The increased complexity, extensive verification requirement, shortened time-to-market, and increased manufacturing and test costs have made fabless design houses adopt the horizontal business model where system-on-chips (SoCs) are shipped to outsourced semiconductor assembly and test facilities. However, such a model renders offshore facilities complete control over the manufacturing and test of integrated circuits (ICs), potentially enabling them to perform attacks like IC overproduction, intellectual property (IP) piracy, shipping defective chips into the supply chain, and stealing security assets (e.g., locking keys). In this paper, we propose a novel protocol called POCA, enabling the first power-on chip authentication during wafer sort to securely provision design assets inside the chip. Using POCA, the design house can authenticate the chips on the untrusted manufacturing/test floor and generate a shared secret key with the chip. This key is then utilized to encrypt the secret assets and securely provision them inside the chip after decryption. To the best of our knowledge, POCA is the first protocol that performs authentication at an untrusted foundry and ensures secure communication with the chip during the test. POCA has been implemented for ASIC and FPGA environments and is proven resistant to all possible attacks known to us as of today.