Secure Factory Provisioning

Provisioning refers to the injecting of security credentials into a device. Depending on customer need and manufacturing environment, SEALSQ provides various options such as provisioning on chip, provisioning on Printed Circuit Boards or on final Device before shipping.

SEALSQ Secure IoT Device to Cloud Solution

SEALSQ Secure IoT Device to Cloud Solution

With SEAL SQ Public Key Infrastructure (PKI) solutions called INeS ™, you get exactly what you need to manage keys and certificates and maintain a trustworthy networking environment — all from a trusted partner with more than 20 years of industry expertise.


Fill the form download your report


Device identities and their lifecycle management are technically complex and challenging to implement. This makes effective device identity management a key factor in the Total Cost of Ownership (TCO) of secure lot infrastructures. Our Trust Services simplifies device production and distribution chain, and fully automates the process of assigning keys and certificates to loT devices. They can be used with any device or pre-integrated on our VaultIC" Secure Elements.

Web Trust
ISO 27001

Key Benefits

Picto SEAL SQ - Tamper Resistant (1)

Device Support

Besides its Secure Elements, SEALSQ supports a wide variety of Security-enabled microcontrollers and microprocessors.

Picto SEAL SQ -  sealsq market ready chain of trust

X509 Certificates

SEALSQ supports you when using 3rd party Certificates & your data, or we can supply a full solution (INeS) including X509 Certificates.

Picto SEAL SQ - Flexible (2)

Flexible Business Models

SEALSQ applies a per-unit provisioning charge but can also provide a dedicated solutions including HSM/Secure Programming to fit within your manufacturing environment.

Picto SEAL SQ - Scalable-1


Seamless transition from prototype to high volume. SEALSQ enables you to start with low volume pre-production, and ramp up to full production by using our provisioning solutions.

SEALSQ Factory floor provisioning

Digital Identity during greenfield device Manufacturing

SEALSQ enhances the security of any connected system by offering the provisioning of Identities as a service. Once generated by SEALSQ or its customers, Trusted Identities can then be individually injected into the chips, into the electronics boards at customer or subcontractor premises. The secure web portal gives customers a way to completely configure and track their provisioning.

Secure data generation fully supports the PKI certificate signature by a Factory Certificate Authority (CA), allowing this PKI specific trust hierarchy. To make this flexible, SEALSQ has defined various trust configurations involving various CA levels. As a trust partner, SEALSQ can operate this CA. As a service, SEALSQ can also help its customers to operate their own private CA and define their own PKI architecture.

Identity provisioning from Root to Device 
- with SEALBOX

Secure and simplify the personalization process
• Remove room for human errors
• Ensure trust in the manufacturing operations Automate & Scale
• Fully automate the personalization and provisioning operation
• Fit with volume increase in production Cost Effective
• Aggregate various data from different sources at same step.
• Shorten manufacturing time cycle Flexible
• Can be used with any device or chipset
• Easily integrated with most of programming equipment and test bench

Diagramme dataflow for wafer-1

SEALSQ Secure Element Pre-Provisioning

SEALSQ Secure Element Pre-Provisioning

It is not easy for special facilities to be set up within the factory environment that are accessible to limited personnel to do the key injection. But increasingly, organizations are concerned about untrusted factory environments, especially by third parties in low cost geographies, where not all factory floor workers can be trusted to have access to sensitive keying material.

To sidestep these various problems, the best choice for key injection is the Secure Element supplier, because they are the ones best equipped to establish a silicon-based root of trust and can perform key injection as part of a secure manufacturing process. With the combination of  VaultiTrust secure provisioning services, SEALSQ is ideally suited to simplify your supply chain.

Key Features 

Picto SEAL SQ - Scalable

Key Protection

Secure factory Provisioning Service ensures that secrets, keys are not exposed or manipulated when provisioned at manufacturing time  

Picto SEAL SQ - APIs and integration

Support Various Chips

During manufacturing, Secure Provisioning Service injects securely secrets, keys and birth certificates, with different configurations for different products MCU or Secure Element 
Picto SEAL SQ -  Complete visibility

Flexible Use Case

Secure Provisioning Service can support following use cases: Data protection and privacy, Secure cloud onboarding (TLS), Safer smart homes (Matter), Secure access control and Safe software updates (Code Signing)

Picto SEAL SQ -  Automated provisioning

Protects From IP Theft

Secure Provisioning Service controls the production of IoT devices during their manufacturing to ensure that only legitimate devices populate the market.

Picto SEAL SQ -  Lightweight INeS agent

Manage Supply Chain

Secure Provisioning can generate white lists or blacklists of devices and is compatible with existing equipment in factories.

Picto SEAL SQ -  anaged PKI for Factory batch requirements and on-line

Protects Firmware Updates 

Secure Provisioning can answer to supply chain issues like protecting IP when using an untrusted contract manufacturer (CM)