Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
Solution

Smart-card personalisation — the line, not just the card.

Personalisation is where issuer secrets meet pre-personalised cards under controlled conditions. The card is the cheap part; the line is the expensive part. AmbiSecure runs both, in-house, with HSM-rooted custody.

What personalisation actually does

A pre-personalised card from the silicon vendor has a fresh secure element with default keys, no applets, no per-card identity. Personalisation is the supervised process that:

  • Loads the issuer's applets (FIDO2, PIV, EMV, eID, transit) onto the card under SCP02 / SCP03 secure messaging.
  • Diversifies issuer master keys into per-card derivative keys using AES-CMAC (NXP AN10922) or equivalent.
  • Writes per-card identity (PAN, AAGUID + serial, eID number, transit fare media ID).
  • Loads attestation cert chain rooted in the issuer's CA.
  • Locks the card into ISSUED state per GlobalPlatform 2.3.1 lifecycle.
  • Records the card's identity in an issuance manifest signed by the issuer's HSM.

Each step is audited. Each step happens inside a tamper-evident facility. None of these steps can be repeated on a card after it leaves the line.

The line

INPUT

Pre-personalised cards

From silicon vendors, in batches with fresh default keys. Tamper-evident shipping.

HSM

Key custody

FIPS 140-2 Level 3+ HSM holds the issuer master keys. Diversification happens inside the HSM; per-card derivatives are exported only to the card under SCP03.

PERSONALISATION

Per-card flow

SCP03 channel; applet load + register + personalise + lock. Throughput depends on chip; 30-90 cards/hour per station typical.

OUTPUT

Manifest + cards

Each card paired with its row in a HSM-signed issuance manifest (UID, AID, AAGUID, serial). Cards graded out, packaged, dispatched.

What we ship

In-house line

Personalisation runs at our facility

Tamper-evident, audited, video-recorded. Customer can attend and verify.

In-country line

Customer-controlled facility

For sovereign deployments. We supply the line; customer runs operations under their HSM.

Mixed

Personalisation-as-a-service

Pre-personalisation by us; final personalisation (per-cardholder data) by the customer's in-country facility.

Manifest

HSM-signed audit trail

Every card ships with a manifest entry the customer's RP can validate against attestation at registration time.

Standards we track

StandardCoverage
GlobalPlatform 2.3.1 + Amendment D (SCP03)YES — applet load, register, personalise, lock under SCP03 secure channel.
FIPS 140-2 / 140-3 Level 3YES — HSM custody for issuer master keys.
Common Criteria EAL5+YES — secure-element platforms supported.
FIDO Alliance attestationYES — per-batch attestation cert installed at line; AAGUID + serial recorded in manifest.
EMV personalisationYES — VISA / Mastercard / Discover / RuPay personalisation flows supported.
eID issuanceYES — eIDAS qualified-credential issuance possible under customer roots.

Where this fits

OnePass Card

The card we personalise.

View →

Government identity

Sovereign issuance under customer roots.

Solution →

Closed-loop ticketing

DESFire personalisation with per-card diversification.

Solution →

Pricing a personalisation line?

Tell us your volumes, your standards, your jurisdiction. We will price the line and quote the lead time.

Request a quote