudelski IoT to help streamline the security of its devices and deliver updates across a global network of mobile users with minimal risk.
"You would assume that in an age of self-driving cars and missions to Mars, there would be more modern accessibility tools available, but in Lausanne, we often see the blind and visually impaired using old-school technology to navigate the area. We founded biped to fill this gap and enhance the quality of life and independence for these communities with our technology," said Vollmer.
biped chose to engage Kudelski IoT as its security partner to help their team develop a secure-by-design device and design and manage a custom FOTA solution powered by keySTREAM to securely deliver remote firmware updates to user devices. biped successfully launched on December 15, 2022. Today, 15 active biped devices serve friendly testers located primarily in the EU, except for a few in the U.S.
biped’s vision hinged on secure innovation, which has been the core focus of the Kudelski Group for over 30 years. From the initial conversations to the device's successful launch, the Kudelski Group acted as an extension of biped’s team to facilitate success.
“It was easy to communicate with the Kudelski IoT team and get their opinion on issues or ideas in real-time so we could explore solutions and opportunities throughout development,” said Vollmer.
Kudelski IoT's team of developers readily adapted to biped’s business framework, even adopting biped's Slack and communication channels to streamline collaboration.
biped began working with Kudelski IoT in April 2022 and collaborated to test the functionality and security of the biped device. Throughout the development stage, biped leveraged the Kudelski Group's 30+ years of experience provisioning over 500 million devices to help their team proactively shortcut issues that would impact Biped’s time to market.
“Kudelski IoT helped us proactively discover and address potential roadblocks that would have delayed our launch. Their team acted as an extension of our own, collaborating with our developers directly to quickly innovate solutions to keep us on track and secure along the way,” said Vollmer.
At the start of the partnership, Kudelski IoT facilitated a collaborative workshop with biped’s technical team to define an appropriate solution, including documentation of the vision for the device’s final architecture. From this workshop, biped established a clear set of solution security and functionality requirements for a clear path to launch. Throughout the development process, the Kudelski IoT team helped expedite the device’s time to market by delivering quick feedback, testing, fixes, and data insights to give biped’s team peace of mind that their devices would be as safe and secure as possible once released.
biped’s minimal risk tolerance and user safety concerns presented challenges around securely connecting and updating user devices remotely. biped initially planned to deliver FOTA updates via the user’s mobile device using Bluetooth. However, the Kudelski IoT team identified the need to complete a certification process to use Bluetooth for biped updates. The which could delay its launch to a year or more. So instead, Kudelski IoT presented an alternative solution, using built-in security controls to restrict what the device could do once connected to the Internet.
“When we faced a new challenge, we knew we were not stuck. Kudelski IoT's team was proactive, quickly identifying issues and collaborating with our team to define a solution,” said Vollmer.
Kudelski IoT's flexible and agile approach to innovation provided access to readily available insights and expertise. biped’s team leveraged to adapt to changes and design a solution for delivering secure FOTA updates with minimal connectivity or risk.
biped leveraged the Kudelski group's depth of expertise and keySTREAM Software-as-a-Service to design a custom solution for delivering safe FOTA updates while protecting devices from malware or unauthorized firmware. Kudelski IoT's FOTA service enabled remote updates, eliminating the need to recall user devices, reducing costs, and minimizing accessibility disruptions for biped users. In addition, Kudelski IoT collaborated with biped's team to develop an Agent specific to the biped platform, adapted to the firmware’s deployment model.
keySTREAM's capabilities enabled biped to set up and manage a certificate authority (CA) to act as a Signing CA for signing credentials and firmware. The FOTA Agent takes a secure approach to delivering firmware updates and serves as a software library that enables the FOTA process on biped devices. In addition, signing keys for updates are stored in Kudelski IoT’s ultra-secure Hardware Security Modules (HSM) for a secure-by-design solution biped can trust to manage device updates efficiently and securely throughout their entire lifecycle.