FACTORY PROVISIONING

The factory doesn't need
to be trusted.

Traditional provisioning either entrusts the factory with key material or depends on constant cloud connectivity for every operation. OBIS requires neither: OEM-issued authorizations are executed securely in hardware at the factory, so control remains with the OEM — and production continues even when the network doesn't.

Book a Demo
The Tradeoffs

Three approaches on the market.
One architecture underneath.

Every OEM provisioning system today follows one of three paths: a cloud service, a factory-deployed system, or chip vendor pre-provisioning. Each trades off security and operational scale differently. None resolves the underlying tension, because all three are simply the same tool deployed in different places.

01 APPROACH

Cloud PKI service

Control and execution both sit inside the provider's perimeter.
Keys live in the cloud. Every device on the line takes a round-trip to the cloud for signing. A single cross-border outage can halt every connected line at once — and in the middle of the night, the path to a fix runs through another organization's on-call.
Trade: scale of service for production-line fragility
02 APPROACH

Factory-deployed PKI service

Control and execution both sit inside the factory's perimeter.
PKI and HSMs are installed in each factory under an OEM key ceremony. Each site runs its own PKI, and consistency requires repeated ceremonies. Certificate rollovers and incident response depend on expertise factory teams often lack. Once loaded, keys sit in the custody of teams the OEM does not employ.
Trade: production-line autonomy for fleet-wide consistency
03 APPROACH

Chip vendor pre-provisioning

Control and execution both sit inside the silicon vendor's process.
The OEM defines a provisioning profile; the silicon vendor loads keys before the chip leaves the fab. The factory step is reduced to wiring, and every silicon–key–certificate combination becomes a non-returnable SKU. Security changes become multi-week cycles instead of software updates. The lifecycle ends at the chip facility — rotation and updates fall back to the OEM.
Trade: factory simplicity for portfolio rigidity and lifecycle gaps
Three deployments. One architecture. The failure isn't where you deploy it — it's what you're deploying.
Architecture

Cloud decides. Edge enforces.
Records close the loop.

Every production authorization is composed in the cloud, executed in tamper-resistant hardware at the factory, and returned as a production record. What crosses between them is a bounded, signed, revocable authorization — never key material. One closed loop across two organizations.

01 AUTHORIZE

Cloud-side authority.

The OEM issues a production authorization — bound by version, factory, quota, and validity — and pushes it directly to the target EdgeHSM. No human courier, no email, no USB drive.
02 Execution

Edge-side execution.

Once authorized, EdgeHSM performs the full provisioning pass locally — deriving keys, issuing certificates, and injecting credentials. Quota and expiry are enforced by hardware, not policy files.
03 RECORD

Evidence back to the cloud.

Every provisioned device produces a production record — firmware version, device identity, timestamp, factory, line — captured at the moment of provisioning. The record syncs to the cloud automatically when connectivity returns.
STACK

A complete stack, pre-integrated.

Authorization-based secure manufacturing requires an execution stack for factory and production line. OBIS delivers it ready to run — no assembly required.

01 · Hardware trust anchor

EdgeHSM

CC EAL 5+ certified hardware, deployed on the factory floor. All cryptographic operations — quota enforcement, signing, key derivation — execute inside the hardware boundary, so factory-side compromise cannot bypass them.
02 · Flow orchestration

Factory Service

The bridge between OEM policy and factory floor. Receives cloud authorizations, coordinates programming stations, interfaces with existing MES, and collects device-level production records.
03 · Last mile

Programming Station Software

Runs on the programming station PC. Deployed and updated remotely from the cloud, keeping production-line software in sync without manual installation. Operational telemetry syncs back for centralized review.
04 · SILICON STARTING POINTS

Chip Reference Designs

Reference integrations for common MCU, MPU, and secure element families — a working starting point that OEMs adapt freely to fit their specific products and production environment, without being locked into any silicon vendor's flow.
LIFECYCLE

Secure debug — locked by default,
unlocked by authorization.

Factories aren't perfect. Software has bugs. Engineers make mistakes. Modules get repurposed for different products. Devices need rework on the line, log collection and updates in the field, and failure analysis back at engineering. Every one of these needs the same thing: secure debug, unlocked — but only under OEM authorization, only for the specific devices that need it, never as a standing backdoor.

DEFAULT STATE

Locked at the factory, no shared keys.

Devices leave the line with secure debug locked — no permanent way back in. This lock is not a changeable setting, but is enforced by the chip's security architecture.
AUTHENTICATED UNLOCK

One device, one authorization, one window.

When the OEM authorizes a debug session, the device's secure debug credential is verified per-device under the same authorization model used to issue its original credentials. Each unlock is scoped to specific devices, operations, and time windows.
Pre-embedded assets

Same channel as initial provisioning.

Once unlocked, firmware can be re-flashed, credentials re-provisioned, and logs extracted — all through the same channel as initial provisioning, with no plaintext keys ever crossing the programming station.
One production pass delivers everything the device needs today — and everything it will need for the next decade.
Get Started

An architectural decision,
not a procurement timeline.

The device identity architecture OEMs choose today will define what they can deliver securely and reliably at scale over the next decade. If your supply chain resembles this model, contact us.

Book a Demo
Contact Us
Digital trust infrastructure for connected devices and credentials. Built on 13 years in digital credentials and cryptographic infrastructure.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureGoogle CastMatter
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogWhitepapersCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Snowball Technology. All rights reserved.
EN
|
ZH