Onboard™ Access

Bring access credentials
to mobile

OnBoard™ Access Credential supports enterprise, residential, hospitality, campus, home, and device access — bringing Wallet Key credentials into existing access environments without replacing readers, locks, or back-end access systems.

Book a Demo
Proven AT SCALE

Trusted by the industry.

12M+
Digital access credentials issued
20+
Mobile OEMs connected
2,000+
Mobile device models supported
DESFire , Aliro
Credential standards supported
ACCESS SCENARIOS

People do everything on their phones.
 Access should be no different.

Scenario
Today
With Mobile Wallet Key
Enterprise
Access cards are printed, issued, and retrieved by hand. Lost card means replacement and permission updates. When someone leaves, access has to be manually revoked and the card recovered.
Employees tap phone or wearable to access doors, elevators, and more. Credential issued before day one. Revoked the moment employment ends. Nothing to print, nothing to hand back.
Residential
Residents visit the property office to get their access card. Losing it means going back to apply for a replacement and paying a fee. Forgetting it means waiting at the gate or calling for help.
Resident key sent to phone or wearable when they move in. If the phone is lost, access is suspended remotely. No card to lose, no office visit, no waiting at the gate.
Hospitality
Guests arrive and wait at the front desk for a key card. Lost card means another trip to reception. Extending a stay means going back for a new card.
Room key sent to phone or wearable at check-in. Guests go directly to their room. Key updated or extended remotely. No card to collect, no queue, no front desk visit.
Campus
Separate credentials for dorms, libraries, dining, and facilities. Managed across students, faculty, staff, and visitors — often across disconnected systems.
One credential for every door, every facility, every service on campus. Issued to students, faculty, staff, and visitors through one platform. Updated when roles change, revoked when access ends.
Home
Physical keys get lost or copied. Fingerprint readers aren't reliable for young children or elderly users.
Tap phone or wearable to unlock. No key to carry, no fingerprint required. Works for every family member.
Device Access (e.g. electric scooter)
Physical keys or card keys can be lost. App-based Bluetooth unlock works, but requires unlocking the phone, opening the app, and waiting for the connection.
Tap phone or wearable to unlock instantly. No app to open, no connection to wait for. Share access key with others remotely when needed.
ARCHITECTURE

Platform Architecture

OnBoard™ Access Credential is built as a credential platform for all access scenarios, not as a replacement for existing access systems.

The Credential Data Preparation System manages credential protocol specifications, including DESFire, Aliro, and private credential formats.
The Access Rule Engine manages access control rules for each credential.
The Credential Management Service and Credential Provisioning Service manage credential lifecycle and issuance into mobile wallets.
The platform connects to mainstream Mobile OEM wallet ecosystems across phones and wearables.
CAPABILITIES

Core Capabilities

Deploying CCC digital keys is a long-term operational commitment — spanning security infrastructure, vehicle programs, mobile wallet ecosystems, factory production, and service lifecycle management.
OnBoard Digital Car Key unifies the capabilities required to manage this complexity at production scale.

One acceptance layer across standards.

Keep existing systems in place
Existing access control systems, permission models, reader infrastructure, and physical card operations can stay in place. Operators connect through API, SDK, or portal, and the platform turns approved access rights into mobile Wallet Key credentials.
Manage the access credential lifecycle
The platform supports the lifecycle operations required for mobile access credentials: provisioning, pass updates, suspension and resume, removal, recovery, device migration, and event notifications. These operations cover operator-initiated changes, such as offboarding or permission updates, as well as user and device events, such as lost phone, device replacement, pass removal, or wallet account changes.
Handle Wallet Key provisioning
Provisioning delivers an eligible access credential into a user's phone or wearable. The platform supports Wallet Key provisioning models including In-App, Web, Easy, and Push Provisioning where applicable, with eligibility checks, status tracking, failure handling, retry logic, and event records built in.

Credential Data Preparation

The credential data inside a Wallet Key is what allows the reader, lock, or access platform to recognize the phone. The platform protects root keys and certificates, derives user-specific credential data, and delivers it into the mobile wallet — without requiring changes to the existing access infrastructure.
DESFire.
Symmetric key-based credential standard widely deployed in access installations. The platform hosts reader root keys inside its HSM (Hardware Security Module), derives user-specific keys at issuance, and organizes credential data according to the DESFire file structure required by the deployment.
Aliro.
PKI-based open credential standard developed by the CSA (Connectivity Standards Alliance) for interoperable access across phones, wearables, and readers. The platform manages the certificate hierarchy, issues device credentials, and handles trust-chain verification.
Private Credential Protocols.
For deployments using proprietary credential protocols, the platform prepares and delivers credential data according to the format required by the access environment.
Private Deployment and Data Localization.
For operators that require keys and credential data to remain inside their own environment, the platform supports private deployment and regional data localization.

Access Rule Engine

A credential is not just a key — it reflects who can access what, when, and from which device. The platform maps the operator's access rules into each credential instance, while the existing access system remains the source of truth for permissions.
Rule and Permission Mapping.
The platform maps users, roles, sites, reader groups, assets, validity periods, and device limits into each credential. When permissions change, the corresponding credential can be updated, suspended, or revoked accordingly.
Multi-Tenant Isolation.
One access vendor may serve many operators. Each operator may manage many buildings, communities, rooms, devices, or asset groups. The platform supports isolated tenants — separate keys, templates, and lifecycle rules per operator and project — so Wallet Key access becomes a reusable capability, not a one-off integration.
Audit and Visibility.
The platform records credential issuance, device binding, lifecycle events, failure states, and recovery actions — giving operators and support teams the audit trail they need to investigate exceptions and keep programs running.

Mobile OEM Integration

The platform connects credential issuance to the mobile ecosystems where users already are — abstracting OEM differences so access vendors and operators maintain one integration, not many.
Apple and Android OEM Wallets.
The platform connects to Apple Wallet Key as the primary path and provides integration readiness for Android OEM wallets where wallet access capability is available. One integration layer handles OEM-specific provisioning requirements, credential delivery, and lifecycle event processing across phones and wearables — without requiring separate integrations per wallet ecosystem.
SDK and API Integration.
Property apps, access vendor platforms, and operator portals can request credential issuance and lifecycle operations through the platform's SDK and API — without owning wallet or OEM complexity.
CASE STUDY

Niu × Apple Wallet Key

From App Unlock to a Single Phone Tap

About Niu

Niu Technologies (NASDAQ: NIU) designs, manufactures, and sells smart electric scooters, with distributors across 53 countries. In Europe, Niu ranks among the top seven players in the motorcycles and scooters market. Every scooter ships with Bluetooth connectivity and a companion app — but for European riders, the unlock experience was falling short.

The Challenge

Niu's European scooters shipped with a physical key and an app-based Bluetooth unlock. The physical key could be lost or forgotten. The app required unlocking the phone, opening the application, and waiting for a Bluetooth connection — and the experience depended on a network connection.

Beyond usability, Niu's European business had a compliance requirement: credential data and cryptographic keys had to remain within the EU.

What Was Delivered

OnBoard™ moved scooter access into the phone's Wallet. No app, no Bluetooth, no network required.

The credential is written to the iPhone Secure Element through the Wallet Key provisioning flow. The rider taps iPhone or Apple Watch to the lock. The scooter authenticates locally and unlocks.

Cryptographic keys are hosted inside Cloud HSM (Hardware Security Module) of AWS, deployed within the EU. Key derivation happens inside the hardware boundary — nothing sensitive exists in software.

Lifecycle operations — device migration, access suspension, and vehicle transfer — are managed through the platform without requiring a physical key or app reinstall.

Outcomes

Time to launch
6
Supported devices
iPhone
Apple Watch
User experience
Tap to unlock
No app to open No network required
Data compliance
Hosted on AWS EU
Learn More
Get Started

Ready to issue access credentials into mobile wallets?

OnBoard Access Credential · by Snowball Technology · Wallet Key Credential Issuance Platform

Contact Us
Digital trust infrastructure for connected devices and credentials. Built on 13 years in digital credentials and cryptographic infrastructure.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureGoogle CastMatter
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogWhitepapersCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Snowball Technology. All rights reserved.
EN
|
ZH