Practical, code-first writing on hardware-rooted security.
Current engineering content from the AmbiSecure team — FIDO, WebAuthn, JavaCard, DESFire, SAM-backed transit, passwordless rollouts, smart-card lifecycles. Each piece is written by someone who has shipped the thing they are writing about.
Latest engineering
Embedded Secure-Element FIDO2 Authenticators for Enterprise Identity
FIDO2 inside a nano-card and MFF2 secure element. Roaming or embedded, enterprise identity, deployment economics for production rollouts.
PIV Smart Cards vs USB Tokens vs Embedded Secure Elements
Workforce identity credential matrix. Lifecycle, physical-logical convergence, certificate workflows.
Designing Secure Email and Document Signing Platforms
S/MIME, PDF/PKCS#7, hardware-backed credentials, Long-Term Validation, the trust-list problem.
Building Secure IoT Identity with Security Applets
Five JavaCard applets — provisioning, attestation, mTLS, signed update, key rotation — on a CC EAL5+ SE.
Engineering ePassport Issuance and Identity Platforms
ICAO 9303 architecture — CSCA/DSC PKI, LDS, enrolment, personalisation, inspection-system reference.
How to Choose Between Smart Cards, FIDO Tokens and Passkeys
Decision-grade comparison — threat model, lifecycle, recovery, and the choice that fits each deployment.
Secure Element vs TPM vs HSM — Where Each Fits
Three classes of hardware key-storage. What each is for, what each refuses to do, how to choose.
Designing Secure Credential Lifecycle Management
Issuance, rotation, recovery, revocation. The operations-grade view of every credential programme.
Why Transit Validators Need Offline Trust Architecture
What it takes to keep collecting fares when the backend is down — SAM-backed, validator-authoritative.
JavaCard Applet Development for Enterprise Identity
What it takes to ship an applet — AID design, lifecycle, secure messaging, personalisation, mistakes to avoid.
PKI Credential Issuance for Workforce and Government
RA, CA, key custody, attestation in the issuance flow, lifecycle, audit. Architecture you can defend.
How FIDO Authentication Works
An explanation of FIDO2 / WebAuthn that doesn’t need to keep apologising for the spec.
Where Your AmbiSecure FIDO Key Works
Practical overview of the services and platforms that accept FIDO2 / WebAuthn in 2026.
Cyber Security Threats — What Actually Matters in 2026
The threats that drive identity and hardware-credential decisions today — phishing, MFA bypass, SIM swap, more.
Implementing FIDO2 Authentication — A Complete Developer Guide
A practical, code-first walk through FIDO2 registration and authentication, attestation, and the bits people get wrong.
Designing Enterprise Passwordless Systems
What an end-to-end enterprise rollout looks like — IdP integration, recovery, mixed authenticator fleets, AAL3 architecture.
Passkeys vs Traditional MFA
Where passkeys actually replace MFA, where they don't, and how to think about device-bound vs synced credentials in enterprise.
Platform vs Roaming Authenticators
When to standardise on the Yubikey-style external authenticator vs the device-resident platform authenticator. Tradeoffs.
Understanding WebAuthn Attestation Objects
Walk a real attestation object byte by byte. AAGUID, COSE keys, attestation statement formats, and what to verify.
Why Hardware-Backed Identity Matters
What hardware-bound credentials buy you that software ones don't. Threat models, attestation, deployment realism.
APDU From First Principles
ISO 7816-4 APDUs explained: CLA, INS, P1/P2, Lc, data, Le, status words. With real DESFire/JavaCard examples.
DESFire EV1 vs EV2 vs EV3
How the DESFire family has evolved, what changed at each tier, and how to reason about legacy vs modern deployments.
Designing Low-Latency Secure Transit Validators
Why transit validators need offline trust, sub-300ms response, and SAM-backed attestation. With real numbers.
Why SAMs Matter in Closed-Loop Transit
Secure Access Modules in transit reader design, when to use them, and where they earn their cost.
Top 3 Benefits of MFA
A clear-eyed look at what MFA actually buys you in 2026 — and where it doesn't help.
Why Use Multi-Factor Authentication
An updated, technically-grounded answer to why MFA is still worth the friction.
Looking for something older?
The engineering archive preserves 24 AmbiSecure engineering posts from 2017–2025, clearly labelled and cross-linked to current coverage where it exists.