AmbiSecure Digital Signature Token
A hardware PKI token for legally-binding digital signatures. On-token key generation, PKCS#11 / Microsoft CryptoAPI access, audit-friendly issuance.
When a digital signature has to mean something legally.
Non-extractable key
Signing key is generated on the token and never leaves it. The signature is created where the key lives.
Legal weight
Compatible with eIDAS-style qualified signature flows when paired with a Qualified Certificate Authority and an SSCD/QSCD evaluation.
PKCS#11 / CSP
Works with Acrobat, Office, Outlook S/MIME, and any application that talks to PKCS#11 or Microsoft CryptoAPI.
On-token RSA / ECC
RSA 2048 / 3072 / 4096 and ECC P-256 / P-384. SHA-256 / SHA-384 hashing on the host.
Audit-ready
Issuance, PIN policy, and certificate metadata can be logged. Each token is identifiable by serial.
Simple to deploy
Plug-and-sign. No drivers needed on modern OSes for the standard interface.
What is in the token.
| Form factor | USB-A token, ~40 × 12 mm; ID-000 SIM-cut variant for embedded carriers |
|---|---|
| Interfaces | USB-CCID; ISO/IEC 7816-3 contact |
| Cryptography | RSA 2048 / 3072 / 4096; ECC P-256 / P-384; SHA-256 / SHA-384 |
| API | PKCS#11 v2.40; PKCS#15 file structure; Microsoft CryptoAPI / CNG via minidriver; OpenSC compatible |
| Storage | Multiple key pairs; X.509 certificates; PKCS#15 directory |
| PIN policy | User PIN with retry counter; PUK reset; admin PIN for personalisation |
| Operating system | JavaCard 3.x with GlobalPlatform 2.3.1; PKI applet |
| Certification target | CC EAL5+ chip; SSCD/QSCD evaluation path on customer roadmap |
| MOQ | Pilot batches from 50 units; production from 500 units |
Issuing digital signature tokens at scale?
Tell us your target jurisdiction, certificate authority, and volume. We can personalise the tokens on our line so you do not have to.