Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
Biometric FIDO2 Smart Card

AmbiSecure OnePass Bio Card

A FIDO2 smart card with an on-card fingerprint sensor. Match-on-card — the template never leaves the secure element. No PIN. No reader. No shared secret.

FIDO2BiometricMatch-on-cardNFCDiscoverable credentials
Request datasheet View OnePass Card
AmbiSecure OnePass Bio Card — FIDO2 smart card with on-card fingerprint sensor
Why bio-on-card

When the badge is also the biometric.

Match-on-card

Fingerprint template is captured, stored, and matched entirely inside the card's secure element. The template is never read out, transmitted, or copied to a host.

No central store

There is no enrollment database to breach. Each card carries its own user's reference template, sealed in the chip.

No PIN, no reader

The user authenticates by touching the card. No PIN entry on a shared keyboard. No external biometric reader.

Phishing-resistant

FIDO2 binds the credential to the relying party origin. The biometric becomes the user verification factor under WebAuthn.

AAL3-eligible

Two-factor (possession + inherence) on a single card, suitable for NIST 800-63-3 AAL3 architectures.

Same form factor

Compatible with existing badge issuance lines, reader infrastructure, and door access controllers. Replaces, not adds.

Specifications

What is on the card.

Form factorISO/IEC 7810 ID-1, 85.6 × 53.98 mm; capacitive fingerprint sensor on card surface
InterfacesISO/IEC 14443 Type A (NFC); ISO/IEC 7816 contact (variant SKU)
ProtocolsFIDO2 (CTAP2.1) with internal user verification; FIDO U2F
BiometricOn-card capture, on-card storage, on-card match (Match-on-Card). ISO/IEC 19794-2 minutiae template
CryptographyECC P-256 (FIDO2); ECC P-384 (optional); SHA-256 / SHA-384
Resident credentialsUp to 25 discoverable credentials
Operating systemJavaCard 3.x with GlobalPlatform 2.3.1
Certification targetFIDO Certified L1 (target); Common Criteria EAL5+ chip; FIDO Biometric Component certification path
PersonalisationCompatible with our Bio Enrollment App and Multi-Card Applet Loading Tool
MOQPilot batches from 100 units; production from 1,000 units
Lifecycle

Enrollment, in user hands.

The card never leaves the user during enrollment. The template is created where it lives.

01

Issue

Card is personalised with FIDO applet, AAGUID, and attestation cert.

02

Hand to user

User receives card with no biometric template yet enrolled.

03

Enroll

User touches the on-card sensor through the Bio Enrollment App. Template is created on-card.

04

Bind

First WebAuthn registration. Template now gates user verification.

05

Use

Tap-and-touch authentication thereafter. No central store, no replay surface.

Connected reading

Where this fits in the bigger picture.

Solution: Passwordless MFA

Why hardware-bound credentials are the only enterprise MFA path that scales beyond OTP.

View solution →

Service: Bio Enrollment App

Our companion enrollment tooling for biometric cards.

View service →

Technology: FIDO

How FIDO2 is built — CTAP2, WebAuthn, attestation — and how user verification fits in.

View technology →

Pilot a hundred OnePass Bio Cards.

Tell us your enrollment workflow, target deployment, and certification target. We can usually ship a personalised pilot batch within 8–10 weeks.

Request a pilot