AmbiSecure engineering writing — 2017 through today.
These pieces trace how we have thought about FIDO, smart cards, MFA, transit, and IoT security across nearly a decade of engineering. They sit alongside our newer cornerstone writing — the field has evolved, our thinking has evolved, and where a piece is older we link forward to current coverage of the same topic.
Showing 24 earlier engineering entries, newest first. For the latest engineering writing, see the main blog.
All archive entries
Common Misconceptions about Two-Factor Authentication
Unpacks the most common misconceptions about two-factor authentication — what 2FA actually defends against, where SMS-based codes fall short, and why hardware-rooted second factors hold up under credential-theft attacks.
Single Sign-On Vs. Multi-Factor Authentication
Compares single sign-on with multi-factor authentication — when each model fits, where they overlap, and how SSO + MFA combine for enterprise identity.
Multi-factor Authentication in Government Sector
Why government identity programmes are adopting multi-factor authentication, how MFA holds up against phishing and credential theft, and where hardware-rooted authenticators sit in the stack.
Cyber Attacks in India – Part 3
Part three of a three-part analysis of major cyber attacks in India — closing the series with systemic gaps in incident response, identity hygiene, and hardware-rooted authentication adoption.
Cyber Attacks in India – Part 2
Part two of a three-part analysis of major cyber attacks in India — the attack patterns, the identity weaknesses they exploited, and what enterprise authentication posture would have stopped them.
Cyber Attacks in India
Part one of a three-part analysis of major cyber attacks in India and what they reveal about systemic gaps in online identity, authentication, and incident response.
Enterprise Security Threats
A field overview of enterprise security threats in the cloud era — how the digital attack surface expands as organisations adopt new platforms, and where hardware-rooted identity narrows it.
What is Passwordless Authentication?
A primer on passwordless authentication — what it actually means, how FIDO and biometrics replace shared secrets, and why hardware-bound credentials sit at the centre of the model.
Is Passwordless the future?
Examines whether passwordless authentication can scale beyond pilots — the standards, attack-surface trade-offs, and operational realities that decide its trajectory.
SMS-based OTP Authentication and Its Disadvantages
Why SMS-based one-time passwords are no longer a defensible second factor — SIM-swap attacks, SS7 weaknesses, phishing-prone OTP relay, and the hardware-rooted alternatives.
Taking security future for Government
How governments are moving from password-only access to multi-factor authentication for citizen and employee identity — and where hardware-rooted credentials reshape the threat model.
ePassport and How will chip-based e-Passports work
How chip-based ePassports work in practice — the BAC / PACE access protocols, the CSCA / DSC / PKD trust chain, and the role of the secure element inside the document.
ePassport and Its Application
How biometric passports work in practice — chip-based identity, border-control architecture, and the standards stack that keeps the issuer chain trustworthy.
An Introduction to Java Card Technology
An introduction to JavaCard — how Java-based applets run securely on smart cards and other small-memory secure elements, why the JavaCard runtime model exists, and what it enables for FIDO, PIV, and ePassport applets.
Fast Identity Online (FIDO)
A primer on FIDO (Fast Identity Online) and the Universal Second Factor model — how FIDO replaces shared secrets with hardware-bound credentials and why it changes the phishing-resistance baseline.
Understanding EMV certification In Public Transportation
A practical look at EMV certification in public transport — which certifications apply, the roles of acquirer, scheme, terminal vendor, and transit authority, and the typical timeline from prototype to revenue service.
Workplace Security — How Biometrics Is the Key to the New Normal
How workplace biometrics layer additional security onto existing authentication methods — face / fingerprint / palm, the privacy controls that keep them defensible, and where they sit alongside FIDO and MFA.
Consumer Biometrics in the Data Privacy Age
How organisations can deploy biometric authentication while still meeting modern privacy expectations — match-on-device versus match-on-server, template storage, and the regulatory shape of consumer biometric data.
Securing your IIoT infrastructure
Why industrial IoT infrastructure remains a high-value target — the markets driving adoption, the trust gaps in legacy OT, and how hardware-rooted device identity tightens them.
Public Transport Ticketing System (Part-3)
Part three of the AFC series — comparative notes across the analysed countries, what was common in mature ticketing architectures, and where hardware-rooted secure access modules sit in the stack.
Public Transport Ticketing System (Part-2)
Part two of the AFC series — how Ambimat Electronics has approached automated fare collection: validators, SAM-backed offline trust, and revenue assurance.
Public Transport Ticketing System (Part-1)
First of three articles on automated fare collection — a comparative look at ticketing architectures across advanced economies and large transit networks in Asia.
Challenges to IoT Security (Part 2)
Second of a two-part look at IoT security — practical mitigations: hardware root of trust, signed firmware update, attestation, and device identity carried in a secure element.
Challenges to IoT Security (Part 1)
First of a two-part look at IoT security — how billions of devices communicate with enterprise systems, where the resulting attack surface sits, and the trust anchors that contain it.
Editorial classification — how Ambimat / AmbiSecure / eSIM split content.
This archive lists earlier AmbiSecure-themed engineering pieces. Adjacent topics — cold-chain logistics, hardware-startup notes, UWB rollout, and general electronics — live on the parent Ambimat site, and LPWAN, 5G security, and cellular WAN pieces live on the eSIM Initiative site. Every URL still resolves to the right property.