Government & defence.

PIV-style credentials, eID, civil-servant authentication, sensitive-data signing. Audit-grade issuance flows that survive the certifier’s second look.

What we ship

OnePass Card

Smart card with FIDO2 + optional PIV applet for government workforce auth.

View product →

Digital Signature Token

PKI tokens for legally-binding e-signatures on official documents.

View product →

JavaCard development

Custom applets for national-scheme requirements that off-the-shelf doesn’t cover.

View service →

Why this work is different

Government deployments care less about latency than transit and more about provenance. Every key has a documented chain of custody. Every personalisation event is logged, with split-knowledge custody and dual control. Every revoked credential is settled within an hour, not at end-of-shift. The cards have to last a decade in someone’s wallet without maintenance.

That ruleset doesn’t change the architecture much — it changes the operating model. We have shipped to operators with that operating model.

Working on a national / departmental scheme?

Ambimat carries security clearances and audit posture appropriate to government work.

Talk to engineers