AmbiSecure OnePass Card
A FIDO2 smart card with resident credentials. Tap or insert — no PIN entry, no shared secret, no phishable seed. Brandable, deployable as employee ID and authenticator in one.
When the security key needs to be the badge.
Two devices in one
Replace the corporate badge and the security key with a single card. Lower issuance cost, fewer items lost.
Phishing-resistant
FIDO2 binds the credential to the relying party origin. Adversary-in-the-middle phishing pages cannot harvest it.
Brandable
Custom artwork, employee photo, magnetic stripe, embossing, contactless logo. Looks like a badge, works like a Yubikey.
Battery-free
Powered by NFC field or USB. Thousands of authentications without service.
Resident credentials
Discoverable credentials for username-less, passwordless flows — the smoothest authentication UX FIDO2 offers.
Auditable
Cards are issued through your existing badge personalisation line, or our personalisation tooling. Every key has provenance.
What is on the card.
| Form factor | ISO/IEC 7810 ID-1, 85.6 × 53.98 mm, ISO/IEC 7816 contact + ISO/IEC 14443 Type A contactless |
|---|---|
| Interfaces | NFC (ISO/IEC 14443 Type A); USB-A or USB-C (variant SKU) |
| Protocols | FIDO2 (CTAP2); FIDO U2F (CTAP1); PIV-compatible applet (optional SKU) |
| Cryptography | ECC P-256 (FIDO2); ECC P-384 (optional); RSA 2048 / 3072 (PIV); SHA-256 / SHA-384 |
| Resident credentials | Up to 25 discoverable credentials (depending on chip variant) |
| Operating system | JavaCard 3.x with GlobalPlatform 2.3.1 |
| Certification | FIDO Certified L1 (target); Common Criteria EAL5+ chip |
| Personalisation | Compatible with our Multi-Card Applet Loading Tool, NDEF Personalisation Tool, and Security Key Manager |
| Customisation | Artwork, photo ID, magnetic stripe, embossing, NDEF URL, logo |
| MOQ | Pilot batches from 100 units; production from 1,000 units |
From wafer to wallet.
A FIDO card is only as trustworthy as the line that personalised it. Here is how ours works.
Chip
Common Criteria EAL5+ secure element from a partner vendor.
Applet load
FIDO + optional PIV/OpenPGP applets loaded over SCP03.
Personalise
Issuer keys derived per-card. Credentials, AAGUID, attestation cert.
Brand
Artwork, photo, embossing, magnetic stripe.
Issue
Hand to user. Existing badge issuance lines work fine.
Where this fits in the bigger picture.
Solution: Passwordless MFA
Why hardware-bound credentials are the only enterprise MFA path that scales beyond OTP.
Technology: FIDO
How FIDO2 is built — CTAP2, WebAuthn, attestation — and what cards bring to it.
Blog: Implementing FIDO2
A complete developer walkthrough of FIDO2 with code that compiles.
Pilot a hundred OnePass Cards.
Tell us your form factor preference, target deployment, and certification target. We can usually ship a personalised pilot batch within 6–8 weeks.