Secure Update & OTA

From provisioning to the last OTA — one trust chain.

OnBoardTM IoT Security (OBIS) extends governed release and provisioning trust into ongoing OTA operations — covering firmware updates, credential rotation, and security configuration changes through one operational workflow.

Book a Demo
Lifecycle Operations

Three update types. One governance flow.

Firmware updates, credential rotation, and security configuration changes follow different operational triggers — but remain governed through the same operational trust workflow across the device lifecycle.

01 · Firmware update

Update deployed releases.

Triggered by vulnerability remediation or feature delivery. Governed release artifacts and SBOM traceability extend continuously across OTA operations.
02 · Credential Rotation

Rotate the credentials.

Triggered by certificate expiration, cryptographic policy updates, or algorithm migration across deployed products.
03 · Configuration update

Update device policy.

Triggered by security policy updates, regional requirements, or operational parameter changes.
Operational Architecture

What the factory embeds. What the device carries.

These lifecycle capabilities originate from provisioning-time trust establishment. Provisioned identity, credential boundaries, and update governance are established during provisioning and carried forward across the deployed lifecycle.

A · Targeting

The device knows who it is.

Provisioned device identity enables OTA targeting by product variant, region, lifecycle tier, and operational policy without relying on a centralized device registry.

B · Multi-party management

One owner. Multiple operators.

Provisioning establishes independent management credentials and operational boundaries before deployment, allowing multiple service roles without shared trust domains.
C · Tracking

Operational state stays current.

Device state records continuously track firmware, credentials, configuration, and remediation status across the deployed lifecycle.
Delivery Architecture

Separate delivery infrastructure from trust governance.

OBIS governs signing integrity, authorization, and deployment coverage independently from the OTA transport layer — allowing existing delivery infrastructure to remain in place.

The delivery channel transports the package; trust remains anchored between the device and OBIS. Existing OTA infrastructure continues to operate without becoming part of the trust boundary.
Get Started

Built for long-term device lifecycle operations at scale.

Discuss your OTA architecture, credential rotation strategy, update governance model, and deployed-device operations with the OBIS engineering team.

Book a Demo
Contact Us
Building digital trust infrastructure for connected devices and credentials — backed by 13 years of expertise in digital credentials and cryptographic systems.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureMatterGoogle Cast
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Shanghai Snowball Digital Intelligence Technology Co., Ltd. All rights reserved.
EN
|
ZH