02 · Provision · Manufacturing phase

Device identity and supply chain integrity.

Verifiable identity and tracking across the fab, OSAT, and OEM/ODM — delivered with a commercial-scale provisioning product that doesn't disrupt the line.

Start provisioning →See Provisioning Service

One product

Provisioning Service.

An HSM-backed appliance on the factory floor, paired with cloud-side endorsement, registry, and monitoring. All the trust, none of the single point of failure.

A · Provisioning Appliance

HSM-backed line-side server

Installed on the factory floor. Handles identity injection, key generation, and tamper-evident log signing at line speed. Offline-tolerant — no cloud dependency at the point of manufacture.

HSM-rooted device identity and key material
Late-binding endorsement — keys minted when needed
Multi-Provisioning Appliance cluster capable for scalable 9's of availability
Works with any root of trust, including BYO

B · Identity Cloud

Cloud-side registry, endorsement & monitoring

Device registry, endorsement authority, tamper-evident logs, and real-time provisioning telemetry.

Auditable, tamper-evidence provisioning ledger
Containerized support for customized ATE support
Real-time telemetry, dashboards & alerting
(upcoming) Post-quantum-ready endorsement pipeline

How it flows

Fab → OSAT → OEM/ODM, one verifiable chain.

Every step signed, every handoff logged, every custody transfer verifiable.

01 · Fab

Identity establishment

During product, devices generate or receive a unique cryptographic identity rooted in the HSM. Device ID is cryptographically bound to any parameters, e.g. die coordinates and logged.

02 · OSAT

Attestation + endorsement

Post-assembly, the appliance attests the device, endorses its identity, and writes an append-only record to the Identity Cloud.

03 · OEM/ODM

Personalization

The OEM/ODM injects device-specific credentials — carrier, payment, firmware keys — tied to the endorsed identity without seeing root secrets.