Onboard™ KMS

One KMS for every key your devices depend on.

The KMS module of OnBoard Secure Infrastructure (OBSI) manages every key IoT devices depend on — symmetric, asymmetric, and the Global Platform secure channel keys that personalize secure elements. All keys are generated and used within the HSM hardware boundary; plaintext key material never leaves.

Book a Demo
Lifecycle

Key lifecycle — organized around products and devices.

OBSI KMS governs key lifecycle the same way every KMS does — and additionally exposes key status through product and device references. Key status goes beyond active-or-not — it answers which products and how many devices are using each key. When a key is compromised, the blast radius surfaces from any single query — no cross-system reconciliation.

KEY SOURCES

OBSI-managed

Generated inside the HSM hardware boundary. Governed by OBSI from creation. The default model — ready to use out of the box.

Enterprise BYOK

Keys generated in your own trusted environment, securely imported into OBSI. You generate, OBSI governs —usage policies, authorization, and audit apply identically.

Cloud-native BYOK

Keys remain in your cloud KMS. OBSI invokes cryptographic operations through authenticated APIs without ever accessing raw key material. OBSI's governance layer on top.
Three sources, one governance plane. Regardless of where a key originates, the lifecycle management, authorization policies, and audit trail are identical. Where you keep your keys, OBSI provides the governance— usage policies, authorization chain, audit — without taking custody.
Collaboration

Two modes. One principle: key material is never exposed.

Remote usage authorization

Keys stay put. Partners invoke cryptographic operations through authorized channels — requests go out, results come back. Key material never leaves the owner's hardware boundary. Fits any scenario with network connectivity between parties.

Edge-delegated usage

Keys travel in encrypted form to the authorized party's hardware boundary — typically a factory EdgeHSM — where usage rules (quota, validity period, operation scope) are defined by the owner and enforced by the receiving hardware. Fits factory and field scenarios that require local execution.
In both modes, key sovereignty does not transfer. The only difference is where execution happens.
Get Started

See how your keys stay sovereign across your supply chain.

A 30-minute demo covers key sources, cross-organization collaboration, and device key injection.

Book a Demo
Contact Us
Digital trust infrastructure for connected devices and credentials. Built on 13 years in digital credentials and cryptographic infrastructure.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureGoogle CastMatter
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogWhitepapersCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Snowball Technology. All rights reserved.
EN
|
ZH