Embedded Systems Portfolio
Explore our IoT case studies and embedded systems projects — real-world secure firmware deployments, RFID access control systems, and industrial IoT telemetry at scale.
In this RFID access control case study, Modern Boutique Hotel in Lahore, Pakistan ran a completely disconnected system — staff had to physically tap every door to collect access logs. There was no centralized provisioning, no real-time monitoring, and no way to know if a door had been tampered with until the next manual audit. Every new guest or staff credential required a site visit. Lost keys meant costly rekeys of entire locks. As they prepared to expand from 33 to 80 rooms, they needed a system where everything — from provisioning a new guest or staff key to shift timing checks, automated logging, and anomaly detection if intrusion was detected anywhere in the premises — happened automatically.
We deployed JanusAccess across all 80 rooms: JanusKey at the front desk for instant centralized credential provisioning — no more site visits for every new key. JanusGate controllers at every door validated credentials in real-time with AES-256-GCM encryption, while shift timing checks ensured staff credentials auto-expired according to their schedules. Automated logging captured every access event persistently — no door was ever left untapped. Anomaly detection alerted management immediately if intrusion was detected anywhere on the premises, and automated OTA updates kept all firmware current without manual intervention. Dual telemetry paths (MQTT + HTTP) provided fault-tolerant data transmission, ensuring not a single access event was ever missed.
A 5-floor smart building in Valletta housed 30+ tenants with overlapping common areas, shared meeting rooms, and a basement parking garage. This smart city IoT infrastructure project required each tenant to have different operating hours, employee schedules, and visitor policies. The previous system used standalone keypads with no centralized management, making tenant move-ins and move-outs a logistical nightmare requiring physical key changes across multiple doors.
JanusAccess was deployed with time-based access rules per tenant: floor-specific credentials, common area access during business hours, and 24/7 access for tenants with after-hours operations. JanusCore provided the building manager with a single dashboard for all 30+ tenants. JanusGate controllers managed each floor entrance, common areas, and parking. Visitor passes with time-limited access were issued through JanusKey at the concierge desk.
A European agritech startup needed a complete agricultural IoT telemetry system for their precision agriculture platform. Their legacy solution used unencrypted HTTP communication, had no device authentication, and could not scale beyond a few hundred sensors. They needed a system capable of handling tens of millions of daily readings across thousands of geographically distributed sensors, with AES-256-GCM encryption and 99.99% uptime.
We designed and deployed an end-to-end encrypted telemetry pipeline built on ESP32-based sensor nodes communicating over LoRaWAN to Bifrost gateway devices, which aggregated and forwarded encrypted data over MQTT TLS to a Python/FastAPI backend. AES-256-GCM encryption protected every packet from soil sensor to cloud database. A multi-tenant backend architecture provided real-time dashboards, automated alerting, and command-and-control capabilities.
A supply chain logistics company deployed 500+ wireless environmental sensors across multiple factory floors and distribution centers. The firmware had no remote update capability — each device required physical access for updates, costing thousands in technician time and causing significant operational downtime. They needed a secure OTA update system for IoT supply chain tracking that could update devices remotely without compromising security or risking bricked hardware.
We implemented a complete OTA update pipeline on ESP32-based sensor nodes. The architecture featured A/B partitioning for rollback safety, signed firmware binaries verified before installation, and a staggered rollout system that prevented network overload. The backend managed firmware versions, device targeting, and update status tracking. A fallback mechanism ensured devices could recover from interrupted updates automatically.
A medical device manufacturer needed to transmit sensitive patient monitoring data from bedside devices with firmware-level security to a cloud-based analytics platform. The system had to comply with HIPAA data protection requirements, maintain sub-second latency for real-time alerts, and ensure zero data loss during network interruptions. The existing prototype used basic TLS with no application-layer encryption and had no key management infrastructure.
We designed a defense-in-depth security architecture featuring AES-256-GCM encryption at the application layer with automatic key rotation. A secure key provisioning system injected device identities during manufacturing. The backend implemented encrypted storage with column-level encryption for PHI fields, comprehensive audit logging, and automated compliance reporting. The system achieved sub-200ms end-to-end latency through optimized binary serialization and connection pooling.