top of page


Discover our compelling case-studies that represent an extensive range of security and safety-critical use-cases.



Securosys is the leading HSM provider for securing assets, identities, and communications with a focus on the banking and blockchain industry.


Securosys is facing a huge demand to execute applications on secure hardware that guarantees integrity and confidentiality of code and data during rest, transit, and runtime.


Proving the integrity and confidentiality of applications during runtime requires strong isolation and proving the trust-graph of all components and their dependencies to a hardware root of trust.


Gapfruit provides a revolutionary platform with the highest security properties on the market. The platform can easily be customized and integrated. Existing applications run inside the TEE without or with minimal modifications.

Our unique technology enables complete control over all software stacks and allows our customers to form rational arguments about why their product is considered trustworthy. Therefore, it is perfectly suited to build TEE appliances.


Securosys IMUNES is a Trusted Execution Environment for the highest security requirements set in the banking, blockchain, and payment sector. Securosys is a pioneer in providing attestable trustworthiness for its TEEs through the capability-based security engineered at Gapfruit.

A Securosys IMUNES can prove that a certain output was generated from a specific input, executed at a particular time with specific code. The integration is straightforward with an easy-to-use API. Securosys was able to release the product in no-time, thanks to Gapfruit.


Security Architecture:

Capability-based Security

System Architecture:

ARM Chipset


JVM / WebAssembly


●  Automated Compliance Verification

●  Automated Transaction Signing

●  Cryptographic Audit-Trail

●  Confidential Computing

●  Database Transaction Validation



An evolutionary approach to provide facilities unavailable in ARINC 653.


Jim Podmore, a renowned aircraft engineer, shows how Gapfruit addresses a significant limitation of ARINC 653 based RTOS's, which is their static configuration. The ability to reconfigure a system dynamically, albeit in a carefully controlled manner, provides excellent flexibility in a system while limiting individual components' complexity.


Gapfruit is aiming to build a platform where strong security and safety requirements meet.

Please get in contact with us to develop the next generation of interconnected safety-critical systems.


Bruno Bonati former Member of the Executive Board Head IT and Operations at Credit Suisse, shows how the IT landscape of banking and financial institutions must ensure the highest possible trustworthiness for the entire banking application portfolio.

The Invisible Problem

On its foundation, banking is an industry of trust. Therefore, banks and the financial services industry require specific IT solutions to provide secure and confidential services to their clients.

However, there are more security problems in banking IT systems than managers are aware of.



The Potential of Trusted Execution Environments in Banking.




Bechtle is a multinational technology company for industrial customers and clients in the public sector.


The Bechtle Secure Gateway connects critical infrastructure securely to the cloud. Gateways are exposed to hostile networks such as the internet and form the first line of defense for critical infrastructure.


These devices have significant challenges and requirements that today’s solutions struggle to address:

  • Lack of isolation capabilities to prevent a takeover of the system

  • Lack of integrity protection for the whole software stack

  • Lack of secure and reliable update mechanism

  • Lack of secure device management

  • Lack of self-healing and resilience

  • A high total cost of ownership


Bechtle determined Gapfruit OS to be the best choice for their gateways because we tackle all security, resilience, and management challenges from the ground up by design.

Bechtle defined two different hardware devices (see below) to cover most of the use cases. Gapfruit delivers an all-inclusive package:

  • Consulting and hardware selection

  • Hardware and security enablement

  • Wide selection of runtimes for running powerful Kubernetes Edge Nodes or simple MQTT brokers.

  • Powerful device management (zero-touch provisioning, configuration, updates, rollbacks, etc.

Bechtle Secure Power Edge Gateway

Empowered by Gapfruit OS

Ideal for industrial, high-performance edge applications and computations.

Bechtle Secure Edge Gateway

Empowered by Gapfruit OS

Ideal for industrial control and monitoring.

bottom of page