ENTRUST D2.2 ENTRUST Reference Architecture – Final Release

Deliverable D2.2 is dedicated to the documentation of the final reference architecture of the ENTRUST framework, building upon the initial definition provided in D2.1, towards providing a complete Trust Assessment solution for ensuring the trustworthiness of Connected Medical Devices (CMDs) throughout their lifecycle. Thus, we first provide a description of the final architecture considering the advancements in all technical components and the interactions between them, and we provide a complete action workflow of the ENTRUST framework throughout its three core operational phases, i.e., Manufacturing, Pre-deployment, and Runtime. Then, for each technical component, we provide detailed information flows, focusing on the interactions between components and their positioning within the ENTRUST. Next, we provide a refined list of Framework, Security, and Operational requirements of ENTRUST, as well as a final list of KPIs that will guide the evaluation activities, and their mapping with the requirements they evaluate. We also define the Most Valuable Product (MVP) of ENTRUST, including a set of "must- have" and "should-have" requirements. We conclude with a comprehensive construction of the threat landscape of ENTRUST following a top-to-bottom methodology, starting from a generic list of most prominent threats and mapping these threats with the practical, real- world scenarios identified by the use case demonstrators.