Google CAST

Chromecast built-in is a security commitment,
not just a certificate.

OnBoard™ IoT Security (OBIS) is built to that bar — key storage, CA operation, factory provisioning, end to end. Host both CA layers on OBIS, or keep your OEM CA on your existing PKI.

Book a Demo
Security Bar

Built for the Cast security bar.

The Google Cast program carries security requirements across three operational areas. OBIS operates to those requirements end-to-end.

Key Management

Keys never leave the hardware boundary.

OBIS performs every key operation in HSM —with no extraction path, for OEMs or for Snowball operators.
CA Operation

Every signing is authorized and recorded.

OBIS records every signing event with operator, timestamp, and approval chain —exportable as a complete operational record.
Factory Provisioning

Injection runs under authorization, not on trust.

EdgeHSM enforces all three: offline-capable, per-line authorization, encrypted payloads only on the programming station.
TRUST CHAIN

A four-tier certificate hierarchy.

Google operates the Cast root, and each device carries a unique device certificate at the bottom. Between them sit two intermediate layers — OEM CA and Model CA. The Model CA and device certificate issuance always run on OBIS; the OEM CA is the variable.

MULTI-CREDENTIAL PROVISIONING

Cast certificate, plus everything else the device needs.

Devices with Chromecast built-in typically require multiple credentials — Cast, OEM cloud identity, Matter DAC, and OTA/local encryption keys — each provisioned through separate services and workflows. OBIS consolidates them into a single Production Version, provisioned in one production-line step.

BEYOND DAY ONE

The certificate is day one. The platform stays for the rest.

Cast certificates expire and firmware requires ongoing updates, while CRA mandates security support throughout a device’s typical 5–10 year lifecycle. OBIS centralizes certificates, keys, SBOMs, and audit trails in one platform across the full device lifespan.

Lifecycle

factory provisioning

How DACs and full Matter device data are provisioned on the production line — hardware trust anchor, offline-capable injection, signed device records.
Explore
Lifecycle

Secure Update

How OTA updates are signed, authorized, and published to the Matter Distributed Compliance Ledger (DCL) in one step.
Explore
Lifecycle

Compliance & Disclosure

How CRA compliance evidence accumulates automatically from daily operations — no separate compliance project required.
Explore
Industry

Matter

If the device also supports Matter, the Matter DAC and Cast certificate are injected in the same pass.
Explore
Get Started

Ship Chromecast built-in. Skip the audit project.

A 30-minute walkthrough covers your hosting model, your factory setup, and how OBIS maps to the program's security requirements — with your security architect,
not a sales deck.

Book a Demo
Contact Us
Digital trust infrastructure for connected devices and credentials. Built on 13 years in digital credentials and cryptographic infrastructure.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureGoogle CastMatter
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogWhitepapersCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Snowball Technology. All rights reserved.
EN
|
ZH