FACTORY PROVISIONING

The factory doesn't need
to be trusted.

Traditional provisioning either exposes key material to the factory or depends on continuous cloud connectivity for every operation. OnBoard™ IoT Security (OBIS) requires neither: OEM-issued authorizations execute locally inside EdgeHSM hardware, allowing provisioning operations to continue even during cloud or network outages.

Book a Demo
Deployment Models

Three deployments.
One architecture.

Every provisioning model today follows one of three paths: cloud-centric, factory-centric, or silicon-centric. Each shifts the balance between operational scale, control, and lifecycle continuity — but all rely on the same underlying architecture deployed in different places.

01 APPROACH

Cloud-Centric Deployment

Control and execution stay inside the provider's perimeter.
Keys remain cloud-hosted, and every provisioning operation depends on live connectivity to the provider. Production continuity becomes dependent on cloud availability and network stability.
Trade: centralized scalability for production-line fragility
02 APPROACH

Factory-deployed PKI service

PKI infrastructure is replicated across factory sites.
Each manufacturing site operates its own provisioning infrastructure, requiring repeated ceremonies, local operational expertise, and factory-side custody of sensitive assets.
Trade: factory autonomy for operational consistency
03 APPROACH

Chip vendor pre-provisioning

Provisioning occurs before the chip leaves the fab.
Security assets are embedded during silicon production, turning security updates and credential changes into supply-chain events while lifecycle operations still remain with the OEM.
Trade: factory simplicity for lifecycle rigidity
Three deployments. One architecture. The problem isn't where the system runsit's the architecture being deployed.
Provisioning Architecture

Cloud decides. Edge enforces.
Records close the loop.

Production authorizations are composed in the cloud, executed locally inside EdgeHSM hardware, and returned as operational records. What crosses organizational boundaries is a signed, bounded, revocable authorization — never key material.

01 AUTHORIZE

Cloud-side authorization.

The OEM issues a production authorization bound by version, factory, quota, and validity, then delivers it directly to the target EdgeHSM.
02 Execution

Edge-side execution.

EdgeHSM executes provisioning locally — deriving keys, issuing certificates, and injecting credentials — while hardware-enforced quotas and expiry maintain operational control.
03 RECORD

Operational records.

Every provisioned device produces a production record — identity, firmware version, factory, line, and timestamp — automatically synchronized when connectivity returns.
Lifecycle Operations

Secure debug — locked by default,
unlocked by authorization.

Factories are imperfect. Devices require rework, diagnostics, updates, and failure analysis throughout their lifecycle. Secure debug must remain available when needed — but only under OEM authorization, only for specific devices, and never as a standing backdoor.

DEFAULT STATE

Locked by default. No shared secrets.

Devices leave provisioning with secure debug disabled and no permanent recovery path exposed outside the chip's hardware security model.
AUTHENTICATED UNLOCK

Per-device authorization.

OEM-authorized debug sessions are verified per-device using the same authorization model that governs provisioning credentials. Every unlock is scoped by device, operation, and time window.
Pre-embedded assets

Same trusted provisioning channel

Once authorized, devices can be re-flashed, re-provisioned, and analyzed through the same operational trust channel used during provisioning — without exposing plaintext keys.
One provisioning pass establishes the operational trust foundation for the entire device lifecycle.
Provisioning Stack

Operational infrastructure for trusted provisioning.

Authorization-based provisioning requires coordinated infrastructure across cloud authority, factory-edge execution, and production-line orchestration. OBIS delivers the full operational stack pre-integrated.

01 · Hardware trust anchor

EdgeHSM

CC EAL 5+ certified hardware deployed at the factory edge. Cryptographic operations, quota enforcement, signing, and key derivation execute entirely inside the hardware boundary.
02 · Provisioning Orchestration

Factory Service

Coordinates cloud authorizations, programming stations, MES integration, and device-level production records across factory operations.
03 · Provisioning Execution

Programming Station Software

Runs locally on programming stations while remaining centrally deployed and updated from the cloud. Operational telemetry synchronizes automatically for centralized review.
04 · Reference Integrations

Chip Reference Designs

Reference integrations for common MCU, MPU, and secure element families — adaptable to OEM-specific products and production environments without locking provisioning flows to a silicon vendor.
Get Started

An architectural decision,
not a procurement timeline.

The operational trust architecture OEMs choose today will define how securely connected products can be provisioned, updated, and governed at scale over the next decade.

Book a Demo
Contact Us
Building digital trust infrastructure for connected devices and credentials — backed by 13 years of expertise in digital credentials and cryptographic systems.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureMatterGoogle Cast
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Shanghai Snowball Digital Intelligence Technology Co., Ltd. All rights reserved.
EN
|
ZH