top of page

THE CUPROUS
SECURED EDGE
GATEWAY

Secured. Scalable. Efficient.

new gateway edge copy.png

With the rapid expansion of autonomous devices on the electricity grid, the need for secure, edge-based data processing has never been greater. These devices require real-time computing near the source while maintaining seamless, secure cloud connectivity.


The Cuprous Secured Edge Gateway meets this demand with scalable, energy-efficient computing power, ensuring robust security for data at rest and in transit, enabling a smarter, safer, and more resilient grid.

INNOVATION

The Cuprous secured edge gateway is designed with best-in-class security practices and consists of a single board with a low-powered Internet of Things computer. The computer integrates WiFi, Ethernet, and interface electronics including RS485. The gateway’s form factor is designed to fit in small enclosures and its low energy consumption avoids the need for any additional cooling.

Cuprous_diagram_reverse_edited.jpg

SOFTWARE

Cuprux is our security focused Linux® operating system running on the gateway. It manages communication with the Cuprous Cloud Edge while insulating your 
application from potential attacks in a controlled environment or container.

Cuprux also coordinates with a Cuprous provisioning service to manage the deployment and lifecycle of the gateway and your application. 

HOW IT WORKS

Gateways are provisioned with a unique identity by the time they are supplied to your users. This identity is stored in a registry that is syncronised with your cloud.

​

When plugged into a network, the gateway will establish a VPN connection to your cloud and the user will be provided with a public and secure web link to access it. No configuration to access the gateway is required by your users.

EDGE

  • A high-performance, Broadcom BCM2712, quad core Cortex-A76 (ARMv8) 64-bit SoC @ 2.4GHz microprocessor, 2GiB of memory, 16GB of eMMC flash storage

  • No fan is required to cool the gateway, leading to increased energy efficiency and reliability

  • Limited attack surface given that the gateway is designed to establish trusted outbound internet connections only

  • Software containerisation further prevents network access to the operating system and eliminates local area network address contention

  • Secure access to its user interface via a private WiFi connection or across the internet via a WireGuard VPN (Virtual Private Network)

  • Supervisory function for hosting event-driven services that enable a great user experience

  • Dual mode 2.4 GHz 802.11 b/g/n Wi-Fi - simultaneously hosts a WiFi access point and connects to existing WiFi networks

  • On-board U.FL connector for an external antenna to promote good reception

  • Two wired 1000 Mbps ethernet via onboard RJ45 modular jacks.

  • Two RS485 communications for local connectivity with a range of several hundred metres, with the potential to support over 500 server nodes, including MODBUS nodes.  The RS485 ports are galvanically isolated to resist 8kV fault transients and eliminate ground loops.

  • USB 2.0 host port header, USB C device port, FTDI compatible serial connector. 

  • Trusted firmware and software updates via WireGuard

  • Autonomous operation without requiring internet connectivity - also known as “local first cooperation”

  • A “commit log” design permits external services to connect and “catch up” with the state of the system

  • AES-128 CCM encryption for data at rest

  • A software secret store for holding sensitive data including encryption keys

  • User credentials are encrypted and any stored passwords are hashed

  • Tamper switch for detecting whether an enclosure has been opened and closed

  • Enclosure temperature monitoring

  • Easy access to board components, including voltage test points

  • Animated LEDs that indicate the state of the gateway

  • Low power consumption and low heat generation - sub 1W

  • PCB test points for factory-based quality control

  • Components are FCC and CE certified

  • Cuprux - our own modern Linux® distribution designed specifically for the gateway, supporting systemd and its containerisation

PROVISIONING
AND CLOUD

  • A suite of services designed to run on self-hosted Debian-based Linux® machines, including those using the popular Ubuntu distribution

  • A registry service for holding information on each gateway provisioned at the point of manufacture

  • A registry service that can import data from other Cuprous registries for the purpose of managing gateways that can be trusted with the system

  • One or more Cloud Gateway services that globally manage public HTTPS access to each gateway and its associated WireGuard VPN network

  • Each Edge Gateway may connect to any Cloud Gateway so that it may be accessed securely over the public internet

  • Cloud Gateways and their associated registry is resilient in the face of failure - as long as one Cloud Gateway remains active then access to the Edge Gateways remains

  • Gateway identities are aliased using encryption and randomness so that their public facing internet addresses cannot be guessed, nor traced back to a gateway

  • Secure shell access (SSH) is provided to an Edge Gateway only via the host machine of the Cloud Gateway - the Edge Gateway is locked down

  • Trusted software updates can be pushed to an Edge Gateway from a Cloud Gateway securely

Thanks for submitting!

1_cuprous logo_master_rgb.png

Tel:  +61 2 4283 7707
 

Alternatively, please use the web form and we will get in touch.

​

​

© Cuprous 2025

Bulli, New South Wales, Australia.

Cuprous acknowledges the Dharawal People as the Traditional custodians of the land on which we work and meet and pay respect to Elders past, present and emerging. 

bottom of page