Platform Overview

The security governance plane for build, factory, and field.

OnBoard^™ IoT Security (OBIS) is the governance plane that ties firmware, keys, certificates, and factory data — together with the SBOM that traces each firmware to its components — to one product, across CI/CD, factories, and OTA, end to end.

Digital Assets

One product. One source of truth for all asset categories.

Every digital asset your product depends on — keys, certificates, firmware, factory data, security configurations, and more — unified under a single product-centric record. So you always know what's deployed, where, and whether it's still trusted.

Keys

Secure boot keys, secure debug keys, OTA encryption keys.

Certificates

Matter DAC, Google Cast certificates, and other ecosystem identities.

Firmware

Bootloader, application image, TEE firmware.

Factory Data

Serial numbers, manufacturing metadata, Matter-specified factory data.

Security Configurations

Secure boot, secure debug enablement, and lifecycle state transitions.

Traditional tools divide these assets by category. A PKI manages certificates. A KMS manages keys. An SBOM scanner tracks components. Each does its job— but none takes the product as its organizing principle.

So when a signing key is compromised, or a critical CVE surfaces, the question is always the same: which products, which versions, which devices are affected? No siloed tool can answer that. OBIS can.

ARCHITECTURE

One platform. One crypto stack. Cloud to factory edge.

OBIS replaces the patchwork of PKI and KMS with a single platform built around your product — and integrates with the CI/CD and device management systems you already run. Governance, compliance, and cryptographic infrastructure, from cloud to factory edge.

Lifecycle

Build. Factory. Field. 
One cryptographic service across the full device lifecycle.

Build

Signed, bound, versioned.

Firmware signed and SBOM bound at CI/CD. Every release enters the Product Workspace as a governed, versioned artifact.

Manufacturing

Centralized authorization, distributed execution.

OEMs authorize from OBIS cloud; factories execute across global sites. Keys protected, quota-enforced, offline-capable, every device recorded.

Field

Monitored, updated, proven.

Vulnerabilities monitored. Firmware patched, keys and certificates rotated, security configurations refreshed — each device's current state tracked in a living record that serves both engineering and compliance.

OUTCOMES

What changes when you run OBIS.

Visibility

One system of record.

One query returns every affected product, every production batch, and every device currently running credentials signed by that key.

Collaboration

Multi-party, cryptographically bounded.

Your ODM, your contract factory, your software partner — each operates inside the Product Workspace under scoped authorization. The constraint is technical, not contractual.

Continuity

One chain, build to maintain.

Firmware signed at CI/CD. Devices provisioned in authorized factories. Same product, same trust chain from first build to end of service.

Compliance

Evidence writes itself.

An actively exploited vulnerability is confirmed. The CRA's 24-hour early-warning window starts sticking. You run a query — not a scramble. Every action is already assigned, time-stamped record.

Get Started

Put OBIS into your product program.

In 30 minutes, our engineers walk through your compliance targets, your release pipeline, and where OBIS fits — with your security architect, not a sales deck.