Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
Product · biometric PIV

AmbiSecure PIV Bio Card.

PIV-compatible applet on a biometric smart card — on-card fingerprint capture and match, with the template stored only inside the CC EAL5+ secure element. Three-factor authentication (something you have + know + are) on a single ID-1 surface, without a host fingerprint reader and without biometric data ever leaving the card.

PIV (FIPS 201 functional) On-card fingerprint match Match-on-card (no host data leak) 7816 contact + 14443 contactless CC EAL5+ silicon
What it does

Biometric + PIV on a single card.

Match-on-card biometrics

Fingerprint capture by the on-card sensor; match performed inside the secure element. The biometric template never leaves the card, never crosses a host driver, never enters a workstation. Privacy-by-construction.

Three-factor authentication

Something you have (the card), something you know (the PIV PIN), something you are (your fingerprint). One ID-1 surface satisfies the highest assurance level (NIST AAL3) without a separate biometric reader on the host.

Privacy-preserving deployment

No biometric database on the issuer side. No GDPR-relevant biometric data stored centrally. The template is sealed to the card at enrolment and is destroyed when the card is destroyed.

Same PIV API as the standard card

Identical four-slot certificate API. Windows / macOS smart-card logon, PKCS#11, minidriver flows all work unchanged. The biometric simply gates access to the private keys instead of a typed PIN.

Specifications

Where the bio card fits.

Audience

High-assurance workforce programmes, government PIV-I / PIV-C deployments needing AAL3, regulated industries (defence, finance, healthcare), and any environment where a typed PIN is too easily shoulder-surfed.

Enrolment

Fingerprint capture during card personalisation via the AmbiSecure Bio Enrollment App. Multiple fingers can be enrolled per card; the issuer policy controls how many matches are required.

Battery + power

No battery on the card. Power is drawn from the contact reader or the 14443 contactless field during use. Same wallet-friendly footprint as the standard ID-1 card.

Fallback

PIN fallback is configurable per issuer policy — allow PIN if a finger is injured, require biometric, or require both. The decision is enforced inside the applet, not on the host.

Related

PIV Smart Card

The non-biometric PIV ID-1 card — same applet, PIN gate only.

View product →

PIV in a nano-card / MFF2 secure element

Same applet, 4FF nano-card form factor — for embedded identity programmes.

View product →

PIV USB Key

Same applet in a keychain USB-A / USB-C form factor.

View product →

Bio enrollment app

Tool-chain for capturing and sealing fingerprint templates into cards.

View tool →

Government identity

PIV + eID deployment shapes for national and contractor programmes.

View solution →

Biometrics & privacy

Why match-on-card is the right pattern for biometric authentication.

Read article →

Need a biometric pilot in a regulated environment?

The engineers who design the enrolment flow are the same people who answer your contact form.

Start a conversation