Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
Technologies

The standards we work to, in plain language.

Solutions tell you what we solve. Technologies tell you how — the protocols, applets, chips, and specifications we build with day-to-day. Each section links to the products that depend on it and the blog posts that go deeper.

JC

JavaCard

Bytecode-based applet platform that runs on most secure elements. JavaCard 3.x APIs, CAP file format, applet lifecycle, install parameters, transient memory.

Explore JavaCard →
SE

Secure Elements

Tamper-resistant chips that hold keys and run cryptographic operations in hardware. SE vs TEE vs TPM vs HSM — what each is good for and where they fail.

Explore Secure Elements →
FIDO

FIDO & WebAuthn

Phishing-resistant authentication built on public-key cryptography. CTAP1 / CTAP2, attestation, AAGUIDs, resident credentials, MDS.

Explore FIDO →
NFC

DESFire

ISO/IEC 14443 contactless, MIFARE DESFire EV1/EV2/EV3 authentication, session keys, TMAC, key diversification. Where the chip says “91 AE” and you need to know why.

Explore DESFire →
SAM

Secure Access Module

SAM-AV3 architecture, host-to-SAM protocol, key derivation, transit validator integration. The silicon that makes offline trust possible.

Explore SAM →
FLOW

Reader / Card / SAM Flow

End-to-end sequence diagram of what happens when a card is tapped on a SAM-backed reader. Every APDU, every session key, every TMAC.

Explore the flow →
WAU

WebAuthn

W3C WebAuthn level 2, attestation statement formats, COSE keys, user verification, AAGUID lookup, MDS. The browser side of FIDO2.

Explore WebAuthn →
CTP

CTAP2

Client-to-Authenticator Protocol v2.1. CBOR-encoded commands, PIN/UV auth protocol, large-blob, credBlob, configurable PIN policy.

Explore CTAP2 →
ATT

Attestation

How an authenticator proves which kind of authenticator it is — attestation statement formats, AAGUIDs, packed / fido-u2f / tpm formats, MDS verification.

Explore attestation →
PSK

Passkeys

Multi-device credentials and the device-bound vs synced credential distinction. Where passkeys make recovery easier and where they soften enterprise assurance.

Explore passkeys →
eSIM

eSIM & eUICC

Telecom-grade embedded identity, eSIM/eUICC architecture, SGP.22 / SGP.32, profile lifecycle — explored on the dedicated Ambimat eSIM Initiative property.

eSIM Initiative →
Cross-reference

From a technology to a product to a tool.

Every technology page lists the products that depend on it, the relevant blog posts, and any utility tools that might save you fifteen minutes today.

TechnologyProductsToolsPillar post
JavaCardOnePass Card, JavaCard AppletsCAP Inspector, SCP03 WalkthroughJavaCard from first principles
FIDOOnePass Card, OnePass USB Key, BioKeyWebAuthn Attestation, COSE KeyImplementing FIDO2
NFC & DESFireTappable, OnePass CardNDEF Decoder, DESFire StatusDESFire EV3 in production
eSIMeSIM InitiativeICCID, EIDeSIM RSP architecture →
APDUAll card productsAPDU Parser, SW1/SW2 LookupAPDU from first principles