We develop custom NFC smart card solutions on NXP JCOP 4.5 P71 — dual-interface cards combining contact and contactless communication for enterprise access control, identity, authentication, and blockchain applications.
Near Field Communication (NFC) is a short-range wireless protocol operating at 13.56 MHz, derived from the ISO 14443 contactless smart card standard. Unlike simple NFC tags that store static data, NFC smart cards contain a full secure element — a tamper-resistant microprocessor capable of executing cryptographic operations and storing secrets that can never be extracted.
NFC smart cards communicate using the ISO 7816 APDU protocol over a contactless channel. This means the same command-response model used by contact smart cards in banking, government ID, and access control is available wirelessly, within a 4 cm range. Every modern smartphone supports this standard, making NFC smart cards universally readable without any special hardware beyond the card itself.
The NXP JCOP 4.5 P71, which forms the core of Cryptnox’s custom NFC developments, is a dual-interface secure element — it supports both contact (ISO 7816) and contactless (NFC/ISO 14443)communication simultaneously using the same applets and the same cryptographic keys. A single card can be tapped against a phone, inserted into a card reader, or used at an access control terminal, with identical security guarantees in each scenario.
The cryptographic capabilities available over NFC include ECDSA, EdDSA, RSA, and AES — the same algorithms that protect banking transactions, national identity documents, and hardware security modules. When paired with Cryptnox’s JavaCard firmware and SecureBox native C implementations, NFC smart cards become capable of operations that were previously exclusive to air-gapped hardware security modules.
NFC operating frequency
Smartphones with NFC worldwide
NFC smart card standard
Enterprise environments require NFC smart cards that go well beyond URL sharing or simple access badges. Cryptnox designs and delivers complete NFC smart card systems — from the Java Card applet running inside the secure element through to the mobile SDKs and backend services that interact with the card in production.
Physical door access combined with logical computer access and FIDO2web authentication — all on a single dual-interface card. Employees tap to enter a building, insert to unlock their workstation, and tap their phone to authenticate to web applications with passwordless FIDO2.
Qualified electronic signature keys stored in the secure element, eIDAS-compliant, enabling tap-to-sign workflows on any NFC-capable smartphone or NFC card reader connected to a computer. Private keys never leave the card — every signature is computed inside the secure element.
Smart cards at enterprise volumes are significantly less expensive than USB keys per unit. Combined with reduced helpdesk burden from lost or broken tokens, the total cost of ownership improvement is substantial at deployments of 1,000 seats or more.
End-to-end delivery including NFC antenna design and card body manufacturing coordination, JCOP P71 JavaCard applet development, iOS and Android SDK integration, backend API and key management infrastructure, and personalization and card issuance systems.
A Cryptnox NFC smart business card is fundamentally different. Built on the NXP JCOP 4.5 P71
secure element, each card contains a unique cryptographic identity — a private key that can sign
challenges to prove the card is genuine and belongs to a specific individual. When someone taps
your card, the verification app does not just read stored data: it challenges the card to sign a
random nonce, and only a card with the correct private key can produce a valid signature.
A Cryptnox NFC smart business card is fundamentally different. Built on the NXP JCOP 4.5 P71secure element, each card contains a unique cryptographic identity — a private key that can sign challenges to prove the card is genuine and belongs to a specific individual. When someone taps your card, the verification app does not just read stored data: it challenges the card to sign a random nonce, and only a card with the correct private key can produce a valid signature.
This cryptographic identity can be extended to carry FIDO2 credentials for passwordlessauthentication, digital signature certificates for document signing, and access control credentials forphysical and logical systems — all on the same card that you hand to a new contact. The businesscard becomes a security token, not just a contact information carrier.
The NXP JCOP 4.5 P71 supports GlobalPlatform multi-application environments, which means a single card can host multiple independent JavaCard applets — each isolated from the others at the hardware level, each managing its own cryptographic keys and data. A card issued for enterprise access control can simultaneously carry a cryptocurrency wallet, a FIDO2 authenticator, and a document signing certificate, with each application sandboxed from the others.
Cryptnox designs multi-application NFC card configurations for enterprise deployments where consolidating multiple security tokens into a single card reduces cost, simplifies key management, and improves user experience. Each application on the card can be managed independently —installed, updated, or revoked using GlobalPlatform Secure Channel Protocol — without affecting the other applications on the same card.
NFC tap-to-sign transactions for Bitcoin, Ethereum, and other blockchain networks. Private keys are stored in isolated key storage within the secure element — keys are
generated on-card and can never be exported. Signing operations are executed inside the secure element, with the result returned over NFC.
Passwordless login compliant with the WebAuthn standard, making the NFC card a roaming FIDO2 authenticator. Works with any browser and service that supports FIDO2 — tap on Android via NFC, or insert the dual-interface card into a contact reader on desktop.
Compatible with HID, LEGIC, and other major physical access control systems used in enterprise buildings. The NFC applet emulates the card formats expected by
existing access control infrastructure, enabling migration to cryptographically secure cards without replacing readers or backend systems.
Qualified and advanced electronic signature certificates managed inside the secure element, enabling document signing under the eIDAS framework. Signatures
produced on the card are legally binding in the EU and recognised in many other jurisdictions under equivalent electronic signature laws.
Access-controlled encrypted storage for sensitive data, including seed phrase backups, recovery codes, configuration data for enterprise applications, and personal notes. Data is protected by the card’s PIN and can only be read after successful authentication — tap and unlock.
One card replaces: hardware wallet + FIDO2 key + door badge + signature token
Our NFC smart cards are built on the NXP JCOP 4.5 P71 secure element and support ISO 14443 Type A for contactless communication, ISO 7816 for contact, and APDU command-response protocol, EMV Level 1 for payment-compatible card body and antenna specifications, MIFARE emulation for legacy access control compatibility, and FeliCa for deployments in markets where FeliCa-based infrastructure is prevalent. All standards operate over the same 13.56 MHz carrier frequency and can coexist in a multi-application card configuration.
Yes. Our dual-interface cards support both contact (ISO 7816) and contactless (NFC/ISO 14443) communication using the same secure element and the same JavaCard applets. A user can tap the card against an NFC smartphone, insert it into a USB contact card reader connected to a computer, or present it to a building access control terminal — all using identical authentication logic and the same cryptographic keys. There is no functional difference between the contact and contactless interfaces from the applet’s perspective.
Android supports NFC smart card communication via the IsoDep API available since Android 4.0 (API level 14), enabling full APDU exchange with ISO 14443-4compliant cards like the JCOP P71. iOS supports NFC smart card communication via the Core NFC framework with APDU support introduced in iOS 13. Cryptnox provides SDK wrappers for both platforms that handle the low-level NFC session management, leaving the application developer to work with clean, high-level APIs for card authentication, signing, and data operations.
Key management depends on the application architecture. For self-sovereign applications such as personal hardware wallets, keys are generated on the card during personalisation and never leave the secure element — there is no key escrow and no backup by design. For enterprise deployments requiring key backup or recovery, keys can be split using threshold schemes with shares distributed across multiple custodians, or wrapped under a key management system HSM) and injected during card personalisation via GlobalPlatform Secure Channel Protocol. Cryptnox designs the key lifecycle to match the specific security and operational requirements of each engagement.
A typical engagement covers JavaCard applet development and testing, iOS and Android SDK development, backend API integration, card personalisation tooling, and pilot card production. The scope varies significantly depending on whether the project requires a new applet from scratch or customisation of an existing Cryptnox applet, the complexity of the host-side integration, and whether physical card manufacturing coordination is in scope. Cryptnox provides a detailed technical scoping document after an initial consultation to align on requirements, deliverables, and timeline.
From access control to blockchain applications — one card, complete security.
Overview of our development capabilities on NXP JCOP 4.5 P71. Learn more →
NXP JCOP P71 secure element integration for IoT, payments, identity, and blockchain. Learn more →
JavaCard 3.1 applet development, JCOP 4.5 extensions, GlobalPlatform integration. Learn more →
White-label hardware wallet cards for any blockchain protocol — including non-standard cryptography. Learn more →
Card-form-factor FIDO2 keys for enterprise authentication and passkey deployments. Learn more →
Real-world SecureBox / JavaCard projects on NXP JCOP P71 — verified on production hardware. Learn more →
