Government identity — high-assurance, attestation-anchored.
Government identity programmes carry constraints that consumer flows do not: certified hardware, explicit attestation, supply-chain accountability, FIPS / Common Criteria evaluation, sovereign data residency, and audit posture that survives a multi-year deployment. AmbiSecure ships the platform that meets the bar.
The compliance perimeter
Government identity must satisfy multiple overlapping standards. The combinations vary by jurisdiction, but the recurring requirements are:
- NIST SP 800-63-3 AAL3 — phishing-resistant authenticator with hardware-bound multifactor cryptography. WebAuthn with attestation-pinned hardware satisfies.
- FIPS 140-2 / 140-3 Level 3+ — for the cryptographic module. Often required for federal civilian use; mandatory for some classified contexts.
- Common Criteria — EAL4+ minimum for cards / authenticators in many EU government deployments.
- OMB M-22-09 (US federal) — phishing-resistant MFA mandatory for all federal employees.
- eIDAS (EU) — qualified electronic signatures and identification require hardware-rooted credentials.
- Sovereign supply-chain — some jurisdictions require manufacturing or final-personalisation in-country.
Architecture overview
In-country line
Final personalisation at a customer-controlled facility. HSM-backed key custody. Per-card diversification. Auditable issuance.
Multi-applet card
FIDO2 + PIV + PKI eID applets on one card. CC EAL5+ secure element. Doubles as physical credential.
Sovereign trust roots
Customer-rooted attestation. AAGUID and serial recorded against issuance manifest.
FIDO Validation Server
Customer-deployed; air-gap-tolerant for sovereign / classified deployments.
Deployment scenarios
Federal employee credential
FIDO2 on smart-card body for OMB M-22-09 compliance. PIV interop for legacy systems.
Citizen identity card
Multi-applet card — eID + PKI signing + FIDO. eIDAS qualified.
Authenticated personnel
CC EAL5+ secure element. CAC-style form factor with FIDO2 added. Air-gap-tolerant deployment.
Healthcare workforce
Bio-card variant — UV via on-card fingerprint match without typing a PIN at shared workstations.
Security model
Three load-bearing properties for government identity:
- Hardware-rooted — not platform-bound. The credential lives in a CC-certified secure element that we manufacture. Not in a cloud account, not in a vendor sync.
- Attestation under sovereign trust roots. The customer can run their own attestation root chain — we ship cards under the customer's root, not ours.
- Auditable issuance. Every card has an HSM-backed birth certificate. The customer's issuance manifest is reconcilable against the active fleet at any moment.
Recommended capabilities
OnePass Platform
Authenticators + issuance + validation.
OnePass Card
Multi-applet (FIDO2 + PIV) on CC EAL5+ secure element.
PIV Nano-Card Applet
PIV-compatible applet on a nano-card secure element — four certificate slots, RSA + ECC, FIPS 201 functional surface.
ePassport Platform Engineering
End-to-end ICAO 9303 platform — backend, frontend, CSCA / DSC / PKD PKI, enrolment, personalisation.
In-country personalisation
Sovereign issuance line with HSM-backed key custody.
Government identity programme on the horizon?
We have shipped under sovereign personalisation, sovereign attestation roots, and air-gapped validation deployments. Tell us about your jurisdiction.