SVH Device Agent
The trusted half of your device.
The SVH Device Agent runs inside the device and does three jobs without compromise: prove the device's identity, deliver its data reliably, and keep the software on it safe to run and safe to update.
Hardware-rooted identity
Device identity is anchored in a TPM 2.0 — the key never leaves the hardware. Devices enroll with a manufacturer-installed birth certificate and prove who they are with remote attestation. A software-key path covers hardware without a TPM.
Never lose data
Events are encrypted and stored durably on the device before they are ever acknowledged, then delivered at-least-once, in order, when connectivity returns. Safety-critical events survive storage pressure and extended offline operation.
Safe updates, three ways
A/B partition, package-based, or full-image updates — each signed, each with automatic rollback. Clinicians can approve or postpone. Air-gapped devices update from signed USB media using the same trust chain.
A sandbox for every module
First- and third-party software ships as modules — native or WebAssembly — that run with only the permissions their signed manifest declares. Enforcement is done by the operating system, default-deny. A misbehaving module cannot crash the device or reach data it was not granted.
Self-healing supervision
The agent monitors module health, restarts failures, and reports degraded state to the platform — along with device memory, storage, battery, and network health.
One controlled path to the cloud
The clinical application never talks to the internet. All traffic flows through the agent over a single, mutually authenticated channel — one auditable door in and out of the device.
Spec sheet
At a glance
| Runs on | Embedded Linux (ARM and x86) |
|---|---|
| Written in | Rust — memory-safe by construction |
| Device identity | TPM 2.0 hardware root of trust; software-key fallback |
| Transport | gRPC over mutual TLS, certificate pinning |
| Cryptography | FIPS-aligned provider; AES-256-GCM at rest; Ed25519 / ECDSA-P256 signatures |
| Data delivery | Durable queue, at-least-once, guaranteed ordering, offline-first |
| Updates | A/B partition, package, full image, offline USB — all signed, all with rollback |
| Module runtime | Native (OS-sandboxed) and WebAssembly (wasmtime), signed manifests |
| Audit | Tamper-evident, cryptographically chained audit log |
| Supply chain | SBOM per release, signed modules, reproducible builds |
Designed to support IEC 62304 and IEC 81001-5-1 software lifecycles and FDA premarket cybersecurity guidance — secure update, SBOM, attestation, and audit are built in, not added for the submission.
Put SVH in your next device.
We will walk your engineers through the agent, the SDK, and the integration path.