Device Attestation for Matter

Integrating a Matter Digital Attestation Certificate (DAC) into your device is fast and easy with INeS platform


Device Attestion Certificate for Matter Standard

Our managed PKI, INeS, enables companies to get scalable access to Device Attestation Certificates, letting them join the Matter ecosystem with confidence and ease. SEALSQ can also be your strategic security partner throughout your entire product lifecycle.

Logo-partenaireMATTER-csa (1)
Picto SEAL SQ -  Security


Device Attestation Certificates (DACs) issued from trusted PKI roots provide encryption, identity, and authentication to devices.

Picto SEAL SQ -  reliability


Local connection over Wi-Fi or over Thread enables security and consistent interactivity, even when cloud access isn’t possible.

Picto SEAL SQ -  interoperability


Native communication and operation between any Matter-compliant device and any hub from any manufacturer.

Picto SEAL SQ - Easy to implement


Easy to buy, easy to set up PKI, easy to generate and deploy certificates.


The Challenge: The complexity of creating and maintaining a PAA

All Matter devices are required to use an attestation keypair and an X.509 certificate signed by a Trusted Certificate Authority (CA) called also Product Attestation Authority (PAA). That means the first step in obtaining Matter compliance—and shipping Matter-certified devices—is to obtain a Matter-trusted device attestation certificate for each device. Becoming a trusted PAA is no small task.



The Solution: INeS SaaS Platform to deliver Matter DACs

WISeKey, is an approved Product Attestation Authority (PAA) for Matter, the standard developed by the Connectivity Standard Alliance (CSA) for delivering seamless interoperability and a common security framework to devices. As a subsidiary of WISeKey,  SEALSQ can provide CSA members with the Product Attestation Intermediate (PAI) and Device Attestation Certificates (DACs) required to be Matter compliant. SEALSQ’s Managed PKI solution INeS provides the convenient interface and tools in SaaS mode to operate your PAIs in an easy and efficient way.

Picto SEAL SQ -  sealsq market ready chain of trust

SEALSQ’s market-ready chain of trust

A Product Attestation Intermediate, chaining up to SEALSQ/Wisekey’s approved and trusted root for Matter.

Picto SEAL SQ -  certificate issuance

Certificate issuance

Device Attestation Certificate issuance with INeS, with flexible features such as batch enrollment, manufacturing centric workflows.

Picto SEAL SQ - Public cloud integration

Public cloud integration

INeS CMS integrates with public cloud services like AWS IoT Core and Azure DPS/IoT hub. IoT devices can easily onboard to a public cloud by using the certificates issued by INeS CMS for device attestation.

Picto SEAL SQ - Open interfaces support

Open interfaces support

RESTful APIs and EST enrolment are available for automating the certificate enrolment process and managing the life-cycle of devices. 

Picto SEAL SQ - Client library support

Client library support

Client library and sample code are supported in different programming languages.

Picto SEAL SQ - Tamper Resistant

Secure Storage & Provisionning

Private keys can be provisioned and stored securely in Vault IC secure elements 

SEALSQ Whitepaper - INeS PKI-aaS platform for managing the DAC for Matter_v1.1-1

Using INeS PKI-aaS Platform to manage Matter DAC

SEALSQ provides a complementary solution on PKI that is required for Matter smart home devices during the secure onboarding process...


Download E-book