Cryptnox FIDO2 Card technical specifications

Applet characteristics

• U2Fv2, FIDO 2.0 and FIDO 2.1 standards
• NFC ISO 14443 contactless and ISO 7816 contact interfaces
• EC Digital Signature (ECDSA) with NIST P256 (256R1) parameters
• 32 bits signature counter, reset to 0 upon authenticator reset
• Multiple accounts per Relying Party
• Resident keys credentials (64 credential slots)
• CredManagement commands

Operating System Compatibility (FIDO2)

• Windows 10/11: full FIDO2 / passkey support
• iOS: FIDO2 over NFC on iPhone 7+ running iOS 13.3 or later
• Android: external NFC keys mainly via CTAP1 / U2F second-factor (older FIDO1 protocol); not full FIDO2 / passwordless
• macOS: FIDO2 over NFC support varies by macOS version and browser
• Linux: FIDO2 sign-in requires the open-source Cryptnox FIDO2 HID bridge

Card body

• ISO 7810 ID-1 format (CR80, credit-card size)
• Durability: ISO 7816 / 14443 smart-card lifecycle — typically rated for 500,000+ contactless transactions

Chip platform certifications

The Cryptnox FIDO2 applet runs on NXP’s SmartMX3 P71 secure-element platform. Two chip variants are used across the FIDO2 product line:

• Single-application FIDO2 cards (no MIFARE applet) — JCOP 4.5 on P71D600:
  • FIPS 140-3 Overall Level 3 with Physical Security at Level 4 — NIST CMVP certificate #4679 (validated 2025)
  • Common Criteria EAL5+ augmented (with AVA_VAN.5 — highest vulnerability-analysis tier) — NSCIB-CC-0313985
• Combo FIDO2 + MIFARE DESFire EV2 cards — JCOP 4 on P71D321:
  • FIPS 140-2 Overall Level 3 with Physical Security at Level 4 — NIST CMVP certificate #3746
  • Common Criteria EAL 6+ augmented — NSCIB-CC-180212_3
  • MIFARE DESFire EV2 applet (running alongside the Cryptnox FIDO2 applet on the same chip): Common Criteria EAL5+

Both platforms include an AIS-31 compliant True Random Number Generator at the chip level (used as entropy source for FIDO2 challenges, nonces, and key generation).

Note: these chip-level certifications cover the underlying secure-element platform. The Cryptnox FIDO2 applet itself carries the FIDO Alliance FIDO2 Level 1 certification (see Applet Certification section above). Cryptographic operations within the FIDO2 applet use NIST P-256 only — the platforms support additional curves (Brainpool, Secp256k1, etc.) but the FIDO2 applet does not expose them.