We design, develop, and deploy custom secure-element applets on NXP JCOP 4.5 P71 — in both JavaCard and native C via NXP SecureBox. Our core specialty is blockchain and wallet applets: on-card transaction signing, key custody, and on-card policy. The same team also delivers FIDO2 authentication, PIV identity, and OpenPGP applets.
The NXP JCOP 4.5 P71 pairs a JavaCard virtual machine with NXP’s SecureBox coprocessor for native C execution. That dual capability is what sets our blockchain work apart: when a protocol needs a curve, hash, or signature scheme that standard JavaCard APIs cannot express, we implement it in SecureBox native C — on certified secure-element hardware.
The JCOP P71 exposes three distinct programming surfaces. Cryptnox has mastered all three,
enabling us to meet any custom development requirements.
These are not proofs-of-concept. Each project shipped to production hardware, passed
comprehensive test vectors, and enabled real transactions on live networks.
Keccak-256, BLAKE2 and Poseidon on secure elements
Zcash Orchard Shielded Transaction Signing
Zcash
Orchard signing
On-card
key custody
Live
on-chain verified
Ethereum 2.0 and Multi-Chain BLS Signatures
Eth 2.0
validator signing
Multi-chain
Filecoin · Chia
On-card
constant-time
Blockchain & Cryptocurrency
Custom hardware wallets for any blockchain protocol, including exotic curve and hash support unavailable in off-the-shelf products.
Financial Services & Payments
Payment applets, banking tokens, and the Cryptnox proprietary Card Wallet as a Service (C-WAAS) platform for financial-grade transaction security.
Digital Identity & Government
ePassports, government credentials, and high-assurance identity documents on CC EAL6+ certified hardware.
Enterprise Authentication
Custom FIDO2 security keys, corporate badge systems, and multi-application smart cards for enterprise identity programs.
IoT Device Security
Embedded secure element integration, device attestation, and secure firmware delivery for connected hardware platforms.
Headquartered in Geneva, Switzerland — one of the world’s strongest data protection and IP frameworks. Your project is protected by Swiss law from day one.
Years of hands-on development on NXP JCOP and SecureBox tooling — including native-C cryptography that the standard JavaCard environment cannot express.
Every methodology we apply has been validated in real Cryptnox products that ship to thousands of customers worldwide on the JCOP P71 platform.
Cryptnox holds granted and pending patents in the US, Europe, and China — a foundation of original innovation that underpins every engagement. View patent portfolio →
A structured five-phase process ensures your project is delivered securely, on schedule, and with
full IP ownership transferred to you at completion. Hover each phase to expand details.
Requirements Analysis &
Feasibility
We work with your team to capture cryptographic, performance, form-factor, and certification requirements. We assess feasibility on JCOP P71 and identify any constraints before any code is written.
Architecture & Prototype
We select the optimal development layer — JavaCard, SecureBox native C, or a hybrid — and deliver a working prototype with benchmarks for your review and approval.
Security Hardening &
Optimization
Side-channel mitigations, fault injection defenses, constant-time execution, and performance tuning are applied at this phase to meet production security standards.
Integration & Testing
Applet and host-side integration are completed together. We run comprehensive test vectors, interoperability testing, and stress tests before sign-off.
Production Deployment & Support
We support your manufacturing partner during initial card personalization and provide post-launch engineering support under an agreed SLA.
We develop the full range of smart-card applications: standard JavaCard 3.1 applets (PKI, signing, key management, GlobalPlatform secure channels), payment and banking applets, FIDO2/WebAuthn implementations, multi-application identity cards, and advanced NXP SecureBox native C implementations for non-standard cryptography — custom elliptic curves, exotic hash functions, and novel signature schemes such as RedDSA/Pallas, BLS12-381, and Poseidon.
NXP SecureBox is a native C execution environment that runs alongside the JavaCard VM on the JCOP P71. It lets us implement cryptography that JavaCard’s high-level API cannot express — exotic curves, custom hash functions, and signature schemes outside the standard library — while still using the FAME3 cryptographic coprocessor that powers the certified JavaCard primitives. SecureBox is the only path to hardware-rooted signing for blockchain protocols that rely on non-standard cryptography (Zcash Orchard, Ethereum 2.0 BLS, Mina, StarkNet) without sacrificing the secure element’s tamper-resistance.
A full engagement typically runs 6–12 months. Architecture and prototype: 2–3 months. Applet development and on-card integration: 3–6 months. Host-side integration (mobile/desktop SDK, backend) and benchmarking: 1–2 months. Card personalization and production rollout: 1–2 months. If Common Criteria evaluation is required, add 6–12 months for the certification lab on top.
Custom applet code, business logic, and project-specific integrations are owned by the client. Cryptnox retains rights to its pre-existing libraries, SecureBox utilities, and host-side SDKs that are reused across projects. Specific IP terms — including exclusivity, source-code escrow, and rights to derivative works — are negotiated per engagement and captured in the Master Services Agreement.
For the development phase we supply 50–100 prototype cards for engineering and integration testing. For production, MOQs typically start at 1,000–5,000 cards depending on the chip variant and personalization complexity. We can advise on volume pricing once the bill of materials and personalization profile are defined.
Yes. We deliver host-side SDKs for iOS (Core NFC), Android (NFC and USB OTG via the Cryptnox Wallet app), and Windows/macOS/Linux desktop middleware (PC/SC), along with REST and GraphQL backend services. We have shipped integrations against Microsoft Entra ID, Okta, custom KMS/HSM stacks, and bespoke enterprise platforms — integration with your existing IAM is part of the standard engagement scope.
The JCOP 4.5 P71 base platform is Common Criteria EAL6+ certified by NXP. For custom applets we support composite evaluation (typically CC EAL4+ on top of the EAL6+ base) and FIPS 140-3 validation. Cryptnox provides design documentation, security policy, test vectors, and engineering support for the certification lab; the client funds the lab fees.
White-label crypto wallet cards — our productized custom-development offering.
Granted and pending patents across the US, Europe and China.
White-label hardware wallet cards for any blockchain protocol — including non-standard cryptography. Learn more →
Card-form-factor FIDO2 keys for enterprise authentication and passkey deployments. Learn more →
Our shipped NFC hardware-wallet card on an EAL6+ secure element.
Real-world SecureBox / JavaCard projects on NXP JCOP P71 — verified on production hardware. Learn more →
