Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
Solution

JavaCard applet deployment — what actually ships.

JavaCard is the applet platform that runs inside ~95% of contact and contactless smart cards in the world. AmbiSecure designs, writes, loads, and personalises applets — FIDO, PIV, OpenPGP, and custom — on chips that ship at scale.

What a JavaCard applet looks like

An applet is a Java class that extends javacard.framework.Applet and runs inside a JavaCard Virtual Machine on the secure element. It receives APDUs through a single entry point (process(APDU)), reads from the APDU buffer, and writes back its response. Everything happens in tens of kilobytes of EEPROM.

The applet runs alongside other applets on the same card, isolated by the JCVM firewall. Multiple applets coexist; selection is by AID. The applet platform handles allocation, persistence, transaction atomicity, and access control.

Applet families we ship

FIDO

FIDO2 applet

U2F + CTAP2.1, resident credentials, on-card PIN. Powers OnePass Card.

PIV

PIV applet

NIST SP 800-73 PIV interface for legacy government and enterprise PKI integrations.

OpenPGP

OpenPGP card applet

RFC 4880 / OpenPGP card spec. PGP signing, decryption, authentication keys.

EMV

Payment applets

VISA / Mastercard / Discover / RuPay applet personalisation flows.

eID

National eID applets

eIDAS-qualified credential issuance under customer roots.

Custom

Bespoke applets

Closed-loop ticketing, secure messaging, application-specific protocols. Designed to your spec.

Workflow

1Spec

Define the applet's threat model, APDU surface, persistent state, key model. Map to JavaCard idioms.

2Implement

JavaCard 3.x. Constant-time crypto where the platform allows. Atomic transactions for persistent state. Memory-conscious design.

3Verify

Test against APDU vectors. Off-card verifier (the JavaCard verifier shipped with the toolchain). On-card smoke testing on target silicon.

4Personalise

Load via SCP03; install; lock. Per-card key diversification at the personalisation line.

5Field

Lifecycle management via GlobalPlatform: install, update, terminate. SCP03 secure channel for all card-management operations.

Where to start

JavaCard reference

The platform.

Read →

CAP structure explorer

Decode CAP file components.

Tool →

JavaCard Applets product

The applet families we ship.

View →

Need a custom JavaCard applet?

From spec to shipment, on chips you select. Closed-loop ticketing, secure messaging, custom PKI — all delivered by an in-house team that has shipped applets at scale.

Discuss your applet