Google CAST

Google Cast provisioning,
operated as governed infrastructure.

OnBoard™ IoT Security (OBIS) governs Cast certificate operations, provisioning workflows, and lifecycle operations through one operational trust chain — whether OEMs retain their own CA hierarchy or operate through OBIS-managed infrastructure.

Book a Demo
MULTI-CREDENTIAL PROVISIONING

Cast certificate, plus everything else the device needs.

Devices with Chromecast built-in typically require multiple credentials — Cast certificates, OEM identities, Matter DACs, and OTA credentials — each governed across separate operational workflows. OBIS governs them through one provisioning workflow and one operational trust chain.

Security Bar

Built for the Cast security bar.

The Google Cast program defines security requirements across key management, certificate operations, and provisioning workflows. OBIS governs these operational controls end-to-end.

Key Management

Keys never leave the hardware boundary.

All key operations execute inside HSM boundaries with no extraction path for factory operators or platform administrators.
CA Operation

Every certificate operation is authorized and recorded.

OBIS records every certificate operation with operator, timestamp, approval chain, and governed operational records.
Factory Provisioning

Provisioning runs under authorization, not implicit trust.

EdgeHSM enforces offline-capable provisioning, per-line authorization, and encrypted payload delivery directly on the programming station.
TRUST CHAIN

The trust chain behind every Cast device.

Google operates the Cast root, while each device carries a unique device certificate. Between them sit the OEM CA and Model CA layers, which establish operational trust across the provisioning workflow. OBIS governs Model CA operations and device certificate issuance, while OEMs retain flexibility over the OEM CA trust model.

Lifecycle Operations

The certificate is day one. The platform stays for the rest.

Cast certificates expire, firmware requires continuous updates, and lifecycle security obligations now extend across the full supported product lifespan. OBIS governs certificates, keys, SBOMs, provisioning records, and operational evidence through the same operational trust chain.

Lifecycle

factory provisioning

How device identities, onboarding payloads, and factory data are provisioned through governed factory operations — hardware trust anchors, offline-capable execution, and signed provisioning records.
Explore
Lifecycle

Secure Update & OTA

How OTA operations are signed, governed, and deployed through the same operational trust chain — rollout authorization, targeting policies, and per-device update records included.
Explore
Lifecycle

Compliance & Disclosure

How operational evidence derives directly from governed lifecycle operations — without separate compliance workflows.
Explore
Use case

Matter

How Matter DACs and onboarding payloads are provisioned alongside Google Cast certificates through the same factory provisioning workflow.
Explore
Get Started

Built for governed Google Cast provisioning and lifecycle operations at scale.

Discuss your certificate provisioning workflow, factory architecture, device authentication model, and operational requirements with the OBIS engineering team.

Book a Demo
Contact Us
Building digital trust infrastructure for connected devices and credentials — backed by 13 years of expertise in digital credentials and cryptographic systems.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureMatterGoogle Cast
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Shanghai Snowball Digital Intelligence Technology Co., Ltd. All rights reserved.
EN
|
ZH