Platform Overview

The cryptographic foundation,
built for devices and credentials.

OnBoard Secure Infrastructure (OBSI) brings PKI, KMS, and SEMS under one Workspace model — the same authorization semantics on cloud HSM or EdgeHSM. Authorization moves. Key material stays.

Book a Demo
Device Security

What IoT devices demand from cryptographic infrastructure.

Four needs, one principle: authorization moves, key material stays.

One acceptance layer across standards.

Device identity depends on certificates. Secure communication and data protection depend on keys. Both follow the same device lifecycle —managing them in two separate tools means manually maintaining consistency across systems that do not know about each other.

Keys and certificates must flow across organizations without transferring ownership

Device supply chains involve multiple parties — OEMs, chip vendors, contract factories, and service providers. Cryptographic assets need to be used across organizational boundaries while ownership stays with. Authorization moves; assets stay.

Factory-line cryptographic operations need a hardware trust boundary

Manufacturing a secure device means three things happening on the production line: issuing certificates based on device-generated key pairs ,injecting symmetric keys through secure channels, and verifying that each CSR genuinely originates from a legitimate chip. These operations must execute within a trusted hardware boundary.

Secure elements need multi-party orchestration, not only lifecycle management

IoT devices increasingly rely on secure elements. A single SE chip may carry keys, certificates, and applications belonging to multiple parties. From pre-personalization through applet management to credential rotation, the requirements span hardware, applet, and credential lifecycle — a scope conventional KMS and PKI tools were not designed to cover.
OBSI addresses each — PKI for certificates, KMS for keys, SEMS for multi-party SE orchestration on top of full lifecycle management, and EdgeHSM for the factory-line hardware boundary. One principle across all four: authorization moves, sovereignty stays.
Architecture

Cloud defines. Hardware executes.

OBSI separates what should happen from where it happens. PKI, KMS, and SEMS define cryptographic policies in the cloud — which keys to use, which certificates to issue, how to configure each secure element. EdgeHSM receives these policies and executes them in hardware at the factory floor or enterprise edge.
Each service operates within its own Workspace — the boundary that defines who can do what. A Product Workspace in OBIS references keys, certificates, and SE profiles from PKI, KMS, and SEMS Workspaces — it does not take ownership. Authorization is granted, revised, or revoked at the Workspace boundary — no material is re-issued, copied, or relocated.
Two carriers, one Workspace
PKI, KMS, and SEMS run on certified cloud HSM infrastructure by default. Where the cloud doesn't reach — factory floors, regulated edge, fully on-premises stacks — EdgeHSM provides the same operations inside its own hardware boundary. The Workspace is identical on both: same authorization policy, same audit, same references. Carrier choice follows your data sovereignty and connectivity needs, not the platform's logic.
PKI manages device certificates. KMS manages device keys. SEMS manages secure elements. EdgeHSM executes cryptographic operations at the edge.
Products

Four products. One foundation.

PKI manages device certificates. KMS manages device keys. SEMS manages secure elements. EdgeHSM executes cryptographic operations at the edge.

01

PKI

Device certificate infrastructure.
CA topology shaped to your supply chain. Chip-level CSR verification confirms that the private key never left the device. 50+ industry protocol certificate profiles ready out of the box.
Explore PKI
02

KMS

Device key infrastructure.
Symmetric keys, asymmetric keys, and secure channel keys — governed as one. When organizations collaborate, what moves is authorization, not keys.
Explore KMS
03

SEMS

Secure element management.
Full lifecycle management for SE chips. Multiple parties coexist securely on the same element, each retaining sovereignty over their own keys.
Explore SEMS
04

EdgeHSM

The hardware trust anchor.
Cloud defines the policy. EdgeHSM executes it at the edge. Provisions device MCU/MPU and SE chips. Hardware-enforced rules that cannot be bypassed.
Explore EdgeHSM
Get Started

See the foundation under your devices.

Whether you're preparing for CRA compliance, scaling factory provisioning, or issuing credentials across wallets and devices — let's talk about how OnBoard™ fits your roadmap.

Book a Demo
Contact Us
Digital trust infrastructure for connected devices and credentials. Built on 13 years in digital credentials and cryptographic infrastructure.
IoT Security
OverviewSecure Build & ReleaseFactory ProvisioningSBOM & VulnerabilitySecure Update & OTACompliance & DisclosureGoogle CastMatter
Mobile Credentials
OverviewTransitAccessDigital Car Key
Resources
OverviewBlogWhitepapersCase Study
Company
About UsPartners
Privacy PolicyTerms Of ServiceCookie Policy
© 2026 Snowball Technology. All rights reserved.
EN
|
ZH