Twelve applets, one chip, AID-selectable.
A multi-applet JavaCard platform engineered so one smart card carries FIDO2, PIV, OpenPGP, NDEF, OIDC, biometric variants, secure messaging, IoT applets, and bespoke enterprise behaviour without breaking GP or your personalisation pipeline.
Why JavaCard
Off-the-shelf applets cover the common cases. JavaCard is the layer beneath them — the runtime that lets a single chip host multiple applets, AID-selectable, lifecycle-controlled, GP-managed. When your programme needs custom behaviour on the card, JavaCard is how it gets there.
Applet portfolio
| Applet | Role |
|---|---|
| FIDO2 | WebAuthn / CTAP2 authenticator. |
| PIV | NIST SP 800-73 PIV credential. Smart-card logon, SSH, code-signing. |
| OpenPGP | GPG private keys on-card. |
| NDEF | NFC tag emulation; serves URLs to NFC readers. |
| OIDC | OpenID-Connect-style identity assertion. |
| Bio variants | On-card fingerprint enrolment / verification (CTAP2.1 bio). |
| IoT identity | Hardware-rooted device identity for industrial controllers. |
| Custom enterprise | Bespoke applets for proprietary protocols. |
Multi-applet, one chip
All twelve applets co-resident on a single CC EAL5+ chip. AID-selectable so a reader can pick which one to talk to. Each applet has its own keysets, its own lifecycle state, its own secure-messaging policy. The chip enforces isolation; the applets cannot read each other’s state.
Engineering ground rules
- Allocate in
install(), not inprocess(). - Use
OwnerPINfor constant-time PIN verification. - Wrap multi-field state changes in transactions.
- Use the chip’s crypto coprocessor; don’t implement crypto in JavaCard bytecode.
- Refuse plain administrative APDUs after personalisation; require SCP02/SCP03.
Personalisation
Issuer keys generated under M-of-N inside an HSM. Personalisation under SCP03 secure messaging at the personalisation line, against issuer key sets installed at GP load time. Personalisation script is owned by the issuer; never leaves the line in cleartext.
Related on the AmbiSecure site
Need bespoke applet behaviour on the card?
We’ve shipped FIDO, PIV, payment, transit, and custom applets. The first call is engineering; the first deliverable is a one-page applet design.