Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
JavaCard Applet Platform

AmbiSecure JavaCard Applets

A platform of JavaCard applets and matching authenticator form factors. FIDO. PIV. OpenPGP. Door access. Certificate storage. NDEF. OpenID Connect. SCP02. Biometric variants. Secure storage. IoT key management. Loadable on the same physical chip.

JavaCard 3.xGlobalPlatform 2.3.1SCP03Multi-applet
Request applet matrix Service: JavaCard Development
AmbiSecure JavaCard applet matrix — twelve applets, one chip, AID-selectable
Applet matrix

Twelve applets. One chip. Selectable by AID.

Mix and match. A single physical card or token can carry FIDO + PIV + OpenPGP + Door Access at the same time, isolated by the JCVM firewall.

FIDO

FIDO2 applet

FIDO Alliance certified hardware authentication. CTAP2.1 with resident credentials. Powers OnePass Card, USB Key, BioKey, Tappable.

PIV

PIV applet

NIST SP 800-73 compliant. Interoperable with Windows, Linux, and macOS PIV stacks for legacy government and enterprise PKI.

Door

Door Access

Physical access control via card tap on electrical door readers. Pairs with the FIDO applet for one-card identity.

X.509

Certificate Storage

Secure storage of PEM or PFX certificates inside the secure element. Audit-friendly issuance.

PGP

OpenPGP

RFC 4880 / OpenPGP card spec. PGP signing, decryption, and authentication keys for file and email crypto.

NDEF

Business Card (NDEF)

Contact information exchange via NFC tap. Brandable, programmable URL or vCard payload.

OIDC

OpenID Connect

End-user identity verification and profile retrieval. REST-like flows over the same applet platform.

SCP02

SCP02

Smart card authentication mechanism for legacy issuer keysets. Bridges modern FIDO + classic GP.

BIO-FIDO

FIDO Biometric

Fingerprint-based passwordless authentication. Match-on-card / match-on-device variants.

BIO-PIV

PIV Biometric

NIST-compliant biometric variant. Combines PIV interoperability with on-card fingerprint UV.

Notes

Secure Storage

Text storage for 200+ records with biometric authorisation. Designed for high-trust offline data.

IoT

IoT Security

Set/Get Master Key, Key Pair Generation, data signing. The applet behind our IoT Security Chipset.

Platform specifications

What runs the applets.

VMJavaCard 3.x; JCVM with applet firewall isolation
Card OSGlobalPlatform 2.3.1 with Amendment D SCP03
LoadingCAP file load over SCP03 or SCP02 secure channel
PersonalisationPer-issuer key derivation; per-card credential injection on our line
CryptographyECC P-256 / P-384; RSA 2048 / 3072 / 4096; AES-128 / 256; SHA-2; HMAC; ECDSA
Standards coveredFIDO U2F, FIDO2 CTAP2.1, W3C WebAuthn, NIST SP 800-73 PIV, RFC 4880 OpenPGP, ISO/IEC 7816-3/4, ISO/IEC 14443
Chip targetCC EAL5+ secure element
Form factorsID-1 card, USB-A / USB-C key, NFC fob, NFC sticker, embedded SE
Connected reading

Where this fits in the bigger picture.

Service: JavaCard Development

Custom applet engineering, from spec to CAP file.

View service →

Solution: JavaCard Applet Deployment

How an applet ships from spec to user.

View solution →

Reference: JavaCard CAP Components

The 12 components inside a CAP file, decoded.

View reference →

Need a custom applet, signed under your roots?

Tell us your spec, target chip, and certification target. We have shipped FIDO, PIV, OpenPGP, payment, and bespoke applets at scale.

Request applet matrix