EN 18031 is the EU standard for general safety requirements for radio equipment. IoT devices must pass the EN 18031 certification, and the following content can be referenced:
Understand the standard requirements
Familiarize yourself with the standard content: EN 18031 is divided into three parts, each addressing different types of radio equipment. Manufacturers of IoT devices need to study the standard in depth to clarify the category of their devices and the corresponding specific requirements. For example, EN 18031-1 applies to internet-connected radio equipment, EN 18031-2 applies to radio equipment that processes data, such as childcare devices, toys, and wearable radio equipment, and EN 18031-3 applies to internet-connected radio equipment that handles virtual currency or monetary value.
Focus on key areas: The standard covers critical areas such as access control, secure software updates, and secure storage and communication. Devices must have mechanisms to prevent unauthorized access, support secure software updates, and ensure data security during storage and communication.
Design and Development Phase
Security architecture design: During the design phase of the device, integrate security architecture and adopt secure hardware and software design principles. For example, choose chips with security features, such as those supporting hardware encryption and secure boot; design a reasonable software architecture to achieve security isolation and access control between modules.
Application of encryption technology: Use encryption technology for sensitive data transmitted and stored by the device, such as symmetric encryption, asymmetric encryption, and hash algorithms. For example, use SSL/TLS protocols to encrypt network communications, ensuring that data is not stolen or tampered with during transmission; use AES and other symmetric encryption algorithms to encrypt user data stored locally on the device.
Identity authentication and access control: Establish effective identity authentication and access control mechanisms to ensure that only authorized users and devices can access sensitive functions and data of the device. Various authentication methods can be used, such as username / password, digital certificates, tokens, etc., and assign different access levels based on user roles and permissions.
Testing and Verification Phase
Internal self-testing: After the device development is completed, manufacturers should conduct comprehensive internal testing, including functional testing, performance testing, and security testing. Security testing may include vulnerability scanning, penetration testing, and code review to identify and fix potential security issues.
Third-party testing: Submit the device to a qualified third-party testing laboratory for testing to ensure that the device meets the requirements of EN 18031 standards. For example, the TUV Rheinland terminal laboratory has the testing capability for the EN 18031 series of standards and can provide relevant testing services for enterprises.
Continuous monitoring and improvement: After the device passes certification, manufacturers should also establish a continuous monitoring mechanism to promptly identify and address security issues that arise during the device’s use. At the same time, pay attention to updates and changes in the standards, and timely improve and upgrade the device to maintain compliance.
If you would like to know more related information, please feel free to contact us~
24-hour service hotline: 131-4343-1439 (same number for WeChat)
Microtest testing dedicated email: [email protected]