Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
Trust center

Trust, certifications, and disclosures.

A single page that points buyers, auditors, and security teams at the four documents that matter most when evaluating AmbiSecure: our certification posture, our standards conformance, our security model, and our vulnerability-disclosure practice.

CERT

Certifications

What we are actively certified for, the standards we build to, certifications we are targeting, compliance frameworks we support, and the legacy trust badges — reproduced as-is.

View certifications →
STD

Standards conformance

FIDO U2F / FIDO2 / WebAuthn, JavaCard 3.x, GlobalPlatform 2.3.1, ISO 7816, ISO 14443, NIST SP 800-73, GSMA SGP.22 / SGP.32. Verifiable via our utility tools.

View technologies →
SEC

Security model

How AmbiSecure products achieve hardware-rooted assurance — secure-element silicon, applet firewall, SCP03 personalisation, attestation, lifecycle keys.

View about →

Vulnerability disclosure

If you believe you have identified a security vulnerability in an AmbiSecure product, applet, validation server, or tool, we want to know about it before anyone else does.

  • How to report: Email support@ambimat.com with subject prefix [security-disclosure]. Include affected product / version, reproduction steps, observed impact, and your preferred handle for credit.
  • What we commit to: Acknowledge receipt within 3 business days. Initial assessment within 10 business days. Coordinated disclosure timeline agreed with the reporter.
  • Safe harbour: Researchers acting in good faith on this disclosure channel will not be subject to legal action by AmbiSecure for the reported research.
  • What is in scope: AmbiSecure products, applets, validation server, personalisation tooling, and the public AmbiSecure web property at ambisecure.ambimat.com.
  • What is out of scope: Denial-of-service of public infrastructure, social engineering of staff, attacks against customer deployments not run by AmbiSecure, and physical attacks against silicon partners’ supply chain (refer to those vendors directly).

Trust documents on request

Procurement-grade documents (per-product datasheets, SCP03 key-ceremony procedures, FIDO Certified product certificate IDs, vendor-security-questionnaire responses) are available under NDA. See the trust-documents list on the certifications page for the full menu.

Need a security or compliance review?

Tell us your evaluation framework, your timeline, and the documents you need. We respond within two business days.

Talk to our security team