AmbiSecure IoT Security Applets
JavaCard applets purpose-built for IoT device identity. Each applet adds one capability to a secure element — secure provisioning, on-device attestation, mutual-TLS credential storage, signed-firmware verification — without locking the device to a specific cloud or fleet platform. The applets sit on top of the IoT Security Chipset; the device's MCU never sees the private key.
Five applets that cover the IoT trust lifecycle.
Provisioning applet
Set/Get Master Key, derive per-device identity at first boot, lock the secure domain. Compatible with manufacturing-line scripting; runs once, then refuses re-key without an admin ceremony.
Attestation applet
On-device signed attestation: the SE proves it’s the same hardware that was provisioned at the factory. Quote format is platform-agnostic; verifiers can be cloud-side or on-prem.
mTLS credential applet
X.509 client-cert storage with on-card key generation. The MCU does the TLS handshake through a thin shim; the private key stays inside the SE.
Signed update applet
Verify firmware-update signatures inside the SE. The applet returns a yes/no — the MCU can’t be tricked into accepting a tampered update even if the host code is compromised.
Key rotation applet
Rolling per-device keys with a host-driven schedule. Old keys archived (for forensic decrypt of historical telemetry) until the operator's retention policy expires.
Multi-applet co-residence
Up to five of these can live on a single CC EAL5+ chip variant, sharing the secure domain but isolated by GlobalPlatform access rules.
What is in the applet bundle.
| Operating system | JavaCard 3.x on a Common Criteria EAL5+ secure element. |
|---|---|
| Cryptography | ECC P-256 / P-384 (recommended); RSA 2048 / 3072 (legacy fleets); SHA-256 / SHA-384. |
| Communication | ISO/IEC 7816 (T=0 / T=1) for contact deployments; I2C for embedded SE variants paired with the IoT Security Chipset. |
| Personalisation | GlobalPlatform SCP03. Per-batch attestation certificate chain. Applet selection via standard AID handshake. |
| Host SDK | C / Rust shim libraries that talk to the SE over the device’s native bus. ~3 KB ROM footprint on a Cortex-M class MCU. |
| Volume | Engineering samples on request. Production volumes by the reel for industrial fleets. |
Where this fits in the bigger picture.
Product: IoT Security Chipset
The silicon these applets run on — the chip primitive.
Solution: Secure element integration
How to bring a secure element into a device platform end-to-end.
Blog: Secure IoT identity
Cornerstone read — the five applets in detail, threat model, host MCU integration.
Blog: APDU from first principles
The command set the host MCU uses to drive the applet.
Technology: Attestation
The cryptographic ceremony the attestation applet implements.
Technology: Secure elements
The silicon class the applets are written for.
Pilot IoT Security Applets.
Tell us your target chipset, host MCU, fleet size, and which applets you need (provisioning, attestation, mTLS, signed update, key rotation). We can ship engineering samples in 4–6 weeks.