Standards Compliance

|
  1. Introduction
  2. Built on International Biometric Standards
  3. Certified Security Foundation
  4. Global Trust Through Open Standards
  5. Frequently asked questions

How APPSCARD products alin with loal standards required in governmental and corporate security sensitive applications.

Introduction

Billions of smart cards are deployed every year for payment, government ID, transport, and corporate access. Their success depends on one principle — standardization. Standards ensure interoperability between vendors, consistent testing and certification, and long-term trust in every issued credential.

For governments and enterprises, open standards mean freedom from single-vendor dependency and confidence that certified components meet security, quality, and interoperability requirements. Proprietary solutions, by contrast, create lock-in, uncertainty, and risk.

The APPSCARD Digital Identity Platform is designed from inception to meet and advance these global standards — providing a truly open, secure, and certifiable foundation for next-generation identity systems.

Built on International Biometric Standards

At its core, the platform implements the ISO/IEC 17839 Biometric System-on-Card (BSoC) architecture — a complete biometric system contained within the card itself. Biometric capture, processing, comparison, and decision all occur locally, ensuring data never leaves the user’s device. This decentralized model eliminates external databases and prevents biometric leakage, maximizing privacy and trust.

The platform adopts the ID-T form factor (ISO/IEC 18328-2), providing space for a high-performance ISO/IEC 17839-2 Class D compliant fingerprint sensor that has been derived from FAP10 as specified in NIST SP 500-290 and FBI PIV standards. This sensor class supports one-touch enrollment, high-resolution imaging (≥ 500 ppi), and reliable matching across virtually all users — essential for government-grade deployments.

Biometric templates follow ISO/IEC 19794-2 minutiae formats, fully compatible with the NIST MINEX III certification framework and large-scale identity programs such as national e-ID and border control systems.

Certified Security Foundation

The APPSCARD secure element and operating system comply with the Common Criteria (ISO/IEC 15408) framework. Hardware achieves EAL 6+, and the OS targets EAL 4+, ensuring verified resistance to both logical and physical attacks.

The platform implements JavaCard 3.1 and GlobalPlatform 2.3.1, enabling trusted lifecycle management, secure applet deployment, and cross-vendor interoperability.

FIDO2 — Standardized Trust for the Digital World

To extend security into online environments, APPSCARD integrates FIDO2, enabling password-less, cryptographically protected, asynchronous communication between users and digital services. This bridges physical and digital authentication into one consistent, standards-based experience — the same credential securing both door access and digital login.

Global Trust Through Open Standards

By adhering to the world’s leading standards — ISO, NIST, Common Criteria, GlobalPlatform, and FIDO — the APPSCARD platform establishes itself as a government-grade, future-proof digital identity foundation.

It ensures interoperability across borders and industries, empowering governments, enterprises, and citizens with security that is verifiable, open, and trusted by design.

Frequently Asked Questions

Why use standardized minutiae when the biometric data never leaves the card? Wouldn't a proprietary solution be just as good?:
At a first glance, proprietary solutions may be acceptable in a BSoC. Relying on standardized components and data formats, however, has several advantages: Firstly, biometric performance testing can happen with standardized procedures. Secondly, importing or exporting of biometric data is possible, e.g. for de-duplication, which is a requirement in many sensitive applications. Finally, it creates transparency and less dependency on a single vendor.:
Is the fingerprint sensor in your card FAP10 certified?:
The sensor satisfies the requirements by NIST for the FAP10 sensor category. If it was mounted into a desktop reader, it could obtain certification. Our product is a Biometric System-on-Card, and we exploit the government grade sensor in this context, compliant with ISO/IEC 17839-2 Class D. The sensor specs for this category were derived from FAP10.:
Is your product FIDO certified?:
The system architecture, device design and all the components have been chosen carefully with security applications including FIDO in mind. We target FIDO2 certification in 2026.: